external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

Upgrade openssl from 1.1.0e to 1.1.1b, with source code. 4.0.78

Browse source
This commit is contained in:
winlin 2021-03-01 20:47:57 +08:00
parent 8f1c992379
commit 96dbd7bced
1476 changed files with 616554 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -156,6 +156,7 @@ For previous versions, please read:
## V4 changes
* v4.0, 2021-03-01, Upgrade openssl from 1.1.0e to 1.1.1b, with source code. 4.0.78
* v4.0, 2021-03-01, Enable Object Cache and Zero Copy Nack by default. 4.0.77
* v4.0, 2021-02-28, RTC: Support high performance [Zero Copy NACK](https://github.com/ossrs/srs/commit/36ea67359e55c94ab044cee4b6a4ec901a83a287#commitcomment-47654868). 4.0.76
* v4.0, 2021-02-27, RTC: Support [Object Cache Pool](https://github.com/ossrs/srs/commit/14bfc98122bba369572417c19ebb2a61b373fc45#commitcomment-47655008) for performance. 4.0.75

356
trunk/3rdparty/openssl-1.1-fit/Configurations/00-base-templates.conf vendored Normal file
View file

@ -0,0 +1,356 @@
# -*- Mode: perl -*-
my %targets=(
DEFAULTS => {
template => 1,
cflags => "",
cppflags => "",
lflags => "",
defines => [],
includes => [],
lib_cflags => "",
lib_cppflags => "",
lib_defines => [],
thread_scheme => "(unknown)", # Assume we don't know
thread_defines => [],
apps_aux_src => "",
apps_init_src => "",
cpuid_asm_src => "mem_clr.c",
uplink_aux_src => "",
bn_asm_src => "bn_asm.c",
ec_asm_src => "",
des_asm_src => "des_enc.c fcrypt_b.c",
aes_asm_src => "aes_core.c aes_cbc.c",
bf_asm_src => "bf_enc.c",
md5_asm_src => "",
cast_asm_src => "c_enc.c",
rc4_asm_src => "rc4_enc.c rc4_skey.c",
rmd160_asm_src => "",
rc5_asm_src => "rc5_enc.c",
wp_asm_src => "wp_block.c",
cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c",
modes_asm_src => "",
padlock_asm_src => "",
chacha_asm_src => "chacha_enc.c",
poly1305_asm_src => "",
keccak1600_asm_src => "keccak1600.c",
unistd => "<unistd.h>",
shared_target => "",
shared_cflag => "",
shared_defines => [],
shared_ldflag => "",
shared_rcflag => "",
shared_extension => "",
#### Defaults for the benefit of the config targets who don't inherit
#### a BASE and assume Unix defaults
#### THESE WILL DISAPPEAR IN OpenSSL 1.2
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
AR => "ar",
ARFLAGS => "r",
CC => "cc",
HASHBANGPERL => "/usr/bin/env perl",
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
#### THESE WILL BE ENABLED IN OpenSSL 1.2
#HASHBANGPERL => "PERL", # Only Unix actually cares
},
BASE_common => {
template => 1,
enable => [],
disable => [],
defines =>
sub {
my @defs = ();
push @defs, "ZLIB" unless $disabled{zlib};
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
return [ @defs ];
},
includes =>
sub {
my @incs = ();
push @incs, $withargs{zlib_include}
if !$disabled{zlib} && $withargs{zlib_include};
return [ @incs ];
},
},
BASE_unix => {
inherit_from => [ "BASE_common" ],
template => 1,
AR => "ar",
ARFLAGS => "r",
CC => "cc",
lflags =>
sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () },
ex_libs =>
sub { !defined($disabled{zlib})
&& defined($disabled{"zlib-dynamic"})
? "-lz" : () },
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
shared_extension => ".so",
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
},
BASE_Windows => {
inherit_from => [ "BASE_common" ],
template => 1,
lib_defines =>
sub {
my @defs = ();
unless ($disabled{"zlib-dynamic"}) {
my $zlib = $withargs{zlib_lib} // "ZLIB1";
push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0];
}
return [ @defs ];
},
ex_libs =>
sub {
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
return $withargs{zlib_lib} // "ZLIB1";
}
}
return ();
},
LD => "link",
LDFLAGS => "/nologo",
ldoutflag => "/out:",
AR => "lib",
ARFLAGS => "/nologo",
aroutflag => "/out:",
RC => "rc",
rcoutflag => "/fo",
MT => "mt",
MTFLAGS => "-nologo",
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",
shared_extension => ".dll",
build_file => "makefile",
build_scheme => [ "unified", "windows" ],
},
BASE_VMS => {
inherit_from => [ "BASE_common" ],
template => 1,
includes =>
add(sub {
my @incs = ();
# GNV$ZLIB_INCLUDE is the standard logical name for later
# zlib incarnations.
push @incs, 'GNV$ZLIB_INCLUDE:'
if !$disabled{zlib} && !$withargs{zlib_include};
return [ @incs ];
}),
shared_extension => ".exe",
build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ],
},
uplink_common => {
template => 1,
apps_init_src => add("../ms/applink.c"),
uplink_aux_src => add("../ms/uplink.c"),
defines => add("OPENSSL_USE_APPLINK"),
},
x86_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-x86.s"),
},
x86_64_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-x86_64.s"),
},
ia64_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-ia64.s"),
},
x86_asm => {
template => 1,
cpuid_asm_src => "x86cpuid.s",
bn_asm_src => "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86.s",
des_asm_src => "des-586.s crypt586.s",
aes_asm_src => "aes-586.s vpaes-x86.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
cast_asm_src => "cast-586.s",
sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s",
rc4_asm_src => "rc4-586.s",
rmd160_asm_src => "rmd-586.s",
rc5_asm_src => "rc5-586.s",
wp_asm_src => "wp_block.c wp-mmx.s",
cmll_asm_src => "cmll-x86.s",
modes_asm_src => "ghash-x86.s",
padlock_asm_src => "e_padlock-x86.s",
chacha_asm_src => "chacha-x86.s",
poly1305_asm_src=> "poly1305-x86.s",
},
x86_elf_asm => {
template => 1,
inherit_from => [ "x86_asm" ],
perlasm_scheme => "elf"
},
x86_64_asm => {
template => 1,
cpuid_asm_src => "x86_64cpuid.s",
bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s",
aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
md5_asm_src => "md5-x86_64.s",
sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
rc4_asm_src => "rc4-x86_64.s rc4-md5-x86_64.s",
wp_asm_src => "wp-x86_64.s",
cmll_asm_src => "cmll-x86_64.s cmll_misc.c",
modes_asm_src => "ghash-x86_64.s aesni-gcm-x86_64.s",
padlock_asm_src => "e_padlock-x86_64.s",
chacha_asm_src => "chacha-x86_64.s",
poly1305_asm_src=> "poly1305-x86_64.s",
keccak1600_asm_src => "keccak1600-x86_64.s",
},
ia64_asm => {
template => 1,
cpuid_asm_src => "ia64cpuid.s",
bn_asm_src => "bn-ia64.s ia64-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-ia64.s",
sha1_asm_src => "sha1-ia64.s sha256-ia64.s sha512-ia64.s",
modes_asm_src => "ghash-ia64.s",
perlasm_scheme => "void"
},
sparcv9_asm => {
template => 1,
cpuid_asm_src => "sparcv9cap.c sparccpuid.S",
bn_asm_src => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
des_asm_src => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
aes_asm_src => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S",
md5_asm_src => "md5-sparcv9.S",
sha1_asm_src => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
modes_asm_src => "ghash-sparcv9.S",
poly1305_asm_src=> "poly1305-sparcv9.S",
perlasm_scheme => "void"
},
sparcv8_asm => {
template => 1,
cpuid_asm_src => "",
bn_asm_src => "asm/sparcv8.S",
des_asm_src => "des_enc-sparc.S fcrypt_b.c",
perlasm_scheme => "void"
},
alpha_asm => {
template => 1,
cpuid_asm_src => "alphacpuid.s",
bn_asm_src => "bn_asm.c alpha-mont.S",
sha1_asm_src => "sha1-alpha.S",
modes_asm_src => "ghash-alpha.S",
perlasm_scheme => "void"
},
mips32_asm => {
template => 1,
bn_asm_src => "bn-mips.S mips-mont.S",
aes_asm_src => "aes_cbc.c aes-mips.S",
sha1_asm_src => "sha1-mips.S sha256-mips.S",
},
mips64_asm => {
inherit_from => [ "mips32_asm" ],
template => 1,
sha1_asm_src => add("sha512-mips.S"),
poly1305_asm_src=> "poly1305-mips.S",
},
s390x_asm => {
template => 1,
cpuid_asm_src => "s390xcap.c s390xcpuid.S",
bn_asm_src => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake",
sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
rc4_asm_src => "rc4-s390x.s",
modes_asm_src => "ghash-s390x.S",
chacha_asm_src => "chacha-s390x.S",
poly1305_asm_src=> "poly1305-s390x.S",
keccak1600_asm_src => "keccak1600-s390x.S",
},
armv4_asm => {
template => 1,
cpuid_asm_src => "armcap.c armv4cpuid.S",
bn_asm_src => "bn_asm.c armv4-mont.S armv4-gf2m.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv4.S",
aes_asm_src => "aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S",
sha1_asm_src => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
modes_asm_src => "ghash-armv4.S ghashv8-armx.S",
chacha_asm_src => "chacha-armv4.S",
poly1305_asm_src=> "poly1305-armv4.S",
keccak1600_asm_src => "keccak1600-armv4.S",
perlasm_scheme => "void"
},
aarch64_asm => {
template => 1,
cpuid_asm_src => "armcap.c arm64cpuid.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv8.S",
bn_asm_src => "bn_asm.c armv8-mont.S",
aes_asm_src => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
sha1_asm_src => "sha1-armv8.S sha256-armv8.S sha512-armv8.S",
modes_asm_src => "ghashv8-armx.S",
chacha_asm_src => "chacha-armv8.S",
poly1305_asm_src=> "poly1305-armv8.S",
keccak1600_asm_src => "keccak1600-armv8.S",
},
parisc11_asm => {
template => 1,
cpuid_asm_src => "pariscid.s",
bn_asm_src => "bn_asm.c parisc-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-parisc.s",
sha1_asm_src => "sha1-parisc.s sha256-parisc.s sha512-parisc.s",
rc4_asm_src => "rc4-parisc.s",
modes_asm_src => "ghash-parisc.s",
perlasm_scheme => "32"
},
parisc20_64_asm => {
template => 1,
inherit_from => [ "parisc11_asm" ],
perlasm_scheme => "64",
},
ppc32_asm => {
template => 1,
cpuid_asm_src => "ppccpuid.s ppccap.c",
bn_asm_src => "bn-ppc.s ppc-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s",
sha1_asm_src => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s",
modes_asm_src => "ghashp8-ppc.s",
chacha_asm_src => "chacha-ppc.s",
poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s",
},
ppc64_asm => {
inherit_from => [ "ppc32_asm" ],
template => 1,
ec_asm_src => "ecp_nistz256.c ecp_nistz256-ppc64.s x25519-ppc64.s",
keccak1600_asm_src => "keccak1600-ppc64.s",
},
);

1802
trunk/3rdparty/openssl-1.1-fit/Configurations/10-main.conf vendored Normal file
View file

File diff suppressed because it is too large Load diff

261
trunk/3rdparty/openssl-1.1-fit/Configurations/15-android.conf vendored Normal file
View file

@ -0,0 +1,261 @@
#### Android...
#
# See NOTES.ANDROID for details, and don't miss platform-specific
# comments below...
{
use File::Spec::Functions;
my $android_ndk = {};
my %triplet = (
arm => "arm-linux-androideabi",
arm64 => "aarch64-linux-android",
mips => "mipsel-linux-android",
mips64 => "mips64el-linux-android",
x86 => "i686-linux-android",
x86_64 => "x86_64-linux-android",
);
sub android_ndk {
unless (%$android_ndk) {
if ($now_printing =~ m|^android|) {
return $android_ndk = { bn_ops => "BN_AUTO" };
}
my $ndk_var;
my $ndk;
foreach (qw(ANDROID_NDK_HOME ANDROID_NDK)) {
$ndk_var = $_;
$ndk = $ENV{$ndk_var};
last if defined $ndk;
}
die "\$ANDROID_NDK_HOME is not defined" if (!$ndk);
if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
# $ndk/platforms is traditional "all-inclusive" NDK, while
# $ndk/AndroidVersion.txt is so-called standalone toolchain
# tailored for specific target down to API level.
die "\$ANDROID_NDK_HOME=$ndk is invalid";
}
$ndk = canonpath($ndk);
my $ndkver = undef;
if (open my $fh, "<$ndk/source.properties") {
local $_;
while(<$fh>) {
if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
$ndkver = $1;
last;
}
}
close $fh;
}
my ($sysroot, $api, $arch);
$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
$arch = $1;
if ($sysroot = $ENV{CROSS_SYSROOT}) {
$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
($api, $arch) = ($1, $2);
} elsif (-f "$ndk/AndroidVersion.txt") {
$sysroot = "$ndk/sysroot";
} else {
$api = "*";
# see if user passed -D__ANDROID_API__=N
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
if (m|__ANDROID_API__=([0-9]+)|) {
$api = $1;
last;
}
}
# list available platforms (numerically)
my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
$b =~ m/-([0-9]+)$/; $aa <=> $1;
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
$sysroot = "@platforms[$#platforms]/arch-$arch";
$sysroot =~ m|/android-([0-9]+)/arch-$arch|;
$api = $1;
}
die "no sysroot=$sysroot" if (!-d $sysroot);
my $triarch = $triplet{$arch};
my $cflags;
my $cppflags;
# see if there is NDK clang on $PATH, "universal" or "standalone"
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
my $host=$1;
# harmonize with gcc default
my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
(my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
$cflags .= " -target $tridefault "
. "-gcc-toolchain \$($ndk_var)/toolchains"
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
$user{CROSS_COMPILE} = undef;
if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
$user{AR} = "llvm-ar";
$user{ARFLAGS} = [ "rs" ];
$user{RANLIB} = ":";
}
} elsif (-f "$ndk/AndroidVersion.txt") { #"standalone toolchain"
my $cc = $user{CC} // "clang";
# One can probably argue that both clang and gcc should be
# probed, but support for "standalone toolchain" was added
# *after* announcement that gcc is being phased out, so
# favouring clang is considered adequate. Those who insist
# have option to enforce test for gcc with CC=gcc.
if (which("$triarch-$cc") !~ m|^$ndk|) {
die "no NDK $triarch-$cc on \$PATH";
}
$user{CC} = $cc;
$user{CROSS_COMPILE} = "$triarch-";
} elsif ($user{CC} eq "clang") {
die "no NDK clang on \$PATH";
} else {
if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
die "no NDK $triarch-gcc on \$PATH";
}
$cflags .= " -mandroid";
$user{CROSS_COMPILE} = "$triarch-";
}
if (!-d "$sysroot/usr/include") {
my $incroot = "$ndk/sysroot/usr/include";
die "no $incroot" if (!-d $incroot);
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
$incroot =~ s|^$ndk/||;
$cppflags = "-D__ANDROID_API__=$api";
$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
$cppflags .= " -isystem \$($ndk_var)/$incroot";
}
$sysroot =~ s|^$ndk/||;
$android_ndk = {
cflags => "$cflags --sysroot=\$($ndk_var)/$sysroot",
cppflags => $cppflags,
bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
: "BN_LLONG",
};
}
return $android_ndk;
}
}
my %targets = (
"android" => {
inherit_from => [ "linux-generic32" ],
template => 1,
################################################################
# Special note about -pie. The underlying reason is that
# Lollipop refuses to run non-PIE. But what about older systems
# and NDKs? -fPIC was never problem, so the only concern is -pie.
# Older toolchains, e.g. r4, appear to handle it and binaries
# turn out mostly functional. "Mostly" means that oldest
# Androids, such as Froyo, fail to handle executable, but newer
# systems are perfectly capable of executing binaries targeting
# Froyo. Keep in mind that in the nutshell Android builds are
# about JNI, i.e. shared libraries, not applications.
cflags => add(sub { android_ndk()->{cflags} }),
cppflags => add(sub { android_ndk()->{cppflags} }),
cxxflags => add(sub { android_ndk()->{cflags} }),
bn_ops => sub { android_ndk()->{bn_ops} },
bin_cflags => "-pie",
enable => [ ],
},
"android-arm" => {
################################################################
# Contemporary Android applications can provide multiple JNI
# providers in .apk, targeting multiple architectures. Among
# them there is "place" for two ARM flavours: generic eabi and
# armv7-a/hard-float. However, it should be noted that OpenSSL's
# ability to engage NEON is not constrained by ABI choice, nor
# is your ability to call OpenSSL from your application code
# compiled with floating-point ABI other than default 'soft'.
# (Latter thanks to __attribute__((pcs("aapcs"))) declaration.)
# This means that choice of ARM libraries you provide in .apk
# is driven by application needs. For example if application
# itself benefits from NEON or is floating-point intensive, then
# it might be appropriate to provide both libraries. Otherwise
# just generic eabi would do. But in latter case it would be
# appropriate to
#
# ./Configure android-arm -D__ARM_MAX_ARCH__=8
#
# in order to build "universal" binary and allow OpenSSL take
# advantage of NEON when it's available.
#
# Keep in mind that (just like with linux-armv4) we rely on
# compiler defaults, which is not necessarily what you had
# in mind, in which case you would have to pass additional
# -march and/or -mfloat-abi flags. NDK defaults to armv5te.
# Newer NDK versions reportedly require additional -latomic.
#
inherit_from => [ "android", asm("armv4_asm") ],
bn_ops => add("RC4_CHAR"),
},
"android-arm64" => {
inherit_from => [ "android", asm("aarch64_asm") ],
bn_ops => add("RC4_CHAR"),
perlasm_scheme => "linux64",
},
"android-mips" => {
inherit_from => [ "android", asm("mips32_asm") ],
bn_ops => add("RC4_CHAR"),
perlasm_scheme => "o32",
},
"android-mips64" => {
################################################################
# You are more than likely have to specify target processor
# on ./Configure command line. Trouble is that toolchain's
# default is MIPS64r6 (at least in r10d), but there are no
# such processors around (or they are too rare to spot one).
# Actual problem is that MIPS64r6 is binary incompatible
# with previous MIPS ISA versions, in sense that unlike
# prior versions original MIPS binary code will fail.
#
inherit_from => [ "android", asm("mips64_asm") ],
bn_ops => add("RC4_CHAR"),
perlasm_scheme => "64",
},
"android-x86" => {
inherit_from => [ "android", asm("x86_asm") ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => add("RC4_INT"),
perlasm_scheme => "android",
},
"android-x86_64" => {
inherit_from => [ "android", asm("x86_64_asm") ],
bn_ops => add("RC4_INT"),
perlasm_scheme => "elf",
},
####################################################################
# Backward compatible targets, (might) requre $CROSS_SYSROOT
#
"android-armeabi" => {
inherit_from => [ "android-arm" ],
},
"android64" => {
inherit_from => [ "android" ],
},
"android64-aarch64" => {
inherit_from => [ "android-arm64" ],
},
"android64-x86_64" => {
inherit_from => [ "android-x86_64" ],
},
"android64-mips64" => {
inherit_from => [ "android-mips64" ],
},
);

62
trunk/3rdparty/openssl-1.1-fit/Configurations/15-ios.conf vendored Normal file
View file

@ -0,0 +1,62 @@
#### iPhoneOS/iOS
#
# It takes recent enough XCode to use following two targets. It shouldn't
# be a problem by now, but if they don't work, original targets below
# that depend on manual definition of environment variables should still
# work...
#
my %targets = (
"ios-common" => {
template => 1,
inherit_from => [ "darwin-common" ],
sys_id => "iOS",
disable => [ "engine", "async" ],
},
"ios-xcrun" => {
inherit_from => [ "ios-common", asm("armv4_asm") ],
# It should be possible to go below iOS 6 and even add -arch armv6,
# thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
# at this point.
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"),
perlasm_scheme => "ios32",
},
"ios64-xcrun" => {
inherit_from => [ "ios-common", asm("aarch64_asm") ],
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
perlasm_scheme => "ios64",
},
"iossimulator-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
},
# It takes three prior-set environment variables to make it work:
#
# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
# CROSS_TOP=/where/SDKs/are
# CROSS_SDK=iPhoneOSx.y.sdk
#
# Exact paths vary with Xcode releases, but for couple of last ones
# they would look like this:
#
# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
# CROSS_SDK=iPhoneOS.sdk
#
"iphoneos-cross" => {
inherit_from => [ "ios-common" ],
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
},
"ios-cross" => {
inherit_from => [ "ios-xcrun" ],
CC => "cc",
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
},
"ios64-cross" => {
inherit_from => [ "ios64-xcrun" ],
CC => "cc",
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
},
);

17
trunk/3rdparty/openssl-1.1-fit/Configurations/50-djgpp.conf vendored Normal file
View file

@ -0,0 +1,17 @@
# We can't make any commitment to support the DJGPP platform,
# and rely entirely on the OpenSSL community to help is fine
# tune and test.
my %targets = (
"DJGPP" => {
inherit_from => [ asm("x86_asm") ],
CC => "gcc",
CFLAGS => "-fomit-frame-pointer -O2 -Wall",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",
sys_id => "MSDOS",
lflags => add("-L/dev/env/WATT_ROOT/lib"),
ex_libs => add("-lwatt"),
bn_ops => "BN_LLONG",
perlasm_scheme => "a.out",
},
);

30
trunk/3rdparty/openssl-1.1-fit/Configurations/50-haiku.conf vendored Normal file
View file

@ -0,0 +1,30 @@
my %targets = (
"haiku-common" => {
template => 1,
CC => "cc",
CFLAGS => add_before(picker(default => "-Wall",
debug => "-g -O0",
release => "-O2")),
cflags => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
threads("-D_REENTRANT")),
sys_id => "HAIKU",
ex_libs => "-lnetwork",
perlasm_scheme => "elf",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "gnu-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
},
"haiku-x86" => {
inherit_from => [ "haiku-common", asm("x86_elf_asm") ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => "BN_LLONG",
},
"haiku-x86_64" => {
inherit_from => [ "haiku-common" ],
cflags => add("-m64"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
},
);

23
trunk/3rdparty/openssl-1.1-fit/Configurations/50-masm.conf vendored Normal file
View file

@ -0,0 +1,23 @@
# We can't make commitment to supporting Microsoft assembler,
# because it would mean supporting all masm versions. This in
# in turn is because masm is not really an interchangeable option,
# while users tend to have reasons to stick with specific Visual
# Studio versions. It's usually lesser hassle to make it work
# with latest assembler, but tweaking for older versions had
# proven to be daunting task. This is experimental target, for
# production builds stick with [up-to-date version of] nasm.
my %targets = (
"VC-WIN64A-masm" => {
inherit_from => [ "VC-WIN64-common", asm("x86_64_asm"),
sub { $disabled{shared} ? () : "x86_64_uplink" } ],
AS => "ml64",
ASFLAGS => "/nologo /Zi",
asoutflag => "/Fo",
asflags => "/c /Cp /Cx",
sys_id => "WIN64A",
bn_asm_src => sub { return undef unless @_;
my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; },
perlasm_scheme => "masm",
},
);

64
trunk/3rdparty/openssl-1.1-fit/Configurations/50-win-onecore.conf vendored Normal file
View file

@ -0,0 +1,64 @@
# Windows OneCore targets.
#
# OneCore is new API stability "contract" that transends Desktop, IoT and
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
# export subset of Win32 API that are common to all Windows 10 devices.
#
# OneCore Configuration temporarly dedicated for console applications
# due to disabled event logging, which is incompatible with one core.
# Error messages are provided via standard error only.
# TODO: extend error handling to use ETW based eventing
# (Or rework whole error messaging)
my %targets = (
"VC-WIN32-ONECORE" => {
inherit_from => [ "VC-WIN32" ],
# /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
# hidden reference to kernel32.lib, but we don't actually want
# it in "onecore" build.
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
"VC-WIN64A-ONECORE" => {
inherit_from => [ "VC-WIN64A" ],
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
# Windows on ARM targets. ARM compilers are additional components in
# VS2017, i.e. they are not installed by default. And when installed,
# there are no "ARM Tool Command Prompt"s on Start menu, you have
# to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has
# received limited testing with evp_test.exe on Windows 10 IoT Core,
# but not VC-WIN64-ARM, no hardware... In other words they are not
# actually supported...
#
# Another thing to keep in mind [in cross-compilation scenario such
# as this one] is that target's file system has nothing to do with
# compilation system's one. This means that you're are likely to use
# --prefix and --openssldir with target-specific values. 'nmake install'
# step is effectively meaningless in cross-compilation case, though
# it might be useful to 'nmake install DESTDIR=S:\ome\where' where you
# can point Visual Studio to when compiling custom application code.
"VC-WIN32-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "BN_LLONG RC4_CHAR EXPORT_VAR_AS_FN",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm",
},
"VC-WIN64-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR EXPORT_VAR_AS_FN",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm64",
},
);

136
trunk/3rdparty/openssl-1.1-fit/Configurations/INTERNALS.Configure vendored Normal file
View file

@ -0,0 +1,136 @@
Configure Internals
===================
[ note: this file uses markdown for formatting ]
Intro
-----
This is a collection of notes that are hopefully of interest to those
who decide to dive into Configure and what it does. This is a living
document and anyone is encouraged to add to it and submit changes.
There's no claim for this document to be complete at any time, but it
will hopefully reach such a point in time.
----------------------------------------------------------------------
Parsing build.info files, processing conditions
-----------------------------------------------
Processing conditions in build.info files is done with the help of a
condition stack that tell if a build.info should be processed or if it
should just be skipped over. The possible states of the stack top are
expressed in the following comment from Configure:
# The top item of this stack has the following values
# -2 positive already run and we found ELSE (following ELSIF should fail)
# -1 positive already run (skip until ENDIF)
# 0 negatives so far (if we're at a condition, check it)
# 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
# 2 positive ELSE (following ELSIF should fail)
Ground rule is that non-condition lines are skipped over if the
stack top is > 0. Condition lines (IF, ELSIF, ELSE and ENDIF
statements) need to be processed either way to keep track of the skip
stack states, so they are a little more intricate.
Instead of trying to describe in words, here are some example of what
the skip stack should look like after each line is processed:
Example 1:
| IF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | -1 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | -1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | -1 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | | |
Example 2:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 3:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 4:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 2 | |
| ... whatever ... | | this line is processed |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |

763
trunk/3rdparty/openssl-1.1-fit/Configurations/README vendored Normal file
View file

@ -0,0 +1,763 @@
Intro
=====
This directory contains a few sets of files that are used for
configuration in diverse ways:
*.conf Target platform configurations, please read
'Configurations of OpenSSL target platforms' for more
information.
*.tmpl Build file templates, please read 'Build-file
programming with the "unified" build system' as well
as 'Build info files' for more information.
*.pm Helper scripts / modules for the main `Configure`
script. See 'Configure helper scripts for more
information.
Configurations of OpenSSL target platforms
==========================================
Configuration targets are a collection of facts that we know about
different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target.
Note that configuration target names must be unique across all config
files. The Configure script does check that a config file doesn't
have config targets that shadow config targets from other files.
In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from.
Explained further below. [1]
template => Set to 1 if this isn't really a platform
target. Instead, this target is a template
upon which other targets can be built.
Explained further below. [1]
sys_id => System identity for systems where that
is difficult to determine automatically.
enable => Enable specific configuration features.
This MUST be an array of words.
disable => Disable specific configuration features.
This MUST be an array of words.
Note: if the same feature is both enabled
and disabled, disable wins.
as => The assembler command. This is not always
used (for example on Unix, where the C
compiler is used instead).
asflags => Default assembler command flags [4].
cpp => The C preprocessor command, normally not
given, as the build file defaults are
usually good enough.
cppflags => Default C preprocessor flags [4].
defines => As an alternative, macro definitions may be
given here instead of in `cppflags' [4].
If given here, they MUST be as an array of
the string such as "MACRO=value", or just
"MACRO" for definitions without value.
includes => As an alternative, inclusion directories
may be given here instead of in `cppflags'
[4]. If given here, the MUST be an array
of strings, one directory specification
each.
cc => The C compiler command, usually one of "cc",
"gcc" or "clang". This command is normally
also used to link object files and
libraries into the final program.
cxx => The C++ compiler command, usually one of
"c++", "g++" or "clang++". This command is
also used when linking a program where at
least one of the object file is made from
C++ source.
cflags => Defaults C compiler flags [4].
cxxflags => Default C++ compiler flags [4]. If unset,
it gets the same value as cflags.
(linking is a complex thing, see [3] below)
ld => Linker command, usually not defined
(meaning the compiler command is used
instead).
(NOTE: this is here for future use, it's
not implemented yet)
lflags => Default flags used when linking apps,
shared libraries or DSOs [4].
ex_libs => Extra libraries that are needed when
linking shared libraries, DSOs or programs.
The value is also assigned to Libs.private
in $(libdir)/pkgconfig/libcrypto.pc.
shared_cppflags => Extra C preprocessor flags used when
processing C files for shared libraries.
shared_cflag => Extra C compiler flags used when compiling
for shared libraries, typically something
like "-fPIC".
shared_ldflag => Extra linking flags used when linking
shared libraries.
module_cppflags
module_cflags
module_ldflags => Has the same function as the corresponding
`shared_' attributes, but for building DSOs.
When unset, they get the same values as the
corresponding `shared_' attributes.
ar => The library archive command, the default is
"ar".
(NOTE: this is here for future use, it's
not implemented yet)
arflags => Flags to be used with the library archive
command. On Unix, this includes the
command letter, 'r' by default.
ranlib => The library archive indexing command, the
default is 'ranlib' it it exists.
unistd => An alternative header to the typical
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
libraries.
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
implemented yet)
exe_extension => File name extension used for executable
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
shlib_variant => A "variant" identifier inserted between the base
shared library name and the extension. On "unixy"
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
supports installation of custom OpenSSL libraries
that don't conflict with other builds of OpenSSL
installed on the system. The variant identifier
becomes part of the SONAME of the library and also
any symbol versions (symbol versions are not used or
needed with MacOS/X). For example, on a system
where a default build would normally create the SSL
shared library as 'libssl.so -> libssl.so.1.1' with
the value of the symlink as the SONAME, a target
definition that sets 'shlib_variant => "-abc"' will
create 'libssl.so -> libssl-abc.so.1.1', again with
an SONAME equal to the value of the symlink. The
symbol versions associated with the variant library
would then be 'OPENSSL_ABC_<version>' rather than
the default 'OPENSSL_<version>'. The string inserted
into symbol versions is obtained by mapping all
letters in the "variant" identifier to upper case
and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the
configured platform. Currently known
values are "(unknown)", "pthreads",
"uithreads" (a.k.a solaris threads) and
"winthreads". Except for "(unknown)", the
actual value is currently ignored but may
be used in the future. See further notes
below [2].
dso_scheme => The type of dynamic shared objects to build
for. This mostly comes into play with
engines, but can be used for other purposes
as well. Valid values are "DLFCN"
(dlopen() et al), "DLFCN_NO_H" (for systems
that use dlopen() et al but do not have
fcntl.h), "DL" (shl_load() et al), "WIN32"
and "VMS".
perlasm_scheme => The perlasm method used to create the
assembler files used when compiling with
assembler implementations.
shared_target => The shared library building method used.
This is a target found in Makefile.shared.
build_scheme => The scheme used to build up a Makefile.
In its simplest form, the value is a string
with the name of the build scheme.
The value may also take the form of a list
of strings, if the build_scheme is to have
some options. In this case, the first
string in the list is the name of the build
scheme.
Currently recognised build scheme is "unified".
For the "unified" build scheme, this item
*must* be an array with the first being the
word "unified" and the second being a word
to identify the platform family.
multilib => On systems that support having multiple
implementations of a library (typically a
32-bit and a 64-bit variant), this is used
to have the different variants in different
directories.
bn_ops => Building options (was just bignum options in
the earlier history of this option, hence the
name). This is a string of words that describe
algorithms' implementation parameters that
are optimal for the designated target platform,
such as the type of integers used to build up
the bignum, different ways to implement certain
ciphers and so on. To fully comprehend the
meaning, the best is to read the affected
source.
The valid words are:
THIRTY_TWO_BIT bignum limbs are 32 bits,
this is default if no
option is specified, it
works on any supported
system [unless "wider"
limb size is implied in
assembly code];
BN_LLONG bignum limbs are 32 bits,
but 64-bit 'unsigned long
long' is used internally
in calculations;
SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
and sizeof(long) is 8;
SIXTY_FOUR_BIT bignums limbs are 64 bits,
but execution environment
is ILP32;
RC4_CHAR RC4 key schedule is made
up of 'unsigned char's;
RC4_INT RC4 key schedule is made
up of 'unsigned int's;
EXPORT_VAR_AS_FN for shared libraries,
export vars as
accessor functions.
apps_aux_src => Extra source to build apps/openssl and other
apps, as needed by the target and that can be
collected in a library.
apps_init_src => Init source to build apps/openssl and other
apps, as needed by the target. This code
cannot be placed in a library, as the rest
of the code isn't expected to link to it
explicitly.
cpuid_asm_src => assembler implementation of cpuid code as
well as OPENSSL_cleanse().
Default to mem_clr.c
bn_asm_src => Assembler implementation of core bignum
functions.
Defaults to bn_asm.c
ec_asm_src => Assembler implementation of core EC
functions.
des_asm_src => Assembler implementation of core DES
encryption functions.
Defaults to 'des_enc.c fcrypt_b.c'
aes_asm_src => Assembler implementation of core AES
functions.
Defaults to 'aes_core.c aes_cbc.c'
bf_asm_src => Assembler implementation of core BlowFish
functions.
Defaults to 'bf_enc.c'
md5_asm_src => Assembler implementation of core MD5
functions.
sha1_asm_src => Assembler implementation of core SHA1,
functions, and also possibly SHA256 and
SHA512 ones.
cast_asm_src => Assembler implementation of core CAST
functions.
Defaults to 'c_enc.c'
rc4_asm_src => Assembler implementation of core RC4
functions.
Defaults to 'rc4_enc.c rc4_skey.c'
rmd160_asm_src => Assembler implementation of core RMD160
functions.
rc5_asm_src => Assembler implementation of core RC5
functions.
Defaults to 'rc5_enc.c'
wp_asm_src => Assembler implementation of core WHIRLPOOL
functions.
cmll_asm_src => Assembler implementation of core CAMELLIA
functions.
Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
modes_asm_src => Assembler implementation of cipher modes,
currently the functions gcm_gmult_4bit and
gcm_ghash_4bit.
padlock_asm_src => Assembler implementation of core parts of
the padlock engine. This is mandatory on
any platform where the padlock engine might
actually be built.
[1] as part of the target configuration, one can have a key called
'inherit_from' that indicate what other configurations to inherit
data from. These are resolved recursively.
Inheritance works as a set of default values that can be overridden
by corresponding key values in the inheriting configuration.
Note 1: any configuration table can be used as a template.
Note 2: pure templates have the attribute 'template => 1' and
cannot be used as build targets.
If several configurations are given in the 'inherit_from' array,
the values of same attribute are concatenated with space
separation. With this, it's possible to have several smaller
templates for different configuration aspects that can be combined
into a complete configuration.
instead of a scalar value or an array, a value can be a code block
of the form 'sub { /* your code here */ }'. This code block will
be called with the list of inherited values for that key as
arguments. In fact, the concatenation of strings is really done
by using 'sub { join(" ",@_) }' on the list of inherited values.
An example:
"foo" => {
template => 1,
haha => "ha ha",
hoho => "ho",
ignored => "This should not appear in the end result",
},
"bar" => {
template => 1,
haha => "ah",
hoho => "haho",
hehe => "hehe"
},
"laughter" => {
inherit_from => [ "foo", "bar" ],
hehe => sub { join(" ",(@_,"!!!")) },
ignored => "",
}
The entry for "laughter" will become as follows after processing:
"laughter" => {
haha => "ha ha ah",
hoho => "ho haho",
hehe => "hehe !!!",
ignored => ""
}
[2] OpenSSL is built with threading capabilities unless the user
specifies 'no-threads'. The value of the key 'thread_scheme' may
be "(unknown)", in which case the user MUST give some compilation
flags to Configure.
[3] OpenSSL has three types of things to link from object files or
static libraries:
- shared libraries; that would be libcrypto and libssl.
- shared objects (sometimes called dynamic libraries); that would
be the engines.
- applications; those are apps/openssl and all the test apps.
Very roughly speaking, linking is done like this (words in braces
represent the configuration settings documented at the beginning
of this file):
shared libraries:
{ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
foo/something.o foo/somethingelse.o {ex_libs}
shared objects:
{ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
blah1.o blah2.o -lcrypto {ex_libs}
applications:
{ld} $(CFLAGS) {lflags} -o app \
app1.o utils.o -lssl -lcrypto {ex_libs}
[4] There are variants of these attribute, prefixed with `lib_',
`dso_' or `bin_'. Those variants replace the unprefixed attribute
when building library, DSO or program modules specifically.
Historically, the target configurations came in form of a string with
values separated by colons. This use is deprecated. The string form
looked like this:
"target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
Build info files
================
The build.info files that are spread over the source tree contain the
minimum information needed to build and distribute OpenSSL. It uses a
simple and yet fairly powerful language to determine what needs to be
built, from what sources, and other relationships between files.
For every build.info file, all file references are relative to the
directory of the build.info file for source files, and the
corresponding build directory for built files if the build tree
differs from the source tree.
When processed, every line is processed with the perl module
Text::Template, using the delimiters "{-" and "-}". The hashes
%config and %target are passed to the perl fragments, along with
$sourcedir and $builddir, which are the locations of the source
directory for the current build.info file and the corresponding build
directory, all relative to the top of the build tree.
To begin with, things to be built are declared by setting specific
variables:
PROGRAMS=foo bar
LIBS=libsomething
ENGINES=libeng
SCRIPTS=myhack
EXTRA=file1 file2
Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
without extensions. The build file templates will figure them out.
For each thing to be built, it is then possible to say what sources
they are built from:
PROGRAMS=foo bar
SOURCE[foo]=foo.c common.c
SOURCE[bar]=bar.c extra.c common.c
It's also possible to tell some other dependencies:
DEPEND[foo]=libsomething
DEPEND[libbar]=libsomethingelse
(it could be argued that 'libsomething' and 'libsomethingelse' are
source as well. However, the files given through SOURCE are expected
to be located in the source tree while files given through DEPEND are
expected to be located in the build tree)
It's also possible to depend on static libraries explicitly:
DEPEND[foo]=libsomething.a
DEPEND[libbar]=libsomethingelse.a
This should be rarely used, and care should be taken to make sure it's
only used when supported. For example, native Windows build doesn't
support building static libraries and DLLs at the same time, so using
static libraries on Windows can only be done when configured
'no-shared'.
One some platforms, shared libraries come with a name that's different
from their static counterpart. That's declared as follows:
SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
The example is from Cygwin, which has a required naming convention.
Sometimes, it makes sense to rename an output file, for example a
library:
RENAME[libfoo]=libbar
That line has "libfoo" renamed to "libbar". While it makes no
sense at all to just have a rename like that (why not just use
"libbar" everywhere?), it does make sense when it can be used
conditionally. See a little further below for an example.
In some cases, it's desirable to include some source files in the
shared form of a library only:
SHARED_SOURCE[libfoo]=dllmain.c
For any file to be built, it's also possible to tell what extra
include paths the build of their source files should use:
INCLUDE[foo]=include
In some cases, one might want to generate some source files from
others, that's done as follows:
GENERATE[foo.s]=asm/something.pl $(CFLAGS)
GENERATE[bar.s]=asm/bar.S
The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except that the first
item must be the generator file. It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
Sometimes, the generator file itself depends on other files, for
example if it is a perl script that depends on other perl modules.
This can be expressed using DEPEND like this:
DEPEND[asm/something.pl]=../perlasm/Foo.pm
There may also be cases where the exact file isn't easily specified,
but an inclusion directory still needs to be specified. INCLUDE can
be used in that case:
INCLUDE[asm/something.pl]=../perlasm
NOTE: GENERATE lines are limited to one command only per GENERATE.
As a last resort, it's possible to have raw build file lines, between
BEGINRAW and ENDRAW lines as follows:
BEGINRAW[Makefile(unix)]
haha.h: {- $builddir -}/Makefile
echo "/* haha */" > haha.h
ENDRAW[Makefile(unix)]
The word within square brackets is the build_file configuration item
or the build_file configuration item followed by the second word in the
build_scheme configuration item for the configured target within
parenthesis as shown above. For example, with the following relevant
configuration items:
build_file => "build.ninja"
build_scheme => [ "unified", "unix" ]
... these lines will be considered:
BEGINRAW[build.ninja]
build haha.h: echo "/* haha */" > haha.h
ENDRAW[build.ninja]
BEGINRAW[build.ninja(unix)]
build hoho.h: echo "/* hoho */" > hoho.h
ENDRAW[build.ninja(unix)]
Should it be needed because the recipes within a RAW section might
clash with those generated by Configure, it's possible to tell it
not to generate them with the use of OVERRIDES, for example:
SOURCE[libfoo]=foo.c bar.c
OVERRIDES=bar.o
BEGINRAW[Makefile(unix)]
bar.o: bar.c
$(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
ENDRAW[Makefile(unix)]
See the documentation further up for more information on configuration
items.
Finally, you can have some simple conditional use of the build.info
information, looking like this:
IF[1]
something
ELSIF[2]
something other
ELSE
something else
ENDIF
The expression in square brackets is interpreted as a string in perl,
and will be seen as true if perl thinks it is, otherwise false. For
example, the above would have "something" used, since 1 is true.
Together with the use of Text::Template, this can be used as
conditions based on something in the passed variables, for example:
IF[{- $disabled{shared} -}]
LIBS=libcrypto
SOURCE[libcrypto]=...
ELSE
LIBS=libfoo
SOURCE[libfoo]=...
ENDIF
or:
# VMS has a cultural standard where all libraries are prefixed.
# For OpenSSL, the choice is 'ossl_'
IF[{- $config{target} =~ /^vms/ -}]
RENAME[libcrypto]=ossl_libcrypto
RENAME[libssl]=ossl_libssl
ENDIF
Build-file programming with the "unified" build system
======================================================
"Build files" are called "Makefile" on Unix-like operating systems,
"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
To use the "unified" build system, the target configuration needs to
set the three items 'build_scheme', 'build_file' and 'build_command'.
In the rest of this section, we will assume that 'build_scheme' is set
to "unified" (see the configurations documentation above for the
details).
For any name given by 'build_file', the "unified" system expects a
template file in Configurations/ named like the build file, with
".tmpl" appended, or in case of possible ambiguity, a combination of
the second 'build_scheme' list item and the 'build_file' name. For
example, if 'build_file' is set to "Makefile", the template could be
Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
In case both Configurations/unix-Makefile.tmpl and
Configurations/Makefile.tmpl are present, the former takes
precedence.
The build-file template is processed with the perl module
Text::Template, using "{-" and "-}" as delimiters that enclose the
perl code fragments that generate configuration-dependent content.
Those perl fragments have access to all the hash variables from
configdata.pem.
The build-file template is expected to define at least the following
perl functions in a perl code fragment enclosed with "{-" and "-}".
They are all expected to return a string with the lines they produce.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
generator => [ "generatingfile", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file *without*
extension, src2obj() is expected to add that.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files (also *without*
extension) to build this library.
libobj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding static library file
or object files.
called like this:
libobj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the intended library file name *without*
extension, libobj2shlib is expected to add that.
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files (also *without* extension) to build
this library.
This function has a choice; it can use the
corresponding static library as input to make the
shared library, or the list of object files.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as libobj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...). The differences
are subtle, one of the most visible ones is that the
resulting shareable library is produced from object
files only.
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files (also
*without* extension) to build this library. 'deps'
has the list of library files (also *without*
extension) that the programs needs to be linked
with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
In all cases, file file paths are relative to the build tree top, and
the build file actions run with the build tree top as current working
directory.
Make sure to end the section with these functions with a string that
you thing is appropriate for the resulting build file. If nothing
else, end it like this:
""; # Make sure no lingering values end up in the Makefile
-}
Configure helper scripts
========================
Configure uses helper scripts in this directory:
Checker scripts
---------------
These scripts are per platform family, to check the integrity of the
tools used for configuration and building. The checker script used is
either {build_platform}-{build_file}-checker.pm or
{build_platform}-checker.pm, where {build_platform} is the second
'build_scheme' list element from the configuration target data, and
{build_file} is 'build_file' from the same target data.
If the check succeeds, the script is expected to end with a non-zero
expression. If the check fails, the script can end with a zero, or
with a `die`.

623
trunk/3rdparty/openssl-1.1-fit/Configurations/README.design vendored Normal file
View file

@ -0,0 +1,623 @@
Design document for the unified scheme data
===========================================
How are things connected?
-------------------------
The unified scheme takes all its data from the build.info files seen
throughout the source tree. These files hold the minimum information
needed to build end product files from diverse sources. See the
section on build.info files below.
From the information in build.info files, Configure builds up an
information database as a hash table called %unified_info, which is
stored in configdata.pm, found at the top of the build tree (which may
or may not be the same as the source tree).
Configurations/common.tmpl uses the data from %unified_info to
generate the rules for building end product files as well as
intermediary files with the help of a few functions found in the
build-file templates. See the section on build-file templates further
down for more information.
build.info files
----------------
As mentioned earlier, build.info files are meant to hold the minimum
information needed to build output files, and therefore only (with a
few possible exceptions [1]) have information about end products (such
as scripts, library files and programs) and source files (such as C
files, C header files, assembler files, etc). Intermediate files such
as object files are rarely directly referred to in build.info files (and
when they are, it's always with the file name extension .o), they are
inferred by Configure. By the same rule of minimalism, end product
file name extensions (such as .so, .a, .exe, etc) are never mentioned
in build.info. Their file name extensions will be inferred by the
build-file templates, adapted for the platform they are meant for (see
sections on %unified_info and build-file templates further down).
The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare
end products. There are variants for them with '_NO_INST' as suffix
(PROGRAM_NO_INST etc) to specify end products that shouldn't get
installed.
The variables SOURCE, DEPEND and INCLUDE are indexed by a produced
file, and their values are the source used to produce that particular
produced file, extra dependencies, and include directories needed.
All their values in all the build.info throughout the source tree are
collected together and form a set of programs, libraries, engines and
scripts to be produced, source files, dependencies, etc etc etc.
Let's have a pretend example, a very limited contraption of OpenSSL,
composed of the program 'apps/openssl', the libraries 'libssl' and
'libcrypto', an engine 'engines/ossltest' and their sources and
dependencies.
# build.info
LIBS=libcrypto libssl
INCLUDE[libcrypto]=include
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
This is the top directory build.info file, and it tells us that two
libraries are to be built, the include directory 'include/' shall be
used throughout when building anything that will end up in each
library, and that the library 'libssl' depend on the library
'libcrypto' to function properly.
# apps/build.info
PROGRAMS=openssl
SOURCE[openssl]=openssl.c
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
This is the build.info file in 'apps/', one may notice that all file
paths mentioned are relative to the directory the build.info file is
located in. This one tells us that there's a program to be built
called 'apps/openssl' (the file name extension will depend on the
platform and is therefore not mentioned in the build.info file). It's
built from one source file, 'apps/openssl.c', and building it requires
the use of '.' and 'include' include directories (both are declared
from the point of view of the 'apps/' directory), and that the program
depends on the library 'libssl' to function properly.
# crypto/build.info
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
This is the build.info file in 'crypto', and it tells us a little more
about what's needed to produce 'libcrypto'. LIBS is used again to
declare that 'libcrypto' is to be produced. This declaration is
really unnecessary as it's already mentioned in the top build.info
file, but can make the info file easier to understand. This is to
show that duplicate information isn't an issue.
This build.info file informs us that 'libcrypto' is built from a few
source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
It also shows us that building the object file inferred from
'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
Two things are worth an extra note:
'DEPEND[cversion.o]' mentions an object file. DEPEND indexes is the
only location where it's valid to mention them
Lines in 'BEGINRAW'..'ENDRAW' sections must always mention files as
seen from the top directory, no exception.
# ssl/build.info
LIBS=../libssl
SOURCE[../libssl]=tls.c
This is the build.info file in 'ssl/', and it tells us that the
library 'libssl' is built from the source file 'ssl/tls.c'.
# engines/build.info
ENGINES=dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
ENGINES_NO_INST=ossltest
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto.a
INCLUDE[ossltest]=../include
This is the build.info file in 'engines/', telling us that two engines
called 'engines/dasync' and 'engines/ossltest' shall be built, that
dasync's source is 'engines/e_dasync.c' and ossltest's source is
'engines/e_ossltest.c' and that the include directory 'include/' may
be used when building anything that will be part of these engines.
Also, both engines depend on the library 'libcrypto' to function
properly. ossltest is explicitly linked with the static variant of
the library 'libcrypto'. Finally, only dasync is being installed, as
ossltest is only for internal testing.
When Configure digests these build.info files, the accumulated
information comes down to this:
LIBS=libcrypto libssl
SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
DEPEND[crypto/cversion.o]=crypto/buildinf.h
INCLUDE[libcrypto]=include
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
DEPEND[apps/openssl]=libssl
ENGINES=engines/dasync
SOURCE[engines/dasync]=engines/e_dasync.c
DEPEND[engines/dasync]=libcrypto
INCLUDE[engines/dasync]=include
ENGINES_NO_INST=engines/ossltest
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto.a
INCLUDE[engines/ossltest]=include
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
A few notes worth mentioning:
LIBS may be used to declare routine libraries only.
PROGRAMS may be used to declare programs only.
ENGINES may be used to declare engines only.
The indexes for SOURCE must only be end product files, such as
libraries, programs or engines. The values of SOURCE variables must
only be source files (possibly generated).
INCLUDE and DEPEND shows a relationship between different files
(usually produced files) or between files and directories, such as a
program depending on a library, or between an object file and some
extra source file.
When Configure processes the build.info files, it will take it as
truth without question, and will therefore perform very few checks.
If the build tree is separate from the source tree, it will assume
that all built files and up in the build directory and that all source
files are to be found in the source tree, if they can be found there.
Configure will assume that source files that can't be found in the
source tree (such as 'crypto/bildinf.h' in the example above) are
generated and will be found in the build tree.
The %unified_info database
--------------------------
The information in all the build.info get digested by Configure and
collected into the %unified_info database, divided into the following
indexes:
depends => a hash table containing 'file' => [ 'dependency' ... ]
pairs. These are directly inferred from the DEPEND
variables in build.info files.
engines => a list of engines. These are directly inferred from
the ENGINES variable in build.info files.
generate => a hash table containing 'file' => [ 'generator' ... ]
pairs. These are directly inferred from the GENERATE
variables in build.info files.
includes => a hash table containing 'file' => [ 'include' ... ]
pairs. These are directly inferred from the INCLUDE
variables in build.info files.
install => a hash table containing 'type' => [ 'file' ... ] pairs.
The types are 'programs', 'libraries', 'engines' and
'scripts', and the array of files list the files of
that type that should be installed.
libraries => a list of libraries. These are directly inferred from
the LIBS variable in build.info files.
programs => a list of programs. These are directly inferred from
the PROGRAMS variable in build.info files.
rawlines => a list of build-file lines. These are a direct copy of
the BEGINRAW..ENDRAW lines in build.info files. Note:
only the BEGINRAW..ENDRAW section for the current
platform are copied, the rest are ignored.
scripts => a list of scripts. There are directly inferred from
the SCRIPTS variable in build.info files.
sources => a hash table containing 'file' => [ 'sourcefile' ... ]
pairs. These are indirectly inferred from the SOURCE
variables in build.info files. Object files are
mentioned in this hash table, with source files from
SOURCE variables, and AS source files for programs and
libraries.
shared_sources =>
a hash table just like 'sources', but only as source
files (object files) for building shared libraries.
As an example, here is how the build.info files example from the
section above would be digested into a %unified_info table:
our %unified_info = (
"depends" =>
{
"apps/openssl" =>
[
"libssl",
],
"crypto/buildinf.h" =>
[
"Makefile",
],
"crypto/cversion.o" =>
[
"crypto/buildinf.h",
],
"engines/dasync" =>
[
"libcrypto",
],
"engines/ossltest" =>
[
"libcrypto.a",
],
"libssl" =>
[
"libcrypto",
],
"util/mkbuildinf.pl" =>
[
"util/Foo.pm",
],
},
"engines" =>
[
"engines/dasync",
"engines/ossltest",
],
"generate" =>
{
"crypto/buildinf.h" =>
[
"util/mkbuildinf.pl",
"\"\$(CC)",
"\$(CFLAGS)\"",
"\"$(PLATFORM)\"",
],
},
"includes" =>
{
"apps/openssl" =>
[
".",
"include",
],
"engines/ossltest" =>
[
"include"
],
"libcrypto" =>
[
"include",
],
"libssl" =>
[
"include",
],
"util/mkbuildinf.pl" =>
[
"util",
],
}
"install" =>
{
"engines" =>
[
"engines/dasync",
],
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
},
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
"rawlines" =>
[
],
"sources" =>
{
"apps/openssl" =>
[
"apps/openssl.o",
],
"apps/openssl.o" =>
[
"apps/openssl.c",
],
"crypto/aes.o" =>
[
"crypto/aes.c",
],
"crypto/cversion.o" =>
[
"crypto/cversion.c",
],
"crypto/evp.o" =>
[
"crypto/evp.c",
],
"engines/e_dasync.o" =>
[
"engines/e_dasync.c",
],
"engines/dasync" =>
[
"engines/e_dasync.o",
],
"engines/e_ossltest.o" =>
[
"engines/e_ossltest.c",
],
"engines/ossltest" =>
[
"engines/e_ossltest.o",
],
"libcrypto" =>
[
"crypto/aes.c",
"crypto/cversion.c",
"crypto/evp.c",
],
"libssl" =>
[
"ssl/tls.c",
],
"ssl/tls.o" =>
[
"ssl/tls.c",
],
},
);
As can be seen, everything in %unified_info is fairly simple suggest
of information. Still, it tells us that to build all programs, we
must build 'apps/openssl', and to build the latter, we will need to
build all its sources ('apps/openssl.o' in this case) and all the
other things it depends on (such as 'libssl'). All those dependencies
need to be built as well, using the same logic, so to build 'libssl',
we need to build 'ssl/tls.o' as well as 'libcrypto', and to build the
latter...
Build-file templates
--------------------
Build-file templates are essentially build-files (such as Makefile on
Unix) with perl code fragments mixed in. Those perl code fragment
will generate all the configuration dependent data, including all the
rules needed to build end product files and intermediary files alike.
At a minimum, there must be a perl code fragment that defines a set of
functions that are used to generates specific build-file rules, to
build static libraries from object files, to build shared libraries
from static libraries, to programs from object files and libraries,
etc.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file *without*
extension, src2obj() is expected to add that.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files (also *without*
extension) to build this library.
libobj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding static library file
or object files.
called like this:
libobj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the intended library file name *without*
extension, libobj2shlib is expected to add that.
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files (also *without* extension) to build
this library.
This function has a choice; it can use the
corresponding static library as input to make the
shared library, or the list of object files.
obj2dynlib - function that produces build file lines to build a
dynamically loadable library file ("libfoo.so" on
Unix) from object files.
called like this:
obj2dynlib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as libobj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...). The differences
are subtle, one of the most visible ones is that the
resulting shareable library is produced from object
files only.
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files (also
*without* extension) to build this library. 'deps'
has the list of library files (also *without*
extension) that the programs needs to be linked
with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
Along with the build-file templates is the driving engine
Configurations/common.tmpl, which looks through all the information in
%unified_info and generates all the rulesets to build libraries,
programs and all intermediate files, using the rule generating
functions defined in the build-file template.
As an example with the smaller build.info set we've seen as an
example, producing the rules to build 'libcrypto' would result in the
following calls:
# Note: libobj2shlib will only be called if shared libraries are
# to be produced.
# Note 2: libobj2shlib gets both the name of the static library
# and the names of all the object files that go into it. It's up
# to the implementation to decide which to use as input.
# Note 3: common.tmpl peals off the ".o" extension from all object
# files, as the platform at hand may have a different one.
libobj2shlib(shlib => "libcrypto",
lib => "libcrypto",
objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
deps => [ ]);
obj2lib(lib => "libcrypto"
objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);
src2obj(obj => "crypto/aes"
srcs => [ "crypto/aes.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/evp"
srcs => [ "crypto/evp.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/cversion"
srcs => [ "crypto/cversion.c" ],
deps => [ "crypto/buildinf.h" ],
incs => [ "include" ],
intent => "lib");
generatesrc(src => "crypto/buildinf.h",
generator => [ "util/mkbuildinf.pl", "\"$(CC)",
"$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
generator_incs => [ "util" ],
generator_deps => [ "util/Foo.pm" ],
incs => [ ],
deps => [ ],
intent => "lib");
The returned strings from all those calls are then concatenated
together and written to the resulting build-file.

221
trunk/3rdparty/openssl-1.1-fit/Configurations/common.tmpl vendored Normal file
View file

@ -0,0 +1,221 @@
{- # -*- Mode: perl -*-
use File::Basename;
# A cache of objects for which a recipe has already been generated
my %cache;
# resolvedepends and reducedepends work in tandem to make sure
# there are no duplicate dependencies and that they are in the
# right order. This is especially used to sort the list of
# libraries that a build depends on.
sub extensionlesslib {
my @result = map { $_ =~ /(\.a)?$/; $` } @_;
return @result if wantarray;
return $result[0];
}
sub resolvedepends {
my $thing = shift;
my $extensionlessthing = extensionlesslib($thing);
my @listsofar = @_; # to check if we're looping
my @list = @{$unified_info{depends}->{$thing} //
$unified_info{depends}->{$extensionlessthing}};
my @newlist = ();
if (scalar @list) {
foreach my $item (@list) {
my $extensionlessitem = extensionlesslib($item);
# It's time to break off when the dependency list starts looping
next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
push @newlist, $item, resolvedepends($item, @listsofar, $item);
}
}
@newlist;
}
sub reducedepends {
my @list = @_;
my @newlist = ();
my %replace = ();
while (@list) {
my $item = shift @list;
my $extensionlessitem = extensionlesslib($item);
if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
if ($item ne $extensionlessitem) {
# If this instance of the library is explicitly static, we
# prefer that to any shared library name, since it must have
# been done on purpose.
$replace{$extensionlessitem} = $item;
}
} else {
push @newlist, $item;
}
}
map { $replace{$_} // $_; } @newlist;
}
# is_installed checks if a given file will be installed (i.e. they are
# not defined _NO_INST in build.info)
sub is_installed {
my $product = shift;
if (grep { $product eq $_ }
map { (@{$unified_info{install}->{$_}}) }
keys %{$unified_info{install}}) {
return 1;
}
return 0;
}
# dogenerate is responsible for producing all the recipes that build
# generated source files. It recurses in case a dependency is also a
# generated source file.
sub dogenerate {
my $src = shift;
return "" if $cache{$src};
my $obj = shift;
my $bin = shift;
my %opts = @_;
if ($unified_info{generate}->{$src}) {
die "$src is generated by Configure, should not appear in build file\n"
if ref $unified_info{generate}->{$src} eq "";
my $script = $unified_info{generate}->{$src}->[0];
$OUT .= generatesrc(src => $src,
generator => $unified_info{generate}->{$src},
generator_incs => $unified_info{includes}->{$script},
generator_deps => $unified_info{depends}->{$script},
deps => $unified_info{depends}->{$src},
incs => $unified_info{includes}->{$obj},
%opts);
foreach (@{$unified_info{depends}->{$src}}) {
dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$src} = 1;
}
# doobj is responsible for producing all the recipes that build
# object files as well as dependency files.
sub doobj {
my $obj = shift;
return "" if $cache{$obj};
my $bin = shift;
my %opts = @_;
if (@{$unified_info{sources}->{$obj}}) {
$OUT .= src2obj(obj => $obj,
product => $bin,
srcs => $unified_info{sources}->{$obj},
deps => $unified_info{depends}->{$obj},
incs => $unified_info{includes}->{$obj},
%opts);
foreach ((@{$unified_info{sources}->{$obj}},
@{$unified_info{depends}->{$obj}})) {
dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$obj} = 1;
}
# dolib is responsible for building libraries. It will call
# libobj2shlib is shared libraries are produced, and obj2lib in all
# cases. It also makes sure all object files for the library are
# built.
sub dolib {
my $lib = shift;
return "" if $cache{$lib};
unless ($disabled{shared} || $lib =~ /\.a$/) {
$OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib},
lib => $lib,
objs => [ @{$unified_info{shared_sources}->{$lib}},
@{$unified_info{sources}->{$lib}} ],
deps => [ reducedepends(resolvedepends($lib)) ],
installed => is_installed($lib));
foreach ((@{$unified_info{shared_sources}->{$lib}},
@{$unified_info{sources}->{$lib}})) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $unified_info{sources}->{$_}) {
doobj($_, $lib, intent => "lib", installed => is_installed($lib));
} else {
dogenerate($_, undef, undef, intent => "lib");
}
}
}
$OUT .= obj2lib(lib => $lib,
objs => [ @{$unified_info{sources}->{$lib}} ]);
foreach (@{$unified_info{sources}->{$lib}}) {
doobj($_, $lib, intent => "lib", installed => is_installed($lib));
}
$cache{$lib} = 1;
}
# doengine is responsible for building engines. It will call
# obj2dso, and also makes sure all object files for the library
# are built.
sub doengine {
my $lib = shift;
return "" if $cache{$lib};
$OUT .= obj2dso(lib => $lib,
objs => [ @{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}} ],
deps => [ resolvedepends($lib) ],
installed => is_installed($lib));
foreach ((@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}})) {
doobj($_, $lib, intent => "dso", installed => is_installed($lib));
}
$cache{$lib} = 1;
}
# dobin is responsible for building programs. It will call obj2bin,
# and also makes sure all object files for the library are built.
sub dobin {
my $bin = shift;
return "" if $cache{$bin};
my $deps = [ reducedepends(resolvedepends($bin)) ];
$OUT .= obj2bin(bin => $bin,
objs => [ @{$unified_info{sources}->{$bin}} ],
deps => $deps,
installed => is_installed($bin));
foreach (@{$unified_info{sources}->{$bin}}) {
doobj($_, $bin, intent => "bin", installed => is_installed($bin));
}
$cache{$bin} = 1;
}
# dobin is responsible for building scripts from templates. It will
# call in2script.
sub doscript {
my $script = shift;
return "" if $cache{$script};
$OUT .= in2script(script => $script,
sources => $unified_info{sources}->{$script},
installed => is_installed($script));
$cache{$script} = 1;
}
sub dodir {
my $dir = shift;
return "" if !exists(&generatedir) or $cache{$dir};
$OUT .= generatedir(dir => $dir,
deps => $unified_info{dirinfo}->{$dir}->{deps},
%{$unified_info{dirinfo}->{$_}->{products}});
$cache{$dir} = 1;
}
# Start with populating the cache with all the overrides
%cache = map { $_ => 1 } @{$unified_info{overrides}};
# Build mandatory generated headers
foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
# Build all known libraries, engines, programs and scripts.
# Everything else will be handled as a consequence.
foreach (@{$unified_info{libraries}}) { dolib($_); }
foreach (@{$unified_info{engines}}) { doengine($_); }
foreach (@{$unified_info{programs}}) { dobin($_); }
foreach (@{$unified_info{scripts}}) { doscript($_); }
foreach (sort keys %{$unified_info{dirinfo}}) { dodir($_); }
# Finally, should there be any applicable BEGINRAW/ENDRAW sections,
# they are added here.
$OUT .= $_."\n" foreach @{$unified_info{rawlines}};
-}

31
trunk/3rdparty/openssl-1.1-fit/Configurations/common0.tmpl vendored Normal file
View file

@ -0,0 +1,31 @@
{- # -*- Mode: perl -*-
# Commonly used list of generated files
# The reason for the complexity is that the build.info files provide
# GENERATE rules for *all* platforms without discrimination, while the
# build files only want those for a particular build. Therefore, we
# need to extrapolate exactly what we need to generate. The way to do
# that is to extract all possible source files from diverse tables and
# filter out all that are not generated
my %generatables =
map { $_ => 1 }
( # The sources of stuff may be generated
( map { @{$unified_info{sources}->{$_}} }
keys %{$unified_info{sources}} ),
$disabled{shared}
? ()
: ( map { @{$unified_info{shared_sources}->{$_}} }
keys %{$unified_info{shared_sources}} ),
# Things we explicitly depend on are usually generated
( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
keys %{$unified_info{depends}} ));
our @generated =
sort ( ( grep { defined $unified_info{generate}->{$_} }
sort keys %generatables ),
# Scripts are assumed to be generated, so add thhem too
( grep { defined $unified_info{sources}->{$_} }
@{$unified_info{scripts}} ) );
# Avoid strange output
"";
-}

1125
trunk/3rdparty/openssl-1.1-fit/Configurations/descrip.mms.tmpl vendored Normal file
View file

File diff suppressed because it is too large Load diff

82
trunk/3rdparty/openssl-1.1-fit/Configurations/shared-info.pl vendored Normal file
View file

@ -0,0 +1,82 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This is a collection of extra attributes to be used as input for creating
# shared libraries, currently on any Unix variant, including Unix like
# environments on Windows.
sub detect_gnu_ld {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`;
return grep /^GNU ld/, @lines;
}
sub detect_gnu_cc {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -v 2>&1`;
return grep /gcc/, @lines;
}
my %shared_info;
%shared_info = (
'gnu-shared' => {
shared_ldflag => '-shared -Wl,-Bsymbolic',
shared_sonameflag => '-Wl,-soname=',
},
'linux-shared' => sub {
return {
%{$shared_info{'gnu-shared'}},
shared_defflag => '-Wl,--version-script=',
};
},
'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
'bsd-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => '-shared -nostdlib',
};
},
'darwin-shared' => {
module_ldflags => '-bundle',
shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
shared_sonameflag => '-install_name $(INSTALLTOP)/$(LIBDIR)/',
},
'cygwin-shared' => {
shared_ldflag => '-shared -Wl,--enable-auto-image-base',
shared_impflag => '-Wl,--out-implib=',
},
'mingw-shared' => sub {
return {
%{$shared_info{'cygwin-shared'}},
# def_flag made to empty string so it still generates
# something
shared_defflag => '',
};
},
'alpha-osf1-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
module_ldflags => '-shared -Wl,-Bsymbolic',
shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)',
};
},
'svr3-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => '-G',
shared_sonameflag => '-h ',
};
},
'svr5-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => detect_gnu_cc() ? '-shared' : '-G',
shared_sonameflag => '-h ',
};
},
);

1253
trunk/3rdparty/openssl-1.1-fit/Configurations/unix-Makefile.tmpl vendored Normal file
View file

File diff suppressed because it is too large Load diff

22
trunk/3rdparty/openssl-1.1-fit/Configurations/unix-checker.pm vendored Normal file
View file

@ -0,0 +1,22 @@
#! /usr/bin/perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (rel2abs('.') !~ m|/|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Unix like paths (with forward slash
directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

22
trunk/3rdparty/openssl-1.1-fit/Configurations/windows-checker.pm vendored Normal file
View file

@ -0,0 +1,22 @@
#! /usr/bin/perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Windows like paths (with backward
slash directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

760
trunk/3rdparty/openssl-1.1-fit/Configurations/windows-makefile.tmpl vendored Normal file
View file

@ -0,0 +1,760 @@
##
## Makefile for OpenSSL
##
## {- join("\n## ", @autowarntext) -}
{-
our $objext = $target{obj_extension} || ".obj";
our $resext = $target{res_extension} || ".res";
our $depext = $target{dep_extension} || ".d";
our $exeext = $target{exe_extension} || ".exe";
our $libext = $target{lib_extension} || ".lib";
our $shlibext = $target{shared_extension} || ".dll";
our $shlibextimport = $target{shared_import_extension} || ".lib";
our $dsoext = $target{dso_extension} || ".dll";
(our $sover_dirname = $config{shlib_version_number}) =~ s|\.|_|g;
my $build_scheme = $target{build_scheme};
my $install_flavour = $build_scheme->[$#$build_scheme]; # last element
my $win_installenv =
$install_flavour eq "VC-WOW" ? "ProgramFiles(x86)"
: "ProgramW6432";
my $win_commonenv =
$install_flavour eq "VC-WOW" ? "CommonProgramFiles(x86)"
: "CommonProgramW6432";
our $win_installroot =
defined($ENV{$win_installenv}) ? $win_installenv : 'ProgramFiles';
our $win_commonroot =
defined($ENV{$win_commonenv}) ? $win_commonenv : 'CommonProgramFiles';
# expand variables early
$win_installroot = $ENV{$win_installroot};
$win_commonroot = $ENV{$win_commonroot};
sub shlib {
my $lib = shift;
return () if $disabled{shared} || $lib =~ /\.a$/;
return () unless defined $unified_info{sharednames}->{$lib};
return $unified_info{sharednames}->{$lib} . $shlibext;
}
sub lib {
(my $lib = shift) =~ s/\.a$//;
$lib .= '_static'
if (defined $unified_info{sharednames}->{$lib});
return $lib . $libext;
}
sub shlib_import {
my $lib = shift;
return () if $disabled{shared} || $lib =~ /\.a$/;
return $lib . $shlibextimport;
}
sub dso {
my $dso = shift;
return $dso . $dsoext;
}
# This makes sure things get built in the order they need
# to. You're welcome.
sub dependmagic {
my $target = shift;
return "$target: build_generated\n\t\$(MAKE) /\$(MAKEFLAGS) depend && \$(MAKE) /\$(MAKEFLAGS) _$target\n_$target";
}
'';
-}
PLATFORM={- $config{target} -}
SRCDIR={- $config{sourcedir} -}
BLDDIR={- $config{builddir} -}
VERSION={- $config{version} -}
MAJOR={- $config{major} -}
MINOR={- $config{minor} -}
SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
LIBS={- join(" ", map { ( shlib_import($_), lib($_) ) } @{$unified_info{libraries}}) -}
SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -}
PROGRAMS={- our @PROGRAMS = map { $_.$exeext } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
{- output_off() if $disabled{makedepend}; "" -}
DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
keys %{$unified_info{sources}}); -}
{- output_on() if $disabled{makedepend}; "" -}
GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
GENERATED={- # common0.tmpl provides @generated
join(" ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; $x }
@generated) -}
INSTALL_LIBS={- join(" ", map { quotify1(shlib_import($_) or lib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(" ", map { quotify1($_.$exeext) } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
INSTALL_PROGRAMPDBS={- join(" ", map { quotify1($_.".pdb") } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS="$(BLDDIR)\tools\c_rehash.pl"
MISC_SCRIPTS="$(BLDDIR)\apps\CA.pl" "$(BLDDIR)\apps\tsget.pl"
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
"\"".catfile("apps","openssl")."\"" -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
#
use File::Spec::Functions qw(:DEFAULT splitpath);
our $prefix = canonpath($config{prefix}
|| "$win_installroot\\OpenSSL");
our ($prefix_dev, $prefix_dir, $prefix_file) =
splitpath($prefix, 1);
$prefix_dev -}
INSTALLTOP_dir={- canonpath($prefix_dir) -}
OPENSSLDIR_dev={- #
# The logic here is that if no --openssldir was given,
# OPENSSLDIR will get the value "$win_commonroot\\SSL".
# If --openssldir was given and the value is an absolute
# path, OPENSSLDIR will get its value without change.
# If the value from --openssldir is a relative path,
# OPENSSLDIR will get $prefix with the --openssldir
# value appended as a subdirectory.
#
use File::Spec::Functions qw(:DEFAULT splitpath);
our $openssldir =
$config{openssldir} ?
(file_name_is_absolute($config{openssldir}) ?
canonpath($config{openssldir})
: catdir($prefix, $config{openssldir}))
: canonpath("$win_commonroot\\SSL");
our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
splitpath($openssldir, 1);
$openssldir_dev -}
OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
LIBDIR={- our $libdir = $config{libdir} || "lib";
file_name_is_absolute($libdir) ? "" : $libdir -}
ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
our $enginesdir = catdir($prefix,$libdir,"engines-$sover_dirname");
our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
splitpath($enginesdir, 1);
$enginesdir_dev -}
ENGINESDIR_dir={- canonpath($enginesdir_dir) -}
!IF "$(DESTDIR)" != ""
INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir)
OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir)
ENGINESDIR=$(DESTDIR)$(ENGINESDIR_dir)
!ELSE
INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir)
OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir)
ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir)
!ENDIF
# $(libdir) is chosen to be compatible with the GNU coding standards
libdir={- file_name_is_absolute($libdir)
? $libdir : '$(INSTALLTOP)\$(LIBDIR)' -}
##### User defined commands and flags ################################
CC={- $config{CC} -}
CPP={- $config{CPP} -}
CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}),
(map { " /I ".$_} @{$config{CPPINCLUDES}}),
@{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
LD={- $config{LD} -}
LDFLAGS={- join(' ', @{$config{LDFLAGS}}) -}
EX_LIBS={- join(' ', @{$config{LDLIBS}}) -}
PERL={- $config{PERL} -}
AR={- $config{AR} -}
ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -}
MT={- $config{MT} -}
MTFLAGS= {- join(' ', @{$config{MTFLAGS}}) -}
AS={- $config{AS} -}
ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -}
RC={- $config{RC} -}
ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl"
##### Special command flags ##########################################
COUTFLAG={- $target{coutflag} -}$(OSSL_EMPTY)
LDOUTFLAG={- $target{ldoutflag} -}$(OSSL_EMPTY)
AROUTFLAG={- $target{aroutflag} -}$(OSSL_EMPTY)
MTINFLAG={- $target{mtinflag} -}$(OSSL_EMPTY)
MTOUTFLAG={- $target{mtoutflag} -}$(OSSL_EMPTY)
ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
RCOUTFLAG={- $target{rcoutflag} -}$(OSSL_EMPTY)
##### Project flags ##################################################
# Variables starting with CNF_ are common variables for all product types
CNF_ASFLAGS={- join(' ', $target{asflags} || (),
@{$config{asflags}}) -}
CNF_CPPFLAGS={- our $cppfags2 =
join(' ', $target{cppflags} || (),
(map { '-D'.quotify1($_) } @{$target{defines}},
@{$config{defines}}),
(map { '-I'.quotify1($_) } @{$target{includes}},
@{$config{includes}}),
@{$config{cppflags}}) -}
CNF_CFLAGS={- join(' ', $target{cflags} || (),
@{$config{cflags}}) -}
CNF_CXXFLAGS={- join(' ', $target{cxxflags} || (),
@{$config{cxxflags}}) -}
CNF_LDFLAGS={- join(' ', $target{lflags} || (),
@{$config{lflags}}) -}
CNF_EX_LIBS={- join(' ', $target{ex_libs} || (),
@{$config{ex_libs}}) -}
# Variables starting with LIB_ are used to build library object files
# and shared libraries.
# Variables starting with DSO_ are used to build DSOs and their object files.
# Variables starting with BIN_ are used to build programs and their object
# files.
LIB_ASFLAGS={- join(' ', $target{lib_asflags} || (),
@{$config{lib_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
LIB_CPPFLAGS={- our $lib_cppflags =
join(' ', $target{lib_cppflags} || (),
$target{shared_cppflag} || (),
(map { '-D'.quotify1($_) }
@{$target{lib_defines}},
@{$target{shared_defines}},
@{$config{lib_defines}},
@{$config{shared_defines}}),
(map { '-I'.quotify1($_) }
@{$target{lib_includes}},
@{$target{shared_includes}},
@{$config{lib_includes}},
@{$config{shared_includes}}),
@{$config{lib_cppflags}},
@{$config{shared_cppflag}});
join(' ', $lib_cppflags,
(map { '-D'.quotify1($_) }
"OPENSSLDIR=\"$openssldir\"",
"ENGINESDIR=\"$enginesdir\""),
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
LIB_CFLAGS={- join(' ', $target{lib_cflags} || (),
$target{shared_cflag} || (),
@{$config{lib_cflags}},
@{$config{shared_cflag}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (),
$config{shared_ldflag} || (),
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (),
$target{module_asflags} || (),
@{$config{dso_asflags}},
@{$config{module_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (),
$target{module_cppflags} || (),
@{$config{dso_cppflags}},
@{$config{module_cppflags}},
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
DSO_CFLAGS={- join(' ', $target{dso_cflags} || (),
$target{module_cflags} || (),
@{$config{dso_cflags}},
@{$config{module_cflags}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
DSO_LDFLAGS={- join(' ', $target{dso_lflags} || (),
$target{module_ldflags} || (),
@{$config{dso_lflags}},
@{$config{module_ldflags}},
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
BIN_ASFLAGS={- join(' ', $target{bin_asflags} || (),
@{$config{bin_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (),
@{$config{bin_cppflags}},
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
BIN_CFLAGS={- join(' ', $target{bin_cflags} || (),
@{$config{bin_cflags}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
@{$config{bin_lflags}},
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
$cppflags2 =~ s|([\\"])|\\$1|g;
join(' ', $lib_cppflags || (), $cppflags2 || (),
$cppflags1 || ()) -}
PERLASM_SCHEME= {- $target{perlasm_scheme} -}
PROCESSOR= {- $config{processor} -}
# The main targets ###################################################
{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep
{- dependmagic('build_libs'); -}: build_libs_nodep
{- dependmagic('build_engines'); -}: build_engines_nodep
{- dependmagic('build_programs'); -}: build_programs_nodep
build_generated: $(GENERATED_MANDATORY)
build_libs_nodep: $(LIBS) {- join(" ",map { shlib_import($_) } @{$unified_info{libraries}}) -}
build_engines_nodep: $(ENGINES)
build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
# Kept around for backward compatibility
build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
@{- output_off() if $disabled{makedepend}; "" -}
@$(ECHO) "Warning: consider configuring with no-makedepend, because if"
@$(ECHO) " target system doesn't have $(PERL),"
@$(ECHO) " then make will fail..."
@{- output_on() if $disabled{makedepend}; "" -}
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
@{- output_off() if $disabled{tests}; "" -}
-mkdir $(BLDDIR)\test\test-runs
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
set RESULT_D=$(BLDDIR)\test\test-runs
set PERL=$(PERL)
set OPENSSL_ENGINES=$(MAKEDIR)\engines
set OPENSSL_DEBUG_MEMORY=on
"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "" -}
list-tests:
@{- output_off() if $disabled{tests}; "" -}
@set SRCTOP=$(SRCDIR)
@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "" -}
install: install_sw install_ssldirs install_docs
uninstall: uninstall_docs uninstall_sw
libclean:
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """{.,apps,test,fuzz}/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb
clean: libclean
{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -}
-del /Q /F $(ENGINES)
-del /Q /F $(SCRIPTS)
-del /Q /F $(GENERATED_MANDATORY)
-del /Q /F $(GENERATED)
-del /Q /S /F *.d *.obj *.pdb *.ilk *.manifest
-del /Q /S /F engines\*.lib engines\*.exp
-del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp
-del /Q /S /F test\*.exp
-rmdir /Q /S test\test-runs
distclean: clean
-del /Q /F configdata.pm
-del /Q /F makefile
depend:
@ {- output_off() if $disabled{makedepend}; "" -}
@ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "VC"
@ {- output_on() if $disabled{makedepend}; "" -}
# Install helper targets #############################################
install_sw: install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
install_docs: install_html_docs
uninstall_docs: uninstall_html_docs
install_ssldirs:
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\misc"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
"$(OPENSSLDIR)\openssl.cnf.dist"
@IF NOT EXIST "$(OPENSSLDIR)\openssl.cnf" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
"$(OPENSSLDIR)\openssl.cnf"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
"$(OPENSSLDIR)\misc"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
"$(OPENSSLDIR)\ct_log_list.cnf.dist"
@IF NOT EXIST "$(OPENSSLDIR)\ct_log_list.cnf" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
"$(OPENSSLDIR)\ct_log_list.cnf"
install_dev: install_runtime_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing development files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
"$(INSTALLTOP)\include\openssl"
@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
"$(SRCDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(libdir)"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) "$(libdir)"
@if "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb "$(libdir)"
uninstall_dev:
install_engines: install_runtime_libs build_engines
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing engines"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINEPDBS) "$(ENGINESDIR)"
uninstall_engines:
install_runtime: install_programs
install_runtime_libs: build_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing runtime libraries"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
"$(INSTALLTOP)\bin"
install_programs: install_runtime_libs build_programs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing runtime programs"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
"$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
"$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BIN_SCRIPTS) \
"$(INSTALLTOP)\bin"
uninstall_runtime:
install_html_docs:
"$(PERL)" "$(SRCDIR)\util\process_docs.pl" \
"--destdir=$(INSTALLTOP)\html" --type=html
uninstall_html_docs:
# Building targets ###################################################
configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@$(ECHO) "Detected changed: $?"
"$(PERL)" configdata.pm -r
@$(ECHO) "**************************************************"
@$(ECHO) "*** ***"
@$(ECHO) "*** Please run the same make command again ***"
@$(ECHO) "*** ***"
@$(ECHO) "**************************************************"
@exit 1
reconfigure reconf:
"$(PERL)" configdata.pm -r
{-
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
# Helper function to figure out dependencies on libraries
# It takes a list of library names and outputs a list of dependencies
sub compute_lib_depends {
if ($disabled{shared}) {
return map { lib($_) } @_;
}
return map { shlib_import($_) or lib($_) } @_;
}
sub generatesrc {
my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/;
my ($gen0, @gens) = @{$args{generator}};
my $generator = '"'.$gen0.'"'.join('', map { " $_" } @gens);
my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}});
my $incs = join("", map { " /I \"$_\"" } @{$args{incs}});
my $deps = @{$args{deps}} ?
'"'.join('" "', @{$args{generator_deps}}, @{$args{deps}}).'"' : '';
if ($target !~ /\.asm$/) {
if ($args{generator}->[0] =~ m|^.*\.in$|) {
my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "dofile.pl")),
rel2abs($config{builddir}));
return <<"EOF";
$target: "$args{generator}->[0]" $deps
"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
"-o$target{build_file}" $generator > \$@
EOF
} else {
return <<"EOF";
$target: "$args{generator}->[0]" $deps
"\$(PERL)"$generator_incs $generator > \$@
EOF
}
} else {
if ($args{generator}->[0] =~ /\.pl$/) {
$generator = '"$(PERL)"'.$generator_incs.' '.$generator;
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
die "Generator type for $src unknown: $generator\n";
}
my $cppflags = $incs;
$cppflags .= {
lib => ' $(LIB_CFLAGS) $(LIB_CPPFLAGS)',
dso => ' $(DSO_CFLAGS) $(DSO_CPPFLAGS)',
bin => ' $(BIN_CFLAGS) $(BIN_CPPFLAGS)'
} -> {$args{intent}};
if (defined($generator)) {
# If the target is named foo.S in build.info, we want to
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
return <<"EOF";
$target: "$args{generator}->[0]" $deps
set ASM=\$(AS)
$generator \$@.S
\$(CPP) $cppflags \$@.S > \$@.i && move /Y \$@.i \$@
del /Q \$@.S
EOF
}
# Otherwise....
return <<"EOF";
$target: "$args{generator}->[0]" $deps
set ASM=\$(AS)
$generator \$@
EOF
}
return <<"EOF";
$target: "$args{generator}->[0]" $deps
\$(CPP) $incs $cppflags "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@
EOF
}
}
sub src2obj {
my %args = @_;
my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
} ( @{$args{srcs}} );
my $srcs = '"'.join('" "', @srcs).'"';
my $deps = '"'.join('" "', @srcs, @{$args{deps}}).'"';
my $incs = join("", map { ' /I "'.$_.'"' } @{$args{incs}});
my $cflags = { lib => ' $(LIB_CFLAGS)',
dso => ' $(DSO_CFLAGS)',
bin => ' $(BIN_CFLAGS)' } -> {$args{intent}};
$cflags .= $incs;
$cflags .= { lib => ' $(LIB_CPPFLAGS)',
dso => ' $(DSO_CPPFLAGS)',
bin => ' $(BIN_CPPFLAGS)' } -> {$args{intent}};
my $asflags = { lib => ' $(LIB_ASFLAGS)',
dso => ' $(DSO_ASFLAGS)',
bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
my $makedepprog = $config{makedepprog};
if ($srcs[0] =~ /\.rc$/) {
return <<"EOF";
$args{obj}: $deps
\$(RC) \$(RCOUTFLAG)\$\@ $srcs
EOF
}
(my $obj = $args{obj}) =~ s|\.o$||;
if ($srcs[0] =~ /\.asm$/) {
return <<"EOF";
$obj$objext: $deps
\$(AS) $asflags \$(ASOUTFLAG)\$\@ $srcs
EOF
} elsif ($srcs[0] =~ /.S$/) {
return <<"EOF";
$obj$objext: $deps
\$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm
EOF
}
my $recipe = <<"EOF";
$obj$objext: $deps
\$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
EOF
$recipe .= <<"EOF" unless $disabled{makedepend};
\$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
EOF
return $recipe;
}
# We *know* this routine is only called when we've configure 'shared'.
# Also, note that even though the import library built here looks like
# a static library, it really isn't.
sub libobj2shlib {
my %args = @_;
my $lib = $args{lib};
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x }
grep { $_ =~ m/\.(?:o|res)$/ }
@{$args{objs}};
my @defs = grep { $_ =~ /\.def$/ } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
die "More than one exported symbols list" if scalar @defs > 1;
my $linklibs = join("", map { "$_\n" } @deps);
my $objs = join("\n", @objs);
my $deps = join(" ", @objs, @defs, @deps);
my $import = shlib_import($lib);
my $dll = shlib($lib);
my $shared_def = join("", map { " /def:$_" } @defs);
return <<"EOF"
# The import library may look like a static library, but it is not.
# We MUST make the import library depend on the DLL, in case someone
# mistakenly removes the latter.
$import: $dll
$dll: $deps
IF EXIST $full.manifest DEL /F /Q $full.manifest
IF EXIST \$@ DEL /F /Q \$@
\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
/implib:$import \$(LDOUTFLAG)$dll$shared_def @<< || (DEL /Q \$(\@B).* $import && EXIT 1)
$objs
$linklibs\$(LIB_EX_LIBS)
<<
IF EXIST $dll.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$dll.manifest \$(MTOUTFLAG)$dll
IF EXIST apps\\$dll DEL /Q /F apps\\$dll
IF EXIST test\\$dll DEL /Q /F test\\$dll
IF EXIST fuzz\\$dll DEL /Q /F fuzz\\$dll
COPY $dll apps
COPY $dll test
COPY $dll fuzz
EOF
}
sub obj2dso {
my %args = @_;
my $dso = $args{lib};
my $dso_n = basename($dso);
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
my $objs = join("\n", @objs);
my $linklibs = join("", map { "$_\n" } @deps);
my $deps = join(" ", @objs, @deps);
return <<"EOF";
$dso$dsoext: $deps
IF EXIST $dso$dsoext.manifest DEL /F /Q $dso$dsoext.manifest
\$(LD) \$(LDFLAGS) \$(DSO_LDFLAGS) \$(LDOUTFLAG)$dso$dsoext /def:<< @<<
LIBRARY $dso_n
EXPORTS
bind_engine @1
v_check @2
<<
$objs
$linklibs \$(DSO_EX_LIBS)
<<
IF EXIST $dso$dsoext.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso$dsoext.manifest \$(MTOUTFLAG)$dso$dsoext
EOF
}
sub obj2lib {
my %args = @_;
my $lib = lib($args{lib});
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
my $objs = join("\n", @objs);
my $deps = join(" ", @objs);
return <<"EOF";
$lib: $deps
\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib @<<
$objs
<<
EOF
}
sub obj2bin {
my %args = @_;
my $bin = $args{bin};
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
my $objs = join("\n", @objs);
my $linklibs = join("", map { "$_\n" } @deps);
my $deps = join(" ", @objs, @deps);
return <<"EOF";
$bin$exeext: $deps
IF EXIST $bin$exeext.manifest DEL /F /Q $bin$exeext.manifest
\$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) \$(LDOUTFLAG)$bin$exeext @<<
$objs
setargv.obj
$linklibs\$(BIN_EX_LIBS)
<<
IF EXIST $bin$exeext.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin$exeext.manifest \$(MTOUTFLAG)$bin$exeext
EOF
}
sub in2script {
my %args = @_;
my $script = $args{script};
my $sources = '"'.join('" "', @{$args{sources}}).'"';
my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "dofile.pl")),
rel2abs($config{builddir}));
return <<"EOF";
$script: $sources
"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
"-o$target{build_file}" $sources > "$script"
EOF
}
sub generatedir {
my %args = @_;
my $dir = $args{dir};
my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
my @actions = ();
my %extinfo = ( dso => $dsoext,
lib => $libext,
bin => $exeext );
# We already have a 'test' target, and the top directory is just plain
# silly
return if $dir eq "test" || $dir eq ".";
foreach my $type (("dso", "lib", "bin", "script")) {
next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
# For lib object files, we could update the library. However,
# LIB on Windows doesn't work that way, so we won't create any
# actions for it, and the dependencies are already taken care of.
if ($type ne "lib") {
foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
if (dirname($prod) eq $dir) {
push @deps, $prod.$extinfo{$type};
}
}
}
}
my $deps = join(" ", @deps);
my $actions = join("\n", "", @actions);
return <<"EOF";
$dir $dir\\ : $deps$actions
EOF
}
"" # Important! This becomes part of the template result.
-}

3519
trunk/3rdparty/openssl-1.1-fit/Configure vendored Executable file
View file

File diff suppressed because it is too large Load diff

125
trunk/3rdparty/openssl-1.1-fit/LICENSE vendored Normal file
View file

@ -0,0 +1,125 @@
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a double license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/

3
trunk/3rdparty/openssl-1.1-fit/README.md vendored Normal file
View file

@ -0,0 +1,3 @@
For openssl-1.1.1b.tar.gz

214
trunk/3rdparty/openssl-1.1-fit/apps/CA.pl.in vendored Normal file
View file

@ -0,0 +1,214 @@
#!{- $config{HASHBANGPERL} -}
# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# Wrapper around the ca to make it easier to use
#
# {- join("\n# ", @autowarntext) -}
use strict;
use warnings;
my $openssl = "openssl";
if(defined $ENV{'OPENSSL'}) {
$openssl = $ENV{'OPENSSL'};
} else {
$ENV{'OPENSSL'} = $openssl;
}
my $verbose = 1;
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
my $DAYS = "-days 365";
my $CADAYS = "-days 1095"; # 3 years
my $REQ = "$openssl req $OPENSSL_CONFIG";
my $CA = "$openssl ca $OPENSSL_CONFIG";
my $VERIFY = "$openssl verify";
my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
# default openssl.cnf file has setup as per the following
my $CATOP = "./demoCA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
my $CACRL = "crl.pem";
my $DIRMODE = 0777;
my $NEWKEY = "newkey.pem";
my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
my $NEWP12 = "newcert.p12";
my $RET = 0;
my $WHAT = shift @ARGV || "";
my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
my %EXTRA = extra_args(\@ARGV, "-extra-");
my $FILE;
sub extra_args {
my ($args_ref, $arg_prefix) = @_;
my %eargs = map {
if ($_ < $#$args_ref) {
my ($arg, $value) = splice(@$args_ref, $_, 2);
$arg =~ s/$arg_prefix//;
($arg, $value);
} else {
();
}
} reverse grep($$args_ref[$_] =~ /$arg_prefix/, 0..$#$args_ref);
my %empty = map { ($_, "") } @OPENSSL_CMDS;
return (%empty, %eargs);
}
# See if reason for a CRL entry is valid; exit if not.
sub crl_reason_ok
{
my $r = shift;
if ($r eq 'unspecified' || $r eq 'keyCompromise'
|| $r eq 'CACompromise' || $r eq 'affiliationChanged'
|| $r eq 'superseded' || $r eq 'cessationOfOperation'
|| $r eq 'certificateHold' || $r eq 'removeFromCRL') {
return 1;
}
print STDERR "Invalid CRL reason; must be one of:\n";
print STDERR " unspecified, keyCompromise, CACompromise,\n";
print STDERR " affiliationChanged, superseded, cessationOfOperation\n";
print STDERR " certificateHold, removeFromCRL";
exit 1;
}
# Copy a PEM-format file; return like exit status (zero means ok)
sub copy_pemfile
{
my ($infile, $outfile, $bound) = @_;
my $found = 0;
open IN, $infile || die "Cannot open $infile, $!";
open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
while (<IN>) {
$found = 1 if /^-----BEGIN.*$bound/;
print OUT $_ if $found;
$found = 2, last if /^-----END.*$bound/;
}
close IN;
close OUT;
return $found == 2 ? 0 : 1;
}
# Wrapper around system; useful for debugging. Returns just the exit status
sub run
{
my $cmd = shift;
print "====\n$cmd\n" if $verbose;
my $status = system($cmd);
print "==> $status\n====\n" if $verbose;
return $status >> 8;
}
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n";
print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n";
print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n";
print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n";
exit 0;
}
if ($WHAT eq '-newcert' ) {
# create a certificate
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS $EXTRA{req}");
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-precert' ) {
# create a pre-certificate
$RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS");
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
# create a certificate request
$RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newca' ) {
# create the directory hierarchy
mkdir ${CATOP}, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
# ask user for existing CA certificate
print "CA certificate filename (or enter to create)\n";
$FILE = "" unless defined($FILE = <STDIN>);
$FILE =~ s{\R$}{};
if ($FILE ne "") {
copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
} else {
print "Making CA certificate ...\n";
$RET = run("$REQ -new -keyout"
. " ${CATOP}/private/$CAKEY"
. " -out ${CATOP}/$CAREQ $EXTRA{req}");
$RET = run("$CA -create_serial"
. " -out ${CATOP}/$CACERT $CADAYS -batch"
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
. " -extensions v3_ca $EXTRA{ca}"
. " -infiles ${CATOP}/$CAREQ") if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
. " -certfile ${CATOP}/$CACERT"
. " -out $NEWP12"
. " -export -name \"$cname\" $EXTRA{pkcs12}");
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
$RET = run("$CA -policy policy_anything $EXTRA{ca} -infiles $NEWREQ");
} elsif ($WHAT eq '-sign' ) {
$RET = run("$CA -policy policy_anything -out $NEWCERT $EXTRA{ca} -infiles $NEWREQ");
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
$RET = run("$CA -policy policy_anything -out $NEWCERT"
. " -extensions v3_ca $EXTRA{ca} -infiles $NEWREQ");
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
. " -out tmp.pem $EXTRA{x509}");
$RET = run("$CA -policy policy_anything -out $NEWCERT"
. "$EXTRA{ca} -infiles tmp.pem") if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
my $file;
foreach $file (@files) {
my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[0];
if (!defined $cname) {
print "Certificate filename is required; reason optional.\n";
exit 1;
}
my $reason = $ARGV[1];
$reason = " -crl_reason $reason"
if defined $reason && crl_reason_ok($reason);
$RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
} else {
print STDERR "Unknown arg \"$WHAT\"\n";
print STDERR "Use -help for help.\n";
exit 1;
}
exit $RET;

93
trunk/3rdparty/openssl-1.1-fit/apps/app_rand.c vendored Normal file
View file

@ -0,0 +1,93 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/conf.h>
static char *save_rand_file;
void app_RAND_load_conf(CONF *c, const char *section)
{
const char *randfile = NCONF_get_string(c, section, "RANDFILE");
if (randfile == NULL) {
ERR_clear_error();
return;
}
if (RAND_load_file(randfile, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
ERR_print_errors(bio_err);
}
if (save_rand_file == NULL)
save_rand_file = OPENSSL_strdup(randfile);
}
static int loadfiles(char *name)
{
char *p;
int last, ret = 1;
for ( ; ; ) {
last = 0;
for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
continue;
if (*p == '\0')
last = 1;
*p = '\0';
if (RAND_load_file(name, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", name);
ERR_print_errors(bio_err);
ret = 0;
}
if (last)
break;
name = p + 1;
if (*name == '\0')
break;
}
return ret;
}
void app_RAND_write(void)
{
if (save_rand_file == NULL)
return;
if (RAND_write_file(save_rand_file) == -1) {
BIO_printf(bio_err, "Cannot write random bytes:\n");
ERR_print_errors(bio_err);
}
OPENSSL_free(save_rand_file);
save_rand_file = NULL;
}
/*
* See comments in opt_verify for explanation of this.
*/
enum r_range { OPT_R_ENUM };
int opt_rand(int opt)
{
switch ((enum r_range)opt) {
case OPT_R__FIRST:
case OPT_R__LAST:
break;
case OPT_R_RAND:
return loadfiles(opt_arg());
break;
case OPT_R_WRITERAND:
OPENSSL_free(save_rand_file);
save_rand_file = OPENSSL_strdup(opt_arg());
break;
}
return 1;
}

2752
trunk/3rdparty/openssl-1.1-fit/apps/apps.c vendored Normal file
View file

File diff suppressed because it is too large Load diff

634
trunk/3rdparty/openssl-1.1-fit/apps/apps.h vendored Normal file
View file

@ -0,0 +1,634 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_APPS_H
# define HEADER_APPS_H
# include "e_os.h" /* struct timeval for DTLS */
# include "internal/nelem.h"
# include <assert.h>
# include <sys/types.h>
# ifndef OPENSSL_NO_POSIX_IO
# include <sys/stat.h>
# include <fcntl.h>
# endif
# include <openssl/e_os2.h>
# include <openssl/ossl_typ.h>
# include <openssl/bio.h>
# include <openssl/x509.h>
# include <openssl/conf.h>
# include <openssl/txt_db.h>
# include <openssl/engine.h>
# include <openssl/ocsp.h>
# include <signal.h>
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
# else
# define openssl_fdset(a,b) FD_SET(a, b)
# endif
/*
* quick macro when you need to pass an unsigned char instead of a char.
* this is true for some implementations of the is*() functions, for
* example.
*/
#define _UC(c) ((unsigned char)(c))
void app_RAND_load_conf(CONF *c, const char *section);
void app_RAND_write(void);
extern char *default_config_file;
extern BIO *bio_in;
extern BIO *bio_out;
extern BIO *bio_err;
extern const unsigned char tls13_aes128gcmsha256_id[];
extern const unsigned char tls13_aes256gcmsha384_id[];
extern BIO_ADDR *ourpeer;
BIO_METHOD *apps_bf_prefix(void);
/*
* The control used to set the prefix with BIO_ctrl()
* We make it high enough so the chance of ever clashing with the BIO library
* remains unlikely for the foreseeable future and beyond.
*/
#define PREFIX_CTRL_SET_PREFIX (1 << 15)
/*
* apps_bf_prefix() returns a dynamically created BIO_METHOD, which we
* need to destroy at some point. When created internally, it's stored
* in an internal pointer which can be freed with the following function
*/
void destroy_prefix_method(void);
BIO *dup_bio_in(int format);
BIO *dup_bio_out(int format);
BIO *dup_bio_err(int format);
BIO *bio_open_owner(const char *filename, int format, int private);
BIO *bio_open_default(const char *filename, char mode, int format);
BIO *bio_open_default_quiet(const char *filename, char mode, int format);
CONF *app_load_config_bio(BIO *in, const char *filename);
CONF *app_load_config(const char *filename);
CONF *app_load_config_quiet(const char *filename);
int app_load_modules(const CONF *config);
void unbuffer(FILE *fp);
void wait_for_async(SSL *s);
# if defined(OPENSSL_SYS_MSDOS)
int has_stdin_waiting(void);
# endif
void corrupt_signature(const ASN1_STRING *signature);
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
int days);
/*
* Common verification options.
*/
# define OPT_V_ENUM \
OPT_V__FIRST=2000, \
OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
OPT_V__LAST
# define OPT_V_OPTIONS \
{ "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
{ "purpose", OPT_V_PURPOSE, 's', \
"certificate chain purpose"}, \
{ "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
{ "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
"chain depth limit" }, \
{ "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
"chain authentication security level" }, \
{ "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
{ "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
"expected peer hostname" }, \
{ "verify_email", OPT_V_VERIFY_EMAIL, 's', \
"expected peer email" }, \
{ "verify_ip", OPT_V_VERIFY_IP, 's', \
"expected peer IP address" }, \
{ "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
"permit unhandled critical extensions"}, \
{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
{ "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
{ "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
"set policy variable require-explicit-policy"}, \
{ "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
"set policy variable inhibit-any-policy"}, \
{ "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
"set policy variable inhibit-policy-mapping"}, \
{ "x509_strict", OPT_V_X509_STRICT, '-', \
"disable certificate compatibility work-arounds"}, \
{ "extended_crl", OPT_V_EXTENDED_CRL, '-', \
"enable extended CRL features"}, \
{ "use_deltas", OPT_V_USE_DELTAS, '-', \
"use delta CRLs"}, \
{ "policy_print", OPT_V_POLICY_PRINT, '-', \
"print policy processing diagnostics"}, \
{ "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
"check root CA self-signatures"}, \
{ "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
"search trust store first (default)" }, \
{ "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
{ "suiteB_128", OPT_V_SUITEB_128, '-', \
"Suite B 128-bit mode allowing 192-bit algorithms"}, \
{ "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
{ "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
"accept chains anchored by intermediate trust-store CAs"}, \
{ "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
{ "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
{ "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
# define OPT_V_CASES \
OPT_V__FIRST: case OPT_V__LAST: break; \
case OPT_V_POLICY: \
case OPT_V_PURPOSE: \
case OPT_V_VERIFY_NAME: \
case OPT_V_VERIFY_DEPTH: \
case OPT_V_VERIFY_AUTH_LEVEL: \
case OPT_V_ATTIME: \
case OPT_V_VERIFY_HOSTNAME: \
case OPT_V_VERIFY_EMAIL: \
case OPT_V_VERIFY_IP: \
case OPT_V_IGNORE_CRITICAL: \
case OPT_V_ISSUER_CHECKS: \
case OPT_V_CRL_CHECK: \
case OPT_V_CRL_CHECK_ALL: \
case OPT_V_POLICY_CHECK: \
case OPT_V_EXPLICIT_POLICY: \
case OPT_V_INHIBIT_ANY: \
case OPT_V_INHIBIT_MAP: \
case OPT_V_X509_STRICT: \
case OPT_V_EXTENDED_CRL: \
case OPT_V_USE_DELTAS: \
case OPT_V_POLICY_PRINT: \
case OPT_V_CHECK_SS_SIG: \
case OPT_V_TRUSTED_FIRST: \
case OPT_V_SUITEB_128_ONLY: \
case OPT_V_SUITEB_128: \
case OPT_V_SUITEB_192: \
case OPT_V_PARTIAL_CHAIN: \
case OPT_V_NO_ALT_CHAINS: \
case OPT_V_NO_CHECK_TIME: \
case OPT_V_ALLOW_PROXY_CERTS
/*
* Common "extended validation" options.
*/
# define OPT_X_ENUM \
OPT_X__FIRST=1000, \
OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
OPT_X_CERTFORM, OPT_X_KEYFORM, \
OPT_X__LAST
# define OPT_X_OPTIONS \
{ "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
{ "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
{ "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
{ "xchain_build", OPT_X_CHAIN_BUILD, '-', \
"build certificate chain for the extended certificates"}, \
{ "xcertform", OPT_X_CERTFORM, 'F', \
"format of Extended certificate (PEM or DER) PEM default " }, \
{ "xkeyform", OPT_X_KEYFORM, 'F', \
"format of Extended certificate's key (PEM or DER) PEM default"}
# define OPT_X_CASES \
OPT_X__FIRST: case OPT_X__LAST: break; \
case OPT_X_KEY: \
case OPT_X_CERT: \
case OPT_X_CHAIN: \
case OPT_X_CHAIN_BUILD: \
case OPT_X_CERTFORM: \
case OPT_X_KEYFORM
/*
* Common SSL options.
* Any changes here must be coordinated with ../ssl/ssl_conf.c
*/
# define OPT_S_ENUM \
OPT_S__FIRST=3000, \
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
OPT_S_PRIORITIZE_CHACHA, \
OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
OPT_S_MINPROTO, OPT_S_MAXPROTO, \
OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
# define OPT_S_OPTIONS \
{"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
{"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
{"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
{"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
{"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
{"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
{"no_ticket", OPT_S_NOTICKET, '-', \
"Disable use of TLS session tickets"}, \
{"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
"Enable use of legacy renegotiation (dangerous)"}, \
{"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
"Disable all renegotiation."}, \
{"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
"Allow initial connection to servers that don't support RI"}, \
{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
"Disallow session resumption on renegotiation"}, \
{"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
"Disallow initial connection to servers that don't support RI"}, \
{"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
"In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
{"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
"Prioritize ChaCha ciphers when preferred by clients"}, \
{"strict", OPT_S_STRICT, '-', \
"Enforce strict certificate checks as per TLS standard"}, \
{"sigalgs", OPT_S_SIGALGS, 's', \
"Signature algorithms to support (colon-separated list)" }, \
{"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
"Signature algorithms to support for client certificate" \
" authentication (colon-separated list)" }, \
{"groups", OPT_S_GROUPS, 's', \
"Groups to advertise (colon-separated list)" }, \
{"curves", OPT_S_CURVES, 's', \
"Groups to advertise (colon-separated list)" }, \
{"named_curve", OPT_S_NAMEDCURVE, 's', \
"Elliptic curve used for ECDHE (server-side only)" }, \
{"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
{"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
{"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
{"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
{"record_padding", OPT_S_RECORD_PADDING, 's', \
"Block size to pad TLS 1.3 records to."}, \
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
"Perform all sorts of protocol violations for testing purposes"}, \
{"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
"Disable TLSv1.3 middlebox compat mode" }
# define OPT_S_CASES \
OPT_S__FIRST: case OPT_S__LAST: break; \
case OPT_S_NOSSL3: \
case OPT_S_NOTLS1: \
case OPT_S_NOTLS1_1: \
case OPT_S_NOTLS1_2: \
case OPT_S_NOTLS1_3: \
case OPT_S_BUGS: \
case OPT_S_NO_COMP: \
case OPT_S_COMP: \
case OPT_S_NOTICKET: \
case OPT_S_SERVERPREF: \
case OPT_S_LEGACYRENEG: \
case OPT_S_LEGACYCONN: \
case OPT_S_ONRESUMP: \
case OPT_S_NOLEGACYCONN: \
case OPT_S_ALLOW_NO_DHE_KEX: \
case OPT_S_PRIORITIZE_CHACHA: \
case OPT_S_STRICT: \
case OPT_S_SIGALGS: \
case OPT_S_CLIENTSIGALGS: \
case OPT_S_GROUPS: \
case OPT_S_CURVES: \
case OPT_S_NAMEDCURVE: \
case OPT_S_CIPHER: \
case OPT_S_CIPHERSUITES: \
case OPT_S_RECORD_PADDING: \
case OPT_S_NO_RENEGOTIATION: \
case OPT_S_MINPROTO: \
case OPT_S_MAXPROTO: \
case OPT_S_DEBUGBROKE: \
case OPT_S_NO_MIDDLEBOX
#define IS_NO_PROT_FLAG(o) \
(o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
|| o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
/*
* Random state options.
*/
# define OPT_R_ENUM \
OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
# define OPT_R_OPTIONS \
{"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
{"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
# define OPT_R_CASES \
OPT_R__FIRST: case OPT_R__LAST: break; \
case OPT_R_RAND: case OPT_R_WRITERAND
/*
* Option parsing.
*/
extern const char OPT_HELP_STR[];
extern const char OPT_MORE_STR[];
typedef struct options_st {
const char *name;
int retval;
/*
* value type: - no value (also the value zero), n number, p positive
* number, u unsigned, l long, s string, < input file, > output file,
* f any format, F der/pem format, E der/pem/engine format identifier.
* l, n and u include zero; p does not.
*/
int valtype;
const char *helpstr;
} OPTIONS;
/*
* A string/int pairing; widely use for option value lookup, hence the
* name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
* the "generic" name STRINT_PAIR.
*/
typedef struct string_int_pair_st {
const char *name;
int retval;
} OPT_PAIR, STRINT_PAIR;
/* Flags to pass into opt_format; see FORMAT_xxx, below. */
# define OPT_FMT_PEMDER (1L << 1)
# define OPT_FMT_PKCS12 (1L << 2)
# define OPT_FMT_SMIME (1L << 3)
# define OPT_FMT_ENGINE (1L << 4)
# define OPT_FMT_MSBLOB (1L << 5)
/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
# define OPT_FMT_NSS (1L << 7)
# define OPT_FMT_TEXT (1L << 8)
# define OPT_FMT_HTTP (1L << 9)
# define OPT_FMT_PVK (1L << 10)
# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
char *opt_progname(const char *argv0);
char *opt_getprog(void);
char *opt_init(int ac, char **av, const OPTIONS * o);
int opt_next(void);
int opt_format(const char *s, unsigned long flags, int *result);
int opt_int(const char *arg, int *result);
int opt_ulong(const char *arg, unsigned long *result);
int opt_long(const char *arg, long *result);
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
defined(INTMAX_MAX) && defined(UINTMAX_MAX)
int opt_imax(const char *arg, intmax_t *result);
int opt_umax(const char *arg, uintmax_t *result);
#else
# define opt_imax opt_long
# define opt_umax opt_ulong
# define intmax_t long
# define uintmax_t unsigned long
#endif
int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
int opt_md(const char *name, const EVP_MD **mdp);
char *opt_arg(void);
char *opt_flag(void);
char *opt_unknown(void);
char **opt_rest(void);
int opt_num_rest(void);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
void opt_help(const OPTIONS * list);
int opt_format_error(const char *s, unsigned long flags);
typedef struct args_st {
int size;
int argc;
char **argv;
} ARGS;
/*
* VMS C only for now, implemented in vms_decc_init.c
* If other C compilers forget to terminate argv with NULL, this function
* can be re-used.
*/
char **copy_argv(int *argc, char *argv[]);
/*
* Win32-specific argv initialization that splits OS-supplied UNICODE
* command line string to array of UTF8-encoded strings.
*/
void win32_utf8argv(int *argc, char **argv[]);
# define PW_MIN_LENGTH 4
typedef struct pw_cb_data {
const void *password;
const char *prompt_info;
} PW_CB_DATA;
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
int setup_ui_method(void);
void destroy_ui_method(void);
const UI_METHOD *get_ui_method(void);
int chopup_args(ARGS *arg, char *buf);
# ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm,
unsigned long lflags);
# endif
void print_bignum_var(BIO *, const BIGNUM *, const char*,
int, unsigned char *);
void print_array(BIO *, const char *, int, const unsigned char *);
int set_nameopt(const char *arg);
unsigned long get_nameopt(void);
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf);
X509 *load_cert(const char *file, int format, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format);
EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, const char *cert_descrip);
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, const char *cert_descrip);
X509_STORE *setup_verify(const char *CAfile, const char *CApath,
int noCAfile, int noCApath);
__owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath, int noCAfile,
int noCApath);
#ifndef OPENSSL_NO_CT
/*
* Sets the file to load the Certificate Transparency log list from.
* If path is NULL, loads from the default file path.
* Returns 1 on success, 0 otherwise.
*/
__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
#endif
ENGINE *setup_engine(const char *engine, int debug);
void release_engine(ENGINE *e);
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
const char *host, const char *path,
const char *port, int use_ssl,
STACK_OF(CONF_VALUE) *headers,
int req_timeout);
# endif
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, const char *str);
# define DB_type 0
# define DB_exp_date 1
# define DB_rev_date 2
# define DB_serial 3 /* index - unique */
# define DB_file 4
# define DB_name 5 /* index - unique when active and not
* disabled */
# define DB_NUMBER 6
# define DB_TYPE_REV 'R' /* Revoked */
# define DB_TYPE_EXP 'E' /* Expired */
# define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */
# define DB_TYPE_SUSP 'S' /* Suspended */
typedef struct db_attr_st {
int unique_subject;
} DB_ATTR;
typedef struct ca_db_st {
DB_ATTR attributes;
TXT_DB *db;
char *dbfname;
# ifndef OPENSSL_NO_POSIX_IO
struct stat dbst;
# endif
} CA_DB;
void* app_malloc(int sz, const char *what);
BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);
int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
ASN1_INTEGER **retai);
int rotate_serial(const char *serialfile, const char *new_suffix,
const char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db);
int save_index(const char *dbfile, const char *suffix, CA_DB *db);
int rotate_index(const char *dbfile, const char *new_suffix,
const char *old_suffix);
void free_index(CA_DB *db);
# define index_name_cmp_noconst(a, b) \
index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
int parse_yesno(const char *str, int def);
X509_NAME *parse_name(const char *str, long chtype, int multirdn);
void policies_print(X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
int init_gen_str(EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param);
int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
extern char *psk_key;
unsigned char *next_protos_parse(size_t *outlen, const char *in);
void print_cert_checks(BIO *bio, X509 *x,
const char *checkhost,
const char *checkemail, const char *checkip);
void store_setup_crl_download(X509_STORE *st);
/* See OPT_FMT_xxx, above. */
/* On some platforms, it's important to distinguish between text and binary
* files. On some, there might even be specific file formats for different
* contents. The FORMAT_xxx macros are meant to express an intent with the
* file being read or created.
*/
# define B_FORMAT_TEXT 0x8000
# define FORMAT_UNDEF 0
# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
# define FORMAT_BINARY 2 /* Generic binary */
# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */
# define FORMAT_ASN1 4 /* ASN.1/DER */
# define FORMAT_PEM (5 | B_FORMAT_TEXT)
# define FORMAT_PKCS12 6
# define FORMAT_SMIME (7 | B_FORMAT_TEXT)
# define FORMAT_ENGINE 8 /* Not really a file format */
# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPubicKey format */
# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
# define FORMAT_MSBLOB 11 /* MS Key blob format */
# define FORMAT_PVK 12 /* MS PVK file format */
# define FORMAT_HTTP 13 /* Download using HTTP */
# define FORMAT_NSS 14 /* NSS keylog format */
# define EXT_COPY_NONE 0
# define EXT_COPY_ADD 1
# define EXT_COPY_ALL 2
# define NETSCAPE_CERT_HDR "certificate"
# define APP_PASS_LEN 1024
/*
* IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits
* so that the first bit will never be one, so that the DER encoding
* rules won't force a leading octet.
*/
# define SERIAL_RAND_BITS 159
int app_isdir(const char *);
int app_access(const char *, int flag);
int fileno_stdin(void);
int fileno_stdout(void);
int raw_read_stdin(void *, int);
int raw_write_stdout(const void *, int);
# define TM_START 0
# define TM_STOP 1
double app_tminterval(int stop, int usertime);
void make_uppercase(char *string);
typedef struct verify_options_st {
int depth;
int quiet;
int error;
int return_error;
} VERIFY_CB_ARGS;
extern VERIFY_CB_ARGS verify_args;
#endif

357
trunk/3rdparty/openssl-1.1-fit/apps/asn1pars.c vendored Normal file
View file

@ -0,0 +1,357 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/asn1t.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM,
OPT_ITEM
} OPTION_CHOICE;
const OPTIONS asn1parse_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
{"in", OPT_IN, '<', "input file"},
{"out", OPT_OUT, '>', "output file (output format is always DER)"},
{"i", OPT_INDENT, 0, "indents the output"},
{"noout", OPT_NOOUT, 0, "do not produce any output"},
{"offset", OPT_OFFSET, 'p', "offset into file"},
{"length", OPT_LENGTH, 'p', "length of section in file"},
{"oid", OPT_OID, '<', "file of extra oid definitions"},
{"dump", OPT_DUMP, 0, "unknown data in hex form"},
{"dlimit", OPT_DLIMIT, 'p',
"dump the first arg bytes of unknown data in hex form"},
{"strparse", OPT_STRPARSE, 'p',
"offset; a series of these can be used to 'dig'"},
{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
{"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
{"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
{OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
{"strictpem", OPT_STRICTPEM, 0,
"do not attempt base64 decode outside PEM markers"},
{"item", OPT_ITEM, 's', "item to parse and print"},
{NULL}
};
static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf);
int asn1parse_main(int argc, char **argv)
{
ASN1_TYPE *at = NULL;
BIO *in = NULL, *b64 = NULL, *derout = NULL;
BUF_MEM *buf = NULL;
STACK_OF(OPENSSL_STRING) *osk = NULL;
char *genstr = NULL, *genconf = NULL;
char *infile = NULL, *oidfile = NULL, *derfile = NULL;
unsigned char *str = NULL;
char *name = NULL, *header = NULL, *prog;
const unsigned char *ctmpbuf;
int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
int offset = 0, ret = 1, i, j;
long num, tmplen;
unsigned char *tmpbuf;
unsigned int length = 0;
OPTION_CHOICE o;
const ASN1_ITEM *it = NULL;
prog = opt_init(argc, argv, asn1parse_options);
if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
goto end;
}
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(asn1parse_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
derfile = opt_arg();
break;
case OPT_INDENT:
indent = 1;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_OID:
oidfile = opt_arg();
break;
case OPT_OFFSET:
offset = strtol(opt_arg(), NULL, 0);
break;
case OPT_LENGTH:
length = strtol(opt_arg(), NULL, 0);
break;
case OPT_DUMP:
dump = -1;
break;
case OPT_DLIMIT:
dump = strtol(opt_arg(), NULL, 0);
break;
case OPT_STRPARSE:
sk_OPENSSL_STRING_push(osk, opt_arg());
break;
case OPT_GENSTR:
genstr = opt_arg();
break;
case OPT_GENCONF:
genconf = opt_arg();
break;
case OPT_STRICTPEM:
strictpem = 1;
informat = FORMAT_PEM;
break;
case OPT_ITEM:
it = ASN1_ITEM_lookup(opt_arg());
if (it == NULL) {
size_t tmp;
BIO_printf(bio_err, "Unknown item name %s\n", opt_arg());
BIO_puts(bio_err, "Supported types:\n");
for (tmp = 0;; tmp++) {
it = ASN1_ITEM_get(tmp);
if (it == NULL)
break;
BIO_printf(bio_err, " %s\n", it->sname);
}
goto end;
}
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
if (oidfile != NULL) {
in = bio_open_default(oidfile, 'r', FORMAT_TEXT);
if (in == NULL)
goto end;
OBJ_create_objects(in);
BIO_free(in);
}
if ((in = bio_open_default(infile, 'r', informat)) == NULL)
goto end;
if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)
goto end;
if (strictpem) {
if (PEM_read_bio(in, &name, &header, &str, &num) !=
1) {
BIO_printf(bio_err, "Error reading PEM file\n");
ERR_print_errors(bio_err);
goto end;
}
} else {
if ((buf = BUF_MEM_new()) == NULL)
goto end;
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
goto end; /* Pre-allocate :-) */
if (genstr || genconf) {
num = do_generate(genstr, genconf, buf);
if (num < 0) {
ERR_print_errors(bio_err);
goto end;
}
} else {
if (informat == FORMAT_PEM) {
BIO *tmp;
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
BIO_push(b64, in);
tmp = in;
in = b64;
b64 = tmp;
}
num = 0;
for (;;) {
if (!BUF_MEM_grow(buf, num + BUFSIZ))
goto end;
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0)
break;
num += i;
}
}
str = (unsigned char *)buf->data;
}
/* If any structs to parse go through in sequence */
if (sk_OPENSSL_STRING_num(osk)) {
tmpbuf = str;
tmplen = num;
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
ASN1_TYPE *atmp;
int typ;
j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0);
if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is out of range\n",
sk_OPENSSL_STRING_value(osk, i));
continue;
}
tmpbuf += j;
tmplen -= j;
atmp = at;
ctmpbuf = tmpbuf;
at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
ASN1_TYPE_free(atmp);
if (!at) {
BIO_printf(bio_err, "Error parsing structure\n");
ERR_print_errors(bio_err);
goto end;
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
|| (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;
}
/* hmm... this is a little evil but it works */
tmpbuf = at->value.asn1_string->data;
tmplen = at->value.asn1_string->length;
}
str = tmpbuf;
num = tmplen;
}
if (offset < 0 || offset >= num) {
BIO_printf(bio_err, "Error: offset out of range\n");
goto end;
}
num -= offset;
if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num;
if (derout != NULL) {
if (BIO_write(derout, str + offset, length) != (int)length) {
BIO_printf(bio_err, "Error writing output\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (!noout) {
const unsigned char *p = str + offset;
if (it != NULL) {
ASN1_VALUE *value = ASN1_item_d2i(NULL, &p, length, it);
if (value == NULL) {
BIO_printf(bio_err, "Error parsing item %s\n", it->sname);
ERR_print_errors(bio_err);
goto end;
}
ASN1_item_print(bio_out, value, 0, it, NULL);
ASN1_item_free(value, it);
} else {
if (!ASN1_parse_dump(bio_out, p, length, indent, dump)) {
ERR_print_errors(bio_err);
goto end;
}
}
}
ret = 0;
end:
BIO_free(derout);
BIO_free(in);
BIO_free(b64);
if (ret != 0)
ERR_print_errors(bio_err);
BUF_MEM_free(buf);
OPENSSL_free(name);
OPENSSL_free(header);
if (strictpem)
OPENSSL_free(str);
ASN1_TYPE_free(at);
sk_OPENSSL_STRING_free(osk);
return ret;
}
static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
{
CONF *cnf = NULL;
int len;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
if (genconf != NULL) {
if ((cnf = app_load_config(genconf)) == NULL)
goto err;
if (genstr == NULL)
genstr = NCONF_get_string(cnf, "default", "asn1");
if (genstr == NULL) {
BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
goto err;
}
}
atyp = ASN1_generate_nconf(genstr, cnf);
NCONF_free(cnf);
cnf = NULL;
if (atyp == NULL)
return -1;
len = i2d_ASN1_TYPE(atyp, NULL);
if (len <= 0)
goto err;
if (!BUF_MEM_grow(buf, len))
goto err;
p = (unsigned char *)buf->data;
i2d_ASN1_TYPE(atyp, &p);
ASN1_TYPE_free(atyp);
return len;
err:
NCONF_free(cnf);
ASN1_TYPE_free(atyp);
return -1;
}

177
trunk/3rdparty/openssl-1.1-fit/apps/bf_prefix.c vendored Normal file
View file

@ -0,0 +1,177 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <openssl/bio.h>
#include "apps.h"
static int prefix_write(BIO *b, const char *out, size_t outl,
size_t *numwritten);
static int prefix_read(BIO *b, char *buf, size_t size, size_t *numread);
static int prefix_puts(BIO *b, const char *str);
static int prefix_gets(BIO *b, char *str, int size);
static long prefix_ctrl(BIO *b, int cmd, long arg1, void *arg2);
static int prefix_create(BIO *b);
static int prefix_destroy(BIO *b);
static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
static BIO_METHOD *prefix_meth = NULL;
BIO_METHOD *apps_bf_prefix(void)
{
if (prefix_meth == NULL) {
if ((prefix_meth =
BIO_meth_new(BIO_TYPE_FILTER, "Prefix filter")) == NULL
|| !BIO_meth_set_create(prefix_meth, prefix_create)
|| !BIO_meth_set_destroy(prefix_meth, prefix_destroy)
|| !BIO_meth_set_write_ex(prefix_meth, prefix_write)
|| !BIO_meth_set_read_ex(prefix_meth, prefix_read)
|| !BIO_meth_set_puts(prefix_meth, prefix_puts)
|| !BIO_meth_set_gets(prefix_meth, prefix_gets)
|| !BIO_meth_set_ctrl(prefix_meth, prefix_ctrl)
|| !BIO_meth_set_callback_ctrl(prefix_meth, prefix_callback_ctrl)) {
BIO_meth_free(prefix_meth);
prefix_meth = NULL;
}
}
return prefix_meth;
}
typedef struct prefix_ctx_st {
char *prefix;
int linestart; /* flag to indicate we're at the line start */
} PREFIX_CTX;
static int prefix_create(BIO *b)
{
PREFIX_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL)
return 0;
ctx->prefix = NULL;
ctx->linestart = 1;
BIO_set_data(b, ctx);
BIO_set_init(b, 1);
return 1;
}
static int prefix_destroy(BIO *b)
{
PREFIX_CTX *ctx = BIO_get_data(b);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx);
return 1;
}
static int prefix_read(BIO *b, char *in, size_t size, size_t *numread)
{
return BIO_read_ex(BIO_next(b), in, size, numread);
}
static int prefix_write(BIO *b, const char *out, size_t outl,
size_t *numwritten)
{
PREFIX_CTX *ctx = BIO_get_data(b);
if (ctx == NULL)
return 0;
/* If no prefix is set or if it's empty, we've got nothing to do here */
if (ctx->prefix == NULL || *ctx->prefix == '\0') {
/* We do note if what comes next will be a new line, though */
if (outl > 0)
ctx->linestart = (out[outl-1] == '\n');
return BIO_write_ex(BIO_next(b), out, outl, numwritten);
}
*numwritten = 0;
while (outl > 0) {
size_t i;
char c;
/* If we know that we're at the start of the line, output the prefix */
if (ctx->linestart) {
size_t dontcare;
if (!BIO_write_ex(BIO_next(b), ctx->prefix, strlen(ctx->prefix),
&dontcare))
return 0;
ctx->linestart = 0;
}
/* Now, go look for the next LF, or the end of the string */
for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++)
continue;
if (c == '\n')
i++;
/* Output what we found so far */
while (i > 0) {
size_t num = 0;
if (!BIO_write_ex(BIO_next(b), out, i, &num))
return 0;
out += num;
outl -= num;
*numwritten += num;
i -= num;
}
/* If we found a LF, what follows is a new line, so take note */
if (c == '\n')
ctx->linestart = 1;
}
return 1;
}
static long prefix_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret = 0;
switch (cmd) {
case PREFIX_CTRL_SET_PREFIX:
{
PREFIX_CTX *ctx = BIO_get_data(b);
if (ctx == NULL)
break;
OPENSSL_free(ctx->prefix);
ctx->prefix = OPENSSL_strdup((const char *)ptr);
ret = ctx->prefix != NULL;
}
break;
default:
if (BIO_next(b) != NULL)
ret = BIO_ctrl(BIO_next(b), cmd, num, ptr);
break;
}
return ret;
}
static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
return BIO_callback_ctrl(BIO_next(b), cmd, fp);
}
static int prefix_gets(BIO *b, char *buf, int size)
{
return BIO_gets(BIO_next(b), buf, size);
}
static int prefix_puts(BIO *b, const char *str)
{
return BIO_write(b, str, strlen(str));
}

38
trunk/3rdparty/openssl-1.1-fit/apps/build.info vendored Normal file
View file

@ -0,0 +1,38 @@
{- our @apps_openssl_src =
qw(openssl.c
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c);
our @apps_lib_src =
( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c),
split(/\s+/, $target{apps_aux_src}) );
our @apps_init_src = split(/\s+/, $target{apps_init_src});
"" -}
IF[{- !$disabled{apps} -}]
LIBS_NO_INST=libapps.a
SOURCE[libapps.a]={- join(" ", @apps_lib_src) -}
INCLUDE[libapps.a]=.. ../include
PROGRAMS=openssl
SOURCE[openssl]={- join(" ", @apps_init_src) -}
SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=libapps.a ../libssl
IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
GENERATE[openssl.rc]=../util/mkrc.pl openssl
SOURCE[openssl]=openssl.rc
ENDIF
{- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
@apps_openssl_src) -}
GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
DEPEND[progs.h]=../configdata.pm
SCRIPTS=CA.pl tsget.pl
SOURCE[CA.pl]=CA.pl.in
SOURCE[tsget.pl]=tsget.in
ENDIF

1
trunk/3rdparty/openssl-1.1-fit/apps/ca-cert.srl vendored Normal file
View file

@ -0,0 +1 @@
07

16
trunk/3rdparty/openssl-1.1-fit/apps/ca-key.pem vendored Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL4tQNyKy4U2zX6l
IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAECgYA3j6sSg+5f9hnldUMzbPjTh8Sb
XsJlPrc6UFrmMBzGiUleXSpe9Dbla+x0XvQCN4pwMvAN4nnWp/f0Su5BV/9Y93nb
im5ijGNrfN9i6QrnqGCr+MMute+4E8HR2pCScX0mBLDDf40SmDvMzCaxtd21keyr
9DqHgInQZNEi6NKlkQJBAPCbUTFg6iQ6VTCQ8CsEf5q2xHhuTK23fJ999lvWVxN7
QsvWb9RP9Ng34HVtvB7Pl6P7FyHLQYiDJhhvYR0L0+kCQQDKV/09Kt6Wjf5Omp1I
wd3A+tFnipdqnPw+qNHGjevv0hYiEIWQOYbx00zXgaX+WN/pzV9eeNN2XAxlNJ++
dxcPAkBrzeuPKFFAcjKBVC+H1rgl5gYZv7Hzk+buv02G0H6rZ+sB0c7BXiHiTwbv
Fn/XfkP/YR14Ms3mEH0dLaphjU8hAkEAh3Ar/rRiN04mCcEuRFQXtaNtZSv8PA2G
Pf7MI2Y9pdHupLCAZlBLRjTUO2/5hu1AO4QPMPIZQSFN3rRBtMCL+wJAMp/m2hvI
TmtbMp/IrKGfma09e3yFiCmoNn7cHLJ7jLvXcacV2XNzpr9YHfBxiZo0g9FqZKvv
PZoQ5B2XJ7bhTQ==
-----END PRIVATE KEY-----

11
trunk/3rdparty/openssl-1.1-fit/apps/ca-req.pem vendored Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDDBJUZXN0IENBICgx
MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4tQNyKy4U2zX6l
IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQCo
2jE7J1SNV7kyRm9m8CoPw8xYsuVcVFxPheBymYp8BlO0/rSdYygRjobpYnLVRUPZ
pV792wzT1Rp4sXfZWO10lkFY4yi0pH2cdK2RX7qedibV1Xu9vt/yYANFBKVpA4dy
PRyTQwi3In1N8hdfddpYR8f5MIUYRe5poFMIJcf8JA==
-----END CERTIFICATE REQUEST-----

2606
trunk/3rdparty/openssl-1.1-fit/apps/ca.c vendored Normal file
View file

File diff suppressed because it is too large Load diff

11
trunk/3rdparty/openssl-1.1-fit/apps/cert.pem vendored Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
-----END CERTIFICATE-----

266
trunk/3rdparty/openssl-1.1-fit/apps/ciphers.c vendored Normal file
View file

@ -0,0 +1,266 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_STDNAME,
OPT_CONVERT,
OPT_SSL3,
OPT_TLS1,
OPT_TLS1_1,
OPT_TLS1_2,
OPT_TLS1_3,
OPT_PSK,
OPT_SRP,
OPT_CIPHERSUITES,
OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE;
const OPTIONS ciphers_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
{"V", OPT_UPPER_V, '-', "Even more verbose"},
{"s", OPT_S, '-', "Only supported ciphers"},
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
#endif
#ifndef OPENSSL_NO_TLS1
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
#endif
#ifndef OPENSSL_NO_TLS1_1
{"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
#endif
#ifndef OPENSSL_NO_TLS1_2
{"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
#endif
#ifndef OPENSSL_NO_TLS1_3
{"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
#endif
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#ifndef OPENSSL_NO_PSK
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
#endif
#ifndef OPENSSL_NO_SRP
{"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
#endif
{"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
{"ciphersuites", OPT_CIPHERSUITES, 's',
"Configure the TLSv1.3 ciphersuites to use"},
{NULL}
};
#ifndef OPENSSL_NO_PSK
static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
unsigned int max_identity_len,
unsigned char *psk,
unsigned int max_psk_len)
{
return 0;
}
#endif
#ifndef OPENSSL_NO_SRP
static char *dummy_srp(SSL *ssl, void *arg)
{
return "";
}
#endif
int ciphers_main(int argc, char **argv)
{
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = TLS_server_method();
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
int stdname = 0;
#ifndef OPENSSL_NO_PSK
int psk = 0;
#endif
#ifndef OPENSSL_NO_SRP
int srp = 0;
#endif
const char *p;
char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;
char buf[512];
OPTION_CHOICE o;
int min_version = 0, max_version = 0;
prog = opt_init(argc, argv, ciphers_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ciphers_options);
ret = 0;
goto end;
case OPT_V:
verbose = 1;
break;
case OPT_UPPER_V:
verbose = Verbose = 1;
break;
case OPT_S:
use_supported = 1;
break;
case OPT_STDNAME:
stdname = verbose = 1;
break;
case OPT_CONVERT:
convert = opt_arg();
break;
case OPT_SSL3:
min_version = SSL3_VERSION;
max_version = SSL3_VERSION;
break;
case OPT_TLS1:
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
break;
case OPT_TLS1_1:
min_version = TLS1_1_VERSION;
max_version = TLS1_1_VERSION;
break;
case OPT_TLS1_2:
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
break;
case OPT_TLS1_3:
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
break;
case OPT_PSK:
#ifndef OPENSSL_NO_PSK
psk = 1;
#endif
break;
case OPT_SRP:
#ifndef OPENSSL_NO_SRP
srp = 1;
#endif
break;
case OPT_CIPHERSUITES:
ciphersuites = opt_arg();
break;
}
}
argv = opt_rest();
argc = opt_num_rest();
if (argc == 1)
ciphers = *argv;
else if (argc != 0)
goto opthelp;
if (convert != NULL) {
BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
OPENSSL_cipher_name(convert));
goto end;
}
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto err;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto err;
#ifndef OPENSSL_NO_PSK
if (psk)
SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
#endif
#ifndef OPENSSL_NO_SRP
if (srp)
SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
#endif
if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");
goto err;
}
if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl = SSL_new(ctx);
if (ssl == NULL)
goto err;
if (use_supported)
sk = SSL_get1_supported_ciphers(ssl);
else
sk = SSL_get_ciphers(ssl);
if (!verbose) {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
p = SSL_CIPHER_get_name(c);
if (p == NULL)
break;
if (i != 0)
BIO_printf(bio_out, ":");
BIO_printf(bio_out, "%s", p);
}
BIO_printf(bio_out, "\n");
} else {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk, i);
if (Verbose) {
unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x03000000L)
BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
* cipher */
else
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(bio_out, "%s - ", nm);
}
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}
ret = 0;
goto end;
err:
ERR_print_errors(bio_err);
end:
if (use_supported)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
return ret;
}

52
trunk/3rdparty/openssl-1.1-fit/apps/client.pem vendored Normal file
View file

@ -0,0 +1,52 @@
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
-----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
-----END RSA PRIVATE KEY-----

1289
trunk/3rdparty/openssl-1.1-fit/apps/cms.c vendored Normal file
View file

File diff suppressed because it is too large Load diff

342
trunk/3rdparty/openssl-1.1-fit/apps/crl.c vendored Normal file
View file

@ -0,0 +1,342 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD,
OPT_NOOUT, OPT_NAMEOPT, OPT_MD
} OPTION_CHOICE;
const OPTIONS crl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format; default PEM"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
{"out", OPT_OUT, '>', "output file - default stdout"},
{"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"},
{"key", OPT_KEY, '<', "CRL signing Private key to use"},
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
{"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
{"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
{"noout", OPT_NOOUT, '-', "No CRL output"},
{"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
{"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
{"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
{"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"},
{"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
{"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
{"no-CAfile", OPT_NOCAFILE, '-',
"Do not load the default certificates file"},
{"no-CApath", OPT_NOCAPATH, '-',
"Do not load certificates from the default certificates directory"},
{"verify", OPT_VERIFY, '-', "Verify CRL signature"},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5
{"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
#endif
{NULL}
};
int crl_main(int argc, char **argv)
{
X509_CRL *x = NULL;
BIO *out = NULL;
X509_STORE *store = NULL;
X509_STORE_CTX *ctx = NULL;
X509_LOOKUP *lookup = NULL;
X509_OBJECT *xobj = NULL;
EVP_PKEY *pkey;
const EVP_MD *digest = EVP_sha1();
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
const char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0;
int i;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
prog = opt_init(argc, argv, crl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(crl_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
goto opthelp;
break;
case OPT_KEY:
keyfile = opt_arg();
break;
case OPT_GENDELTA:
crldiff = opt_arg();
break;
case OPT_CAPATH:
CApath = opt_arg();
do_ver = 1;
break;
case OPT_CAFILE:
CAfile = opt_arg();
do_ver = 1;
break;
case OPT_NOCAPATH:
noCApath = 1;
break;
case OPT_NOCAFILE:
noCAfile = 1;
break;
case OPT_HASH_OLD:
#ifndef OPENSSL_NO_MD5
hash_old = ++num;
#endif
break;
case OPT_VERIFY:
do_ver = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_HASH:
hash = ++num;
break;
case OPT_ISSUER:
issuer = ++num;
break;
case OPT_LASTUPDATE:
lastupdate = ++num;
break;
case OPT_NEXTUPDATE:
nextupdate = ++num;
break;
case OPT_NOOUT:
noout = ++num;
break;
case OPT_FINGERPRINT:
fingerprint = ++num;
break;
case OPT_CRLNUMBER:
crlnumber = ++num;
break;
case OPT_BADSIG:
badsig = 1;
break;
case OPT_NAMEOPT:
if (!set_nameopt(opt_arg()))
goto opthelp;
break;
case OPT_MD:
if (!opt_md(opt_unknown(), &digest))
goto opthelp;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
x = load_crl(infile, informat);
if (x == NULL)
goto end;
if (do_ver) {
if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
goto end;
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto end;
ctx = X509_STORE_CTX_new();
if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
BIO_printf(bio_err, "Error initialising X509 store\n");
goto end;
}
xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509,
X509_CRL_get_issuer(x));
if (xobj == NULL) {
BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
goto end;
}
pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj));
X509_OBJECT_free(xobj);
if (!pkey) {
BIO_printf(bio_err, "Error getting CRL issuer public key\n");
goto end;
}
i = X509_CRL_verify(x, pkey);
EVP_PKEY_free(pkey);
if (i < 0)
goto end;
if (i == 0)
BIO_printf(bio_err, "verify failure\n");
else
BIO_printf(bio_err, "verify OK\n");
}
if (crldiff) {
X509_CRL *newcrl, *delta;
if (!keyfile) {
BIO_puts(bio_err, "Missing CRL signing key\n");
goto end;
}
newcrl = load_crl(crldiff, informat);
if (!newcrl)
goto end;
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
if (!pkey) {
X509_CRL_free(newcrl);
goto end;
}
delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
X509_CRL_free(newcrl);
EVP_PKEY_free(pkey);
if (delta) {
X509_CRL_free(x);
x = delta;
} else {
BIO_puts(bio_err, "Error creating delta CRL\n");
goto end;
}
}
if (badsig) {
const ASN1_BIT_STRING *sig;
X509_CRL_get0_signature(x, &sig, NULL);
corrupt_signature(sig);
}
if (num) {
for (i = 1; i <= num; i++) {
if (issuer == i) {
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
get_nameopt());
}
if (crlnumber == i) {
ASN1_INTEGER *crlnum;
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
BIO_printf(bio_out, "crlNumber=");
if (crlnum) {
i2a_ASN1_INTEGER(bio_out, crlnum);
ASN1_INTEGER_free(crlnum);
} else
BIO_puts(bio_out, "<NONE>");
BIO_printf(bio_out, "\n");
}
if (hash == i) {
BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
#ifndef OPENSSL_NO_MD5
if (hash_old == i) {
BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash_old(X509_CRL_get_issuer(x)));
}
#endif
if (lastupdate == i) {
BIO_printf(bio_out, "lastUpdate=");
ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x));
BIO_printf(bio_out, "\n");
}
if (nextupdate == i) {
BIO_printf(bio_out, "nextUpdate=");
if (X509_CRL_get0_nextUpdate(x))
ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x));
else
BIO_printf(bio_out, "NONE");
BIO_printf(bio_out, "\n");
}
if (fingerprint == i) {
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
if (!X509_CRL_digest(x, digest, md, &n)) {
BIO_printf(bio_err, "out of memory\n");
goto end;
}
BIO_printf(bio_out, "%s Fingerprint=",
OBJ_nid2sn(EVP_MD_type(digest)));
for (j = 0; j < (int)n; j++) {
BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
? '\n' : ':');
}
}
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (text)
X509_CRL_print_ex(out, x, get_nameopt());
if (noout) {
ret = 0;
goto end;
}
if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_CRL_bio(out, x);
else
i = PEM_write_bio_X509_CRL(out, x);
if (!i) {
BIO_printf(bio_err, "unable to write CRL\n");
goto end;
}
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
X509_CRL_free(x);
X509_STORE_CTX_free(ctx);
X509_STORE_free(store);
return ret;
}

217
trunk/3rdparty/openssl-1.1-fit/apps/crl2p7.c vendored Normal file
View file

@ -0,0 +1,217 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include <openssl/objects.h>
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
} OPTION_CHOICE;
const OPTIONS crl2pkcs7_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
{"certfile", OPT_CERTFILE, '<',
"File of chain of certs to a trusted CA; can be repeated"},
{NULL}
};
int crl2pkcs7_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
STACK_OF(OPENSSL_STRING) *certflst = NULL;
STACK_OF(X509) *cert_stack = NULL;
STACK_OF(X509_CRL) *crl_stack = NULL;
X509_CRL *crl = NULL;
char *infile = NULL, *outfile = NULL, *prog, *certfile;
int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
0;
OPTION_CHOICE o;
prog = opt_init(argc, argv, crl2pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(crl2pkcs7_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOCRL:
nocrl = 1;
break;
case OPT_CERTFILE:
if ((certflst == NULL)
&& (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (!sk_OPENSSL_STRING_push(certflst, opt_arg()))
goto end;
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
if (!nocrl) {
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
if (informat == FORMAT_ASN1)
crl = d2i_X509_CRL_bio(in, NULL);
else if (informat == FORMAT_PEM)
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
if (crl == NULL) {
BIO_printf(bio_err, "unable to load CRL\n");
ERR_print_errors(bio_err);
goto end;
}
}
if ((p7 = PKCS7_new()) == NULL)
goto end;
if ((p7s = PKCS7_SIGNED_new()) == NULL)
goto end;
p7->type = OBJ_nid2obj(NID_pkcs7_signed);
p7->d.sign = p7s;
p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
if (!ASN1_INTEGER_set(p7s->version, 1))
goto end;
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack;
if (crl != NULL) {
sk_X509_CRL_push(crl_stack, crl);
crl = NULL; /* now part of p7 for OPENSSL_freeing */
}
if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;
if (certflst != NULL)
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack, certfile) < 0) {
BIO_printf(bio_err, "error loading certificates\n");
ERR_print_errors(bio_err);
goto end;
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_PKCS7(out, p7);
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
end:
sk_OPENSSL_STRING_free(certflst);
BIO_free(in);
BIO_free_all(out);
PKCS7_free(p7);
X509_CRL_free(crl);
return ret;
}
/*-
*----------------------------------------------------------------------
* int add_certs_from_file
*
* Read a list of certificates to be checked from a file.
*
* Results:
* number of certs added if successful, -1 if not.
*----------------------------------------------------------------------
*/
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
{
BIO *in = NULL;
int count = 0;
int ret = -1;
STACK_OF(X509_INFO) *sk = NULL;
X509_INFO *xi;
in = BIO_new_file(certfile, "r");
if (in == NULL) {
BIO_printf(bio_err, "error opening the file, %s\n", certfile);
goto end;
}
/* This loads from a file, a stack of x509/crl/pkey sets */
sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
if (sk == NULL) {
BIO_printf(bio_err, "error reading the file, %s\n", certfile);
goto end;
}
/* scan over it and pull out the CRL's */
while (sk_X509_INFO_num(sk)) {
xi = sk_X509_INFO_shift(sk);
if (xi->x509 != NULL) {
sk_X509_push(stack, xi->x509);
xi->x509 = NULL;
count++;
}
X509_INFO_free(xi);
}
ret = count;
end:
/* never need to OPENSSL_free x */
BIO_free(in);
sk_X509_INFO_free(sk);
return ret;
}

9
trunk/3rdparty/openssl-1.1-fit/apps/ct_log_list.cnf vendored Normal file
View file

@ -0,0 +1,9 @@
# This file specifies the Certificate Transparency logs
# that are to be trusted.
# Google's list of logs can be found here:
# www.certificate-transparency.org/known-logs
# A Python program to convert the log list to OpenSSL's format can be
# found here:
# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
# Use the "--openssl_output" flag.

6
trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt vendored Normal file
View file

@ -0,0 +1,6 @@
# This is a file that will be filled by the openssl srp routine.
# You can initialize the file with additional groups, these are
# records starting with a I followed by the g and N values and the id.
# The exact values ... you have to dig this out from the source of srp.c
# or srp_vfy.c
# The last value of an I is used as the default group for new users.

1
trunk/3rdparty/openssl-1.1-fit/apps/demoSRP/srp_verifier.txt.attr vendored Normal file
View file

@ -0,0 +1 @@
unique_subject = yes

492
trunk/3rdparty/openssl-1.1-fit/apps/dgst.c vendored Normal file
View file

@ -0,0 +1,492 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
#undef BUFSIZE
#define BUFSIZE 1024*8
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
OPT_DIGEST,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS dgst_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
{OPT_HELP_STR, 1, '-',
" file... files to digest (default is stdin)\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"c", OPT_C, '-', "Print the digest with separating colons"},
{"r", OPT_R, '-', "Print the digest in coreutils format"},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"sign", OPT_SIGN, 's', "Sign digest using private key"},
{"verify", OPT_VERIFY, 's',
"Verify a signature using public key"},
{"prverify", OPT_PRVERIFY, 's',
"Verify a signature using private key"},
{"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
{"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
{"hex", OPT_HEX, '-', "Print as hex dump"},
{"binary", OPT_BINARY, '-', "Print in binary form"},
{"d", OPT_DEBUG, '-', "Print debug info"},
{"debug", OPT_DEBUG, '-', "Print debug info"},
{"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
"Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
{"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
{"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
{"", OPT_DIGEST, '-', "Any supported digest"},
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
"Also use engine given by -engine for digest operations"},
#endif
{NULL}
};
int dgst_main(int argc, char **argv)
{
BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
ENGINE *e = NULL, *impl = NULL;
EVP_PKEY *sigkey = NULL;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
char *hmac_key = NULL;
char *mac_name = NULL;
char *passinarg = NULL, *passin = NULL;
const EVP_MD *md = NULL, *m;
const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
const char *sigfile = NULL;
OPTION_CHOICE o;
int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
unsigned char *buf = NULL, *sigbuf = NULL;
int engine_impl = 0;
prog = opt_progname(argv[0]);
buf = app_malloc(BUFSIZE, "I/O buffer");
md = EVP_get_digestbyname(prog);
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dgst_options);
ret = 0;
goto end;
case OPT_C:
separator = 1;
break;
case OPT_R:
separator = 2;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_SIGN:
keyfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_VERIFY:
keyfile = opt_arg();
want_pub = do_verify = 1;
break;
case OPT_PRVERIFY:
keyfile = opt_arg();
do_verify = 1;
break;
case OPT_SIGNATURE:
sigfile = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
goto opthelp;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_ENGINE_IMPL:
engine_impl = 1;
break;
case OPT_HEX:
out_bin = 0;
break;
case OPT_BINARY:
out_bin = 1;
break;
case OPT_DEBUG:
debug = 1;
break;
case OPT_FIPS_FINGERPRINT:
hmac_key = "etaonrishdlcupfm";
break;
case OPT_HMAC:
hmac_key = opt_arg();
break;
case OPT_MAC:
mac_name = opt_arg();
break;
case OPT_SIGOPT:
if (!sigopts)
sigopts = sk_OPENSSL_STRING_new_null();
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
case OPT_MACOPT:
if (!macopts)
macopts = sk_OPENSSL_STRING_new_null();
if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
goto opthelp;
break;
case OPT_DIGEST:
if (!opt_md(opt_unknown(), &m))
goto opthelp;
md = m;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (keyfile != NULL && argc > 1) {
BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
goto end;
}
if (do_verify && sigfile == NULL) {
BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");
goto end;
}
if (engine_impl)
impl = e;
in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
if ((in == NULL) || (bmd == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
/* needed for windows 3.1 */
BIO_set_callback_arg(in, (char *)bio_err);
}
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if (out_bin == -1) {
if (keyfile != NULL)
out_bin = 1;
else
out_bin = 0;
}
out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
if (out == NULL)
goto end;
if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
goto end;
}
if (keyfile != NULL) {
int type;
if (want_pub)
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
else
sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
if (sigkey == NULL) {
/*
* load_[pub]key() has already printed an appropriate message
*/
goto end;
}
type = EVP_PKEY_id(sigkey);
if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) {
/*
* We implement PureEdDSA for these which doesn't have a separate
* digest, and only supports one shot.
*/
BIO_printf(bio_err, "Key type not supported for this operation\n");
goto end;
}
}
if (mac_name != NULL) {
EVP_PKEY_CTX *mac_ctx = NULL;
int r = 0;
if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
goto mac_end;
if (macopts != NULL) {
char *macopt;
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
macopt = sk_OPENSSL_STRING_value(macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
BIO_printf(bio_err,
"MAC parameter error \"%s\"\n", macopt);
ERR_print_errors(bio_err);
goto mac_end;
}
}
}
if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
BIO_puts(bio_err, "Error generating key\n");
ERR_print_errors(bio_err);
goto mac_end;
}
r = 1;
mac_end:
EVP_PKEY_CTX_free(mac_ctx);
if (r == 0)
goto end;
}
if (hmac_key != NULL) {
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
(unsigned char *)hmac_key, -1);
if (sigkey == NULL)
goto end;
}
if (sigkey != NULL) {
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
int r;
if (!BIO_get_md_ctx(bmd, &mctx)) {
BIO_printf(bio_err, "Error getting context\n");
ERR_print_errors(bio_err);
goto end;
}
if (do_verify)
r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
else
r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
if (!r) {
BIO_printf(bio_err, "Error setting context\n");
ERR_print_errors(bio_err);
goto end;
}
if (sigopts != NULL) {
char *sigopt;
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
sigopt = sk_OPENSSL_STRING_value(sigopts, i);
if (pkey_ctrl_string(pctx, sigopt) <= 0) {
BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
ERR_print_errors(bio_err);
goto end;
}
}
}
}
/* we use md as a filter, reading from 'in' */
else {
EVP_MD_CTX *mctx = NULL;
if (!BIO_get_md_ctx(bmd, &mctx)) {
BIO_printf(bio_err, "Error getting context\n");
ERR_print_errors(bio_err);
goto end;
}
if (md == NULL)
md = EVP_sha256();
if (!EVP_DigestInit_ex(mctx, md, impl)) {
BIO_printf(bio_err, "Error setting digest\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (sigfile != NULL && sigkey != NULL) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
if (sigbio == NULL) {
BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
ERR_print_errors(bio_err);
goto end;
}
siglen = EVP_PKEY_size(sigkey);
sigbuf = app_malloc(siglen, "signature buffer");
siglen = BIO_read(sigbio, sigbuf, siglen);
BIO_free(sigbio);
if (siglen <= 0) {
BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
ERR_print_errors(bio_err);
goto end;
}
}
inp = BIO_push(bmd, in);
if (md == NULL) {
EVP_MD_CTX *tctx;
BIO_get_md_ctx(bmd, &tctx);
md = EVP_MD_CTX_md(tctx);
}
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, NULL, NULL, "stdin");
} else {
const char *md_name = NULL, *sig_name = NULL;
if (!out_bin) {
if (sigkey != NULL) {
const EVP_PKEY_ASN1_METHOD *ameth;
ameth = EVP_PKEY_get0_asn1(sigkey);
if (ameth)
EVP_PKEY_asn1_get0_info(NULL, NULL,
NULL, NULL, &sig_name, ameth);
}
if (md != NULL)
md_name = EVP_MD_name(md);
}
ret = 0;
for (i = 0; i < argc; i++) {
int r;
if (BIO_read_filename(in, argv[i]) <= 0) {
perror(argv[i]);
ret++;
continue;
} else {
r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, sig_name, md_name, argv[i]);
}
if (r)
ret = r;
(void)BIO_reset(bmd);
}
}
end:
OPENSSL_clear_free(buf, BUFSIZE);
BIO_free(in);
OPENSSL_free(passin);
BIO_free_all(out);
EVP_PKEY_free(sigkey);
sk_OPENSSL_STRING_free(sigopts);
sk_OPENSSL_STRING_free(macopts);
OPENSSL_free(sigbuf);
BIO_free(bmd);
release_engine(e);
return ret;
}
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file)
{
size_t len;
int i;
for (;;) {
i = BIO_read(bp, (char *)buf, BUFSIZE);
if (i < 0) {
BIO_printf(bio_err, "Read Error in %s\n", file);
ERR_print_errors(bio_err);
return 1;
}
if (i == 0)
break;
}
if (sigin != NULL) {
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
if (i > 0) {
BIO_printf(out, "Verified OK\n");
} else if (i == 0) {
BIO_printf(out, "Verification Failure\n");
return 1;
} else {
BIO_printf(bio_err, "Error Verifying Data\n");
ERR_print_errors(bio_err);
return 1;
}
return 0;
}
if (key != NULL) {
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
len = BUFSIZE;
if (!EVP_DigestSignFinal(ctx, buf, &len)) {
BIO_printf(bio_err, "Error Signing Data\n");
ERR_print_errors(bio_err);
return 1;
}
} else {
len = BIO_gets(bp, (char *)buf, BUFSIZE);
if ((int)len < 0) {
ERR_print_errors(bio_err);
return 1;
}
}
if (binout) {
BIO_write(out, buf, len);
} else if (sep == 2) {
for (i = 0; i < (int)len; i++)
BIO_printf(out, "%02x", buf[i]);
BIO_printf(out, " *%s\n", file);
} else {
if (sig_name != NULL) {
BIO_puts(out, sig_name);
if (md_name != NULL)
BIO_printf(out, "-%s", md_name);
BIO_printf(out, "(%s)= ", file);
} else if (md_name != NULL) {
BIO_printf(out, "%s(%s)= ", md_name, file);
} else {
BIO_printf(out, "(%s)= ", file);
}
for (i = 0; i < (int)len; i++) {
if (sep && (i != 0))
BIO_printf(out, ":");
BIO_printf(out, "%02x", buf[i]);
}
BIO_printf(out, "\n");
}
return 0;
}

10
trunk/3rdparty/openssl-1.1-fit/apps/dh1024.pem vendored Normal file
View file

@ -0,0 +1,10 @@
-----BEGIN DH PARAMETERS-----
MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----
These are the 1024-bit DH parameters from "Internet Key Exchange
Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
See https://tools.ietf.org/html/rfc2412 for how they were generated.

14
trunk/3rdparty/openssl-1.1-fit/apps/dh2048.pem vendored Normal file
View file

@ -0,0 +1,14 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
-----END DH PARAMETERS-----
These are the 2048-bit DH parameters from "More Modular Exponential
(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.

19
trunk/3rdparty/openssl-1.1-fit/apps/dh4096.pem vendored Normal file
View file

@ -0,0 +1,19 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM
fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq
ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI
ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI
HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
-----END DH PARAMETERS-----
These are the 4096-bit DH parameters from "More Modular Exponential
(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.

379
trunk/3rdparty/openssl-1.1-fit/apps/dhparam.c vendored Normal file
View file

@ -0,0 +1,379 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DH
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <time.h>
# include <string.h>
# include "apps.h"
# include "progs.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/dh.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
# endif
# define DEFBITS 2048
static int dh_cb(int p, int n, BN_GENCB *cb);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
OPT_DSAPARAM, OPT_C, OPT_2, OPT_5,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS dhparam_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"inform", OPT_INFORM, 'F', "Input format, DER or PEM"},
{"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"check", OPT_CHECK, '-', "Check the DH parameters"},
{"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
{"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
OPT_R_OPTIONS,
{"C", OPT_C, '-', "Print C code"},
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
# ifndef OPENSSL_NO_DSA
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};
int dhparam_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
DH *dh = NULL;
char *infile = NULL, *outfile = NULL, *prog;
ENGINE *e = NULL;
#ifndef OPENSSL_NO_DSA
int dsaparam = 0;
#endif
int i, text = 0, C = 0, ret = 1, num = 0, g = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0;
OPTION_CHOICE o;
prog = opt_init(argc, argv, dhparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dhparam_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_CHECK:
check = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_DSAPARAM:
#ifndef OPENSSL_NO_DSA
dsaparam = 1;
#endif
break;
case OPT_C:
C = 1;
break;
case OPT_2:
g = 2;
break;
case OPT_5:
g = 5;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0))
goto end;
if (g && !num)
num = DEFBITS;
# ifndef OPENSSL_NO_DSA
if (dsaparam && g) {
BIO_printf(bio_err,
"generator may not be chosen for DSA parameters\n");
goto end;
}
# endif
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
/* DH parameters */
if (num && !g)
g = 2;
if (num) {
BN_GENCB *cb;
cb = BN_GENCB_new();
if (cb == NULL) {
ERR_print_errors(bio_err);
goto end;
}
BN_GENCB_set(cb, dh_cb, bio_err);
# ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa = DSA_new();
BIO_printf(bio_err,
"Generating DSA parameters, %d bit long prime\n", num);
if (dsa == NULL
|| !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
cb)) {
DSA_free(dsa);
BN_GENCB_free(cb);
ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL) {
BN_GENCB_free(cb);
ERR_print_errors(bio_err);
goto end;
}
} else
# endif
{
dh = DH_new();
BIO_printf(bio_err,
"Generating DH parameters, %d bit long safe prime, generator %d\n",
num, g);
BIO_printf(bio_err, "This is going to take a long time\n");
if (dh == NULL || !DH_generate_parameters_ex(dh, num, g, cb)) {
BN_GENCB_free(cb);
ERR_print_errors(bio_err);
goto end;
}
}
BN_GENCB_free(cb);
} else {
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
# ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa;
if (informat == FORMAT_ASN1)
dsa = d2i_DSAparams_bio(in, NULL);
else /* informat == FORMAT_PEM */
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL) {
ERR_print_errors(bio_err);
goto end;
}
} else
# endif
{
if (informat == FORMAT_ASN1) {
/*
* We have no PEM header to determine what type of DH params it
* is. We'll just try both.
*/
dh = d2i_DHparams_bio(in, NULL);
/* BIO_reset() returns 0 for success for file BIOs only!!! */
if (dh == NULL && BIO_reset(in) == 0)
dh = d2i_DHxparams_bio(in, NULL);
} else {
/* informat == FORMAT_PEM */
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
}
if (dh == NULL) {
BIO_printf(bio_err, "unable to load DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
/* dh != NULL */
}
if (text) {
DHparams_print(out, dh);
}
if (check) {
if (!DH_check(dh, &i)) {
ERR_print_errors(bio_err);
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
BIO_printf(bio_err, "WARNING: p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
if (i & DH_CHECK_Q_NOT_PRIME)
BIO_printf(bio_err, "WARNING: q value is not a prime\n");
if (i & DH_CHECK_INVALID_Q_VALUE)
BIO_printf(bio_err, "WARNING: q value is invalid\n");
if (i & DH_CHECK_INVALID_J_VALUE)
BIO_printf(bio_err, "WARNING: j value is invalid\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
BIO_printf(bio_err,
"WARNING: unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
if (i == 0)
BIO_printf(bio_err, "DH parameters appear to be ok.\n");
if (num != 0 && i != 0) {
/*
* We have generated parameters but DH_check() indicates they are
* invalid! This should never happen!
*/
BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
goto end;
}
}
if (C) {
unsigned char *data;
int len, bits;
const BIGNUM *pbn, *gbn;
len = DH_size(dh);
bits = DH_bits(dh);
DH_get0_pqg(dh, &pbn, NULL, &gbn);
data = app_malloc(len, "print a BN");
BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits);
print_bignum_var(out, pbn, "dhp", bits, data);
print_bignum_var(out, gbn, "dhg", bits, data);
BIO_printf(out, " DH *dh = DH_new();\n"
" BIGNUM *p, *g;\n"
"\n"
" if (dh == NULL)\n"
" return NULL;\n");
BIO_printf(out, " p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
bits, bits);
BIO_printf(out, " g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
bits, bits);
BIO_printf(out, " if (p == NULL || g == NULL\n"
" || !DH_set0_pqg(dh, p, NULL, g)) {\n"
" DH_free(dh);\n"
" BN_free(p);\n"
" BN_free(g);\n"
" return NULL;\n"
" }\n");
if (DH_get_length(dh) > 0)
BIO_printf(out,
" if (!DH_set_length(dh, %ld)) {\n"
" DH_free(dh);\n"
" return NULL;\n"
" }\n", DH_get_length(dh));
BIO_printf(out, " return dh;\n}\n");
OPENSSL_free(data);
}
if (!noout) {
const BIGNUM *q;
DH_get0_pqg(dh, NULL, &q, NULL);
if (outformat == FORMAT_ASN1) {
if (q != NULL)
i = i2d_DHxparams_bio(out, dh);
else
i = i2d_DHparams_bio(out, dh);
} else if (q != NULL) {
i = PEM_write_bio_DHxparams(out, dh);
} else {
i = PEM_write_bio_DHparams(out, dh);
}
if (!i) {
BIO_printf(bio_err, "unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret = 0;
end:
BIO_free(in);
BIO_free_all(out);
DH_free(dh);
release_engine(e);
return ret;
}
static int dh_cb(int p, int n, BN_GENCB *cb)
{
static const char symbols[] = ".+*\n";
char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
#endif

47
trunk/3rdparty/openssl-1.1-fit/apps/dsa-ca.pem vendored Normal file
View file

@ -0,0 +1,47 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
J6zsFbSEHaQGUmfSeoM=
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICVjCCAhMCAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAwwCQ0Ew
ggG2MIIBKwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9
hpazFeBTLo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhu
zmaua4g2++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82A
EeRwlVtQzUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ
5WhvMONp4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeo
epEJnbbxTZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJ
bEEXlZLrAbVzpWp+2DLtDgK4A4GEAAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfs
i4e9IvD1hSslqFwEeZum+3j3iUXiALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj2
5SoDKU5UUkkle6KtUn6j7RO04UMhMQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17
ry7d6fGGqcMZoAAwCwYJYIZIAWUDBAMCAzAAMC0CFCp7rUwGJNtxK6Aqo6k6US+S
KP8sAhUAyfSi8Zs3QAvkJoFG0IMRaq8M03I=
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIDMDCCAuygAwIBAgIBAjALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
MTQ5WjBSMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDDAJDQTCCAbYwggEr
BgcqhkjOOAQBMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMu
j+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb7
7Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DN
SQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh
5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFN
nFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusB
tXOlan7YMu0OArgDgYQAAoGAGqZZeoqs/V62RZZNhglXAfioocVpx+yLh70i8PWF
KyWoXAR5m6b7ePeJReIAucN1jzPr1yaH27rJOBqEBBLEDTA2moeJuPblKgMpTlRS
SSV7oq1SfqPtE7ThQyExAJfmGWWq4lzg+7XTkjpfUSzDwuvnWhykvXuvLt3p8Yap
wxmjUDBOMB0GA1UdDgQWBBTMZcORcBEVlqO/CD4pf4V6N1NM1zAfBgNVHSMEGDAW
gBTGjwJ33uvjSa20RNrMKWoGptOLdDAMBgNVHRMEBTADAQH/MAsGCWCGSAFlAwQD
AgMxADAuAhUA4V6MrHufG8R79E+AtVO02olPxK8CFQDkZyo/TWpavsUBRDJbCeD9
jgjIkA==
-----END CERTIFICATE-----

47
trunk/3rdparty/openssl-1.1-fit/apps/dsa-pca.pem vendored Normal file
View file

@ -0,0 +1,47 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
6TicfImU7UFRn9h00j0lJQ==
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICWDCCAhUCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDUENB
MIIBtzCCASsGByqGSM44BAEwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7F
PYaWsxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmI
bs5mrmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/N
gBHkcJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYl
meVobzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEn
qHqRCZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/Xk
CWxBF5WS6wG1c6Vqftgy7Q4CuAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYg
rB7o1kQxeDf34dDVRM9OZ8tkumz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQ
lNnKvbtlmMDULpqkZJD0bO7A29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgT
mvTPT2j9TPjq7RWgADALBglghkgBZQMEAwIDMAAwLQIVAPA6/jxCT1D2HgzE4iZR
AEup/C7YAhRPLTQvQnAiS5FRrA+8SwBLvDAsaw==
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIDMDCCAu6gAwIBAgIBATALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
MTQ5WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDDANQQ0EwggG3MIIB
KwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9hpazFeBT
Lo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhuzmaua4g2
++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82AEeRwlVtQ
zUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ5WhvMONp
4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeoepEJnbbx
TZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJbEEXlZLr
AbVzpWp+2DLtDgK4A4GFAAKBgQCm7bkeQHVviAowhXtosY1IiSczNiCsHujWRDF4
N/fh0NVEz05ny2S6bPq2X6JRw17kSjF2xhXUhdJ12M6LTws4uxmrsBCU2cq9u2WY
wNQumqRkkPRs7sDb2eKwl8rLVRGoAEvDkOB9w+HVkte2YN9SAm+aOBOa9M9PaP1M
+OrtFaNQME4wHQYDVR0OBBYEFMaPAnfe6+NJrbRE2swpagam04t0MB8GA1UdIwQY
MBaAFMaPAnfe6+NJrbRE2swpagam04t0MAwGA1UdEwQFMAMBAf8wCwYJYIZIAWUD
BAMCAy8AMCwCFFhdz4fzQo9BBF20U1CHldYTi/D7AhQydDnDMj21y+U1UhDZJrvh
lnt88g==
-----END CERTIFICATE-----

265
trunk/3rdparty/openssl-1.1-fit/apps/dsa.c vendored Normal file
View file

@ -0,0 +1,265 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DSA
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include <time.h>
# include "apps.h"
# include "progs.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/dsa.h>
# include <openssl/evp.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# include <openssl/bn.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
/* Do not change the order here; see case statements below */
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
} OPTION_CHOICE;
const OPTIONS dsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"},
{"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"},
{"in", OPT_IN, 's', "Input key"},
{"out", OPT_OUT, '>', "Output file"},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_RC4
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};
int dsa_main(int argc, char **argv)
{
BIO *out = NULL;
DSA *dsa = NULL;
ENGINE *e = NULL;
const EVP_CIPHER *enc = NULL;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
# ifndef OPENSSL_NO_RC4
int pvk_encr = 2;
# endif
int private = 0;
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
ret = 0;
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dsa_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_PVK_STRONG: /* pvk_encr:= 2 */
case OPT_PVK_WEAK: /* pvk_encr:= 1 */
case OPT_PVK_NONE: /* pvk_encr:= 0 */
#ifndef OPENSSL_NO_RC4
pvk_encr = (o - OPT_PVK_NONE);
#endif
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_MODULUS:
modulus = 1;
break;
case OPT_PUBIN:
pubin = 1;
break;
case OPT_PUBOUT:
pubout = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = pubin || pubout ? 0 : 1;
if (text && !pubin)
private = 1;
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
BIO_printf(bio_err, "read DSA key\n");
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey != NULL) {
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
if (text) {
assert(pubin || private);
if (!DSA_print(out, dsa, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
}
if (modulus) {
const BIGNUM *pub_key = NULL;
DSA_get0_key(dsa, &pub_key, NULL);
BIO_printf(out, "Public Key=");
BN_print(out, pub_key);
BIO_printf(out, "\n");
}
if (noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if (pubin || pubout) {
i = i2d_DSA_PUBKEY_bio(out, dsa);
} else {
assert(private);
i = i2d_DSAPrivateKey_bio(out, dsa);
}
} else if (outformat == FORMAT_PEM) {
if (pubin || pubout) {
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
} else {
assert(private);
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
NULL, 0, NULL, passout);
}
# ifndef OPENSSL_NO_RSA
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
if (pk == NULL)
goto end;
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK) {
if (pubin) {
BIO_printf(bio_err, "PVK form impossible with public key input\n");
EVP_PKEY_free(pk);
goto end;
}
assert(private);
# ifdef OPENSSL_NO_RC4
BIO_printf(bio_err, "PVK format not supported\n");
EVP_PKEY_free(pk);
goto end;
# else
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
# endif
} else if (pubin || pubout) {
i = i2b_PublicKey_bio(out, pk);
} else {
assert(private);
i = i2b_PrivateKey_bio(out, pk);
}
EVP_PKEY_free(pk);
# endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (i <= 0) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
end:
BIO_free_all(out);
DSA_free(dsa);
release_engine(e);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;
}
#endif

9
trunk/3rdparty/openssl-1.1-fit/apps/dsa1024.pem vendored Normal file
View file

@ -0,0 +1,9 @@
-----BEGIN DSA PARAMETERS-----
MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
Arg=
-----END DSA PARAMETERS-----

6
trunk/3rdparty/openssl-1.1-fit/apps/dsa512.pem vendored Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN DSA PARAMETERS-----
MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
L8wka5B33qJoplISogOdIA==
-----END DSA PARAMETERS-----

6
trunk/3rdparty/openssl-1.1-fit/apps/dsap.pem vendored Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN DSA PARAMETERS-----
MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
ADiRffvSdhrNw5dkqdql
-----END DSA PARAMETERS-----

258
trunk/3rdparty/openssl-1.1-fit/apps/dsaparam.c vendored Normal file
View file

@ -0,0 +1,258 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DSA
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <time.h>
# include <string.h>
# include "apps.h"
# include "progs.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/dsa.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
static int dsa_cb(int p, int n, BN_GENCB *cb);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS dsaparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"text", OPT_TEXT, '-', "Print as text"},
{"C", OPT_C, '-', "Output C code"},
{"noout", OPT_NOOUT, '-', "No output"},
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
OPT_R_OPTIONS,
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};
int dsaparam_main(int argc, char **argv)
{
ENGINE *e = NULL;
DSA *dsa = NULL;
BIO *in = NULL, *out = NULL;
BN_GENCB *cb = NULL;
int numbits = -1, num = 0, genkey = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
int ret = 1, i, text = 0, private = 0;
char *infile = NULL, *outfile = NULL, *prog;
OPTION_CHOICE o;
prog = opt_init(argc, argv, dsaparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dsaparam_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_TEXT:
text = 1;
break;
case OPT_C:
C = 1;
break;
case OPT_GENKEY:
genkey = 1;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_NOOUT:
noout = 1;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (argc == 1) {
if (!opt_int(argv[0], &num) || num < 0)
goto end;
/* generate a key */
numbits = num;
}
private = genkey ? 1 : 0;
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
if (numbits > 0) {
if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, numbits);
cb = BN_GENCB_new();
if (cb == NULL) {
BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
goto end;
}
BN_GENCB_set(cb, dsa_cb, bio_err);
dsa = DSA_new();
if (dsa == NULL) {
BIO_printf(bio_err, "Error allocating DSA object\n");
goto end;
}
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
num);
BIO_printf(bio_err, "This could take some time\n");
if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) {
ERR_print_errors(bio_err);
BIO_printf(bio_err, "Error, DSA key generation failed\n");
goto end;
}
} else if (informat == FORMAT_ASN1) {
dsa = d2i_DSAparams_bio(in, NULL);
} else {
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (text) {
DSAparams_print(out, dsa);
}
if (C) {
const BIGNUM *p = NULL, *q = NULL, *g = NULL;
unsigned char *data;
int len, bits_p;
DSA_get0_pqg(dsa, &p, &q, &g);
len = BN_num_bytes(p);
bits_p = BN_num_bits(p);
data = app_malloc(len + 20, "BN space");
BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p);
print_bignum_var(bio_out, p, "dsap", bits_p, data);
print_bignum_var(bio_out, q, "dsaq", bits_p, data);
print_bignum_var(bio_out, g, "dsag", bits_p, data);
BIO_printf(bio_out, " DSA *dsa = DSA_new();\n"
" BIGNUM *p, *q, *g;\n"
"\n");
BIO_printf(bio_out, " if (dsa == NULL)\n"
" return NULL;\n");
BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n",
bits_p, bits_p);
BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n",
bits_p, bits_p);
BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n",
bits_p, bits_p);
BIO_printf(bio_out, " DSA_free(dsa);\n"
" BN_free(p);\n"
" BN_free(q);\n"
" BN_free(g);\n"
" return NULL;\n"
" }\n"
" return dsa;\n}\n");
OPENSSL_free(data);
}
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);
else
i = PEM_write_bio_DSAparams(out, dsa);
if (!i) {
BIO_printf(bio_err, "unable to write DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (genkey) {
DSA *dsakey;
if ((dsakey = DSAparams_dup(dsa)) == NULL)
goto end;
if (!DSA_generate_key(dsakey)) {
ERR_print_errors(bio_err);
DSA_free(dsakey);
goto end;
}
assert(private);
if (outformat == FORMAT_ASN1)
i = i2d_DSAPrivateKey_bio(out, dsakey);
else
i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
NULL);
DSA_free(dsakey);
}
ret = 0;
end:
BN_GENCB_free(cb);
BIO_free(in);
BIO_free_all(out);
DSA_free(dsa);
release_engine(e);
return ret;
}
static int dsa_cb(int p, int n, BN_GENCB *cb)
{
static const char symbols[] = ".+*\n";
char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
#endif

283
trunk/3rdparty/openssl-1.1-fit/apps/ec.c vendored Normal file
View file

@ -0,0 +1,283 @@
/*
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_EC
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include "apps.h"
# include "progs.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/evp.h>
# include <openssl/pem.h>
static OPT_PAIR conv_forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
{"hybrid", POINT_CONVERSION_HYBRID},
{NULL}
};
static OPT_PAIR param_enc[] = {
{"named_curve", OPENSSL_EC_NAMED_CURVE},
{"explicit", 0},
{NULL}
};
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
OPT_NO_PUBLIC, OPT_CHECK
} OPTION_CHOICE;
const OPTIONS ec_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, 's', "Input file"},
{"inform", OPT_INFORM, 'f', "Input format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key"},
{"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
{"check", OPT_CHECK, '-', "check key consistency"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"param_enc", OPT_PARAM_ENC, 's',
"Specifies the way the ec parameters are encoded"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};
int ec_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EC_KEY *eckey = NULL;
const EC_GROUP *group;
const EVP_CIPHER *enc = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0;
int no_public = 0, check = 0;
prog = opt_init(argc, argv, ec_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ec_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_PARAM_OUT:
param_out = 1;
break;
case OPT_PUBIN:
pubin = 1;
break;
case OPT_PUBOUT:
pubout = 1;
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto opthelp;
break;
case OPT_CONV_FORM:
if (!opt_pair(opt_arg(), conv_forms, &i))
goto opthelp;
new_form = 1;
form = i;
break;
case OPT_PARAM_ENC:
if (!opt_pair(opt_arg(), param_enc, &i))
goto opthelp;
new_asn1_flag = 1;
asn1_flag = i;
break;
case OPT_NO_PUBLIC:
no_public = 1;
break;
case OPT_CHECK:
check = 1;
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = param_out || pubin || pubout ? 0 : 1;
if (text && !pubin)
private = 1;
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (informat != FORMAT_ENGINE) {
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
}
BIO_printf(bio_err, "read EC key\n");
if (informat == FORMAT_ASN1) {
if (pubin)
eckey = d2i_EC_PUBKEY_bio(in, NULL);
else
eckey = d2i_ECPrivateKey_bio(in, NULL);
} else if (informat == FORMAT_ENGINE) {
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey != NULL) {
eckey = EVP_PKEY_get1_EC_KEY(pkey);
EVP_PKEY_free(pkey);
}
} else {
if (pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
else
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
}
if (eckey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
group = EC_KEY_get0_group(eckey);
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (new_asn1_flag)
EC_KEY_set_asn1_flag(eckey, asn1_flag);
if (no_public)
EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
if (text) {
assert(pubin || private);
if (!EC_KEY_print(out, eckey, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
}
if (check) {
if (EC_KEY_check_key(eckey) == 1) {
BIO_printf(bio_err, "EC Key valid.\n");
} else {
BIO_printf(bio_err, "EC Key Invalid!\n");
ERR_print_errors(bio_err);
}
}
if (noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing EC key\n");
if (outformat == FORMAT_ASN1) {
if (param_out) {
i = i2d_ECPKParameters_bio(out, group);
} else if (pubin || pubout) {
i = i2d_EC_PUBKEY_bio(out, eckey);
} else {
assert(private);
i = i2d_ECPrivateKey_bio(out, eckey);
}
} else {
if (param_out) {
i = PEM_write_bio_ECPKParameters(out, group);
} else if (pubin || pubout) {
i = PEM_write_bio_EC_PUBKEY(out, eckey);
} else {
assert(private);
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
NULL, 0, NULL, passout);
}
}
if (!i) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
} else {
ret = 0;
}
end:
BIO_free(in);
BIO_free_all(out);
EC_KEY_free(eckey);
release_engine(e);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;
}
#endif

450
trunk/3rdparty/openssl-1.1-fit/apps/ecparam.c vendored Normal file
View file

@ -0,0 +1,450 @@
/*
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_EC
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <time.h>
# include <string.h>
# include "apps.h"
# include "progs.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/ec.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS ecparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"text", OPT_TEXT, '-', "Print the ec parameters in text form"},
{"C", OPT_C, '-', "Print a 'C' function creating the parameters"},
{"check", OPT_CHECK, '-', "Validate the ec parameters"},
{"list_curves", OPT_LIST_CURVES, '-',
"Prints a list of all curve 'short names'"},
{"no_seed", OPT_NO_SEED, '-',
"If 'explicit' parameters are chosen do not use the seed"},
{"noout", OPT_NOOUT, '-', "Do not print the ec parameter"},
{"name", OPT_NAME, 's',
"Use the ec parameters with specified 'short name'"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"param_enc", OPT_PARAM_ENC, 's',
"Specifies the way the ec parameters are encoded"},
{"genkey", OPT_GENKEY, '-', "Generate ec key"},
OPT_R_OPTIONS,
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};
static OPT_PAIR forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
{"hybrid", POINT_CONVERSION_HYBRID},
{NULL}
};
static OPT_PAIR encodings[] = {
{"named_curve", OPENSSL_EC_NAMED_CURVE},
{"explicit", 0},
{NULL}
};
int ecparam_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL;
BIO *in = NULL, *out = NULL;
EC_GROUP *group = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
char *curve_name = NULL;
char *infile = NULL, *outfile = NULL, *prog;
unsigned char *buffer = NULL;
OPTION_CHOICE o;
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
int ret = 1, private = 0;
int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
int text = 0, i, genkey = 0;
prog = opt_init(argc, argv, ecparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ecparam_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_TEXT:
text = 1;
break;
case OPT_C:
C = 1;
break;
case OPT_CHECK:
check = 1;
break;
case OPT_LIST_CURVES:
list_curves = 1;
break;
case OPT_NO_SEED:
no_seed = 1;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_NAME:
curve_name = opt_arg();
break;
case OPT_CONV_FORM:
if (!opt_pair(opt_arg(), forms, &new_form))
goto opthelp;
form = new_form;
new_form = 1;
break;
case OPT_PARAM_ENC:
if (!opt_pair(opt_arg(), encodings, &asn1_flag))
goto opthelp;
new_asn1_flag = 1;
break;
case OPT_GENKEY:
genkey = 1;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = genkey ? 1 : 0;
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
if (list_curves) {
EC_builtin_curve *curves = NULL;
size_t crv_len = EC_get_builtin_curves(NULL, 0);
size_t n;
curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
if (!EC_get_builtin_curves(curves, crv_len)) {
OPENSSL_free(curves);
goto end;
}
for (n = 0; n < crv_len; n++) {
const char *comment;
const char *sname;
comment = curves[n].comment;
sname = OBJ_nid2sn(curves[n].nid);
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
sname = "";
BIO_printf(out, " %-10s: ", sname);
BIO_printf(out, "%s\n", comment);
}
OPENSSL_free(curves);
ret = 0;
goto end;
}
if (curve_name != NULL) {
int nid;
/*
* workaround for the SECG curve names secp192r1 and secp256r1 (which
* are the same as the curves prime192v1 and prime256v1 defined in
* X9.62)
*/
if (strcmp(curve_name, "secp192r1") == 0) {
BIO_printf(bio_err, "using curve name prime192v1 "
"instead of secp192r1\n");
nid = NID_X9_62_prime192v1;
} else if (strcmp(curve_name, "secp256r1") == 0) {
BIO_printf(bio_err, "using curve name prime256v1 "
"instead of secp256r1\n");
nid = NID_X9_62_prime256v1;
} else {
nid = OBJ_sn2nid(curve_name);
}
if (nid == 0)
nid = EC_curve_nist2nid(curve_name);
if (nid == 0) {
BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
goto end;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL) {
BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
goto end;
}
EC_GROUP_set_asn1_flag(group, asn1_flag);
EC_GROUP_set_point_conversion_form(group, form);
} else if (informat == FORMAT_ASN1) {
group = d2i_ECPKParameters_bio(in, NULL);
} else {
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
}
if (group == NULL) {
BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (new_form)
EC_GROUP_set_point_conversion_form(group, form);
if (new_asn1_flag)
EC_GROUP_set_asn1_flag(group, asn1_flag);
if (no_seed) {
EC_GROUP_set_seed(group, NULL, 0);
}
if (text) {
if (!ECPKParameters_print(out, group, 0))
goto end;
}
if (check) {
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err, "ok\n");
}
if (C) {
size_t buf_len = 0, tmp_len = 0;
const EC_POINT *point;
int is_prime, len = 0;
const EC_METHOD *meth = EC_GROUP_method_of(group);
if ((ec_p = BN_new()) == NULL
|| (ec_a = BN_new()) == NULL
|| (ec_b = BN_new()) == NULL
|| (ec_gen = BN_new()) == NULL
|| (ec_order = BN_new()) == NULL
|| (ec_cofactor = BN_new()) == NULL) {
perror("Can't allocate BN");
goto end;
}
is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
if (!is_prime) {
BIO_printf(bio_err, "Can only handle X9.62 prime fields\n");
goto end;
}
if (!EC_GROUP_get_curve(group, ec_p, ec_a, ec_b, NULL))
goto end;
if ((point = EC_GROUP_get0_generator(group)) == NULL)
goto end;
if (!EC_POINT_point2bn(group, point,
EC_GROUP_get_point_conversion_form(group),
ec_gen, NULL))
goto end;
if (!EC_GROUP_get_order(group, ec_order, NULL))
goto end;
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
goto end;
if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
goto end;
len = BN_num_bits(ec_order);
if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
buf_len = tmp_len;
buffer = app_malloc(buf_len, "BN buffer");
BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n{\n", len);
print_bignum_var(out, ec_p, "ec_p", len, buffer);
print_bignum_var(out, ec_a, "ec_a", len, buffer);
print_bignum_var(out, ec_b, "ec_b", len, buffer);
print_bignum_var(out, ec_gen, "ec_gen", len, buffer);
print_bignum_var(out, ec_order, "ec_order", len, buffer);
print_bignum_var(out, ec_cofactor, "ec_cofactor", len, buffer);
BIO_printf(out, " int ok = 0;\n"
" EC_GROUP *group = NULL;\n"
" EC_POINT *point = NULL;\n"
" BIGNUM *tmp_1 = NULL;\n"
" BIGNUM *tmp_2 = NULL;\n"
" BIGNUM *tmp_3 = NULL;\n"
"\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n"
" goto err;\n"
"\n");
BIO_printf(out, " /* build generator */\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n");
BIO_printf(out, " if (point == NULL)\n"
" goto err;\n");
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n"
" goto err;\n"
"ok = 1;"
"\n");
BIO_printf(out, "err:\n"
" BN_free(tmp_1);\n"
" BN_free(tmp_2);\n"
" BN_free(tmp_3);\n"
" EC_POINT_free(point);\n"
" if (!ok) {\n"
" EC_GROUP_free(group);\n"
" return NULL;\n"
" }\n"
" return (group);\n"
"}\n");
}
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
else
i = PEM_write_bio_ECPKParameters(out, group);
if (!i) {
BIO_printf(bio_err, "unable to write elliptic "
"curve parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (genkey) {
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
goto end;
if (EC_KEY_set_group(eckey, group) == 0) {
BIO_printf(bio_err, "unable to set group when generating key\n");
EC_KEY_free(eckey);
ERR_print_errors(bio_err);
goto end;
}
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) {
BIO_printf(bio_err, "unable to generate key\n");
EC_KEY_free(eckey);
ERR_print_errors(bio_err);
goto end;
}
assert(private);
if (outformat == FORMAT_ASN1)
i = i2d_ECPrivateKey_bio(out, eckey);
else
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
NULL, 0, NULL, NULL);
EC_KEY_free(eckey);
}
ret = 0;
end:
BN_free(ec_p);
BN_free(ec_a);
BN_free(ec_b);
BN_free(ec_gen);
BN_free(ec_order);
BN_free(ec_cofactor);
OPENSSL_free(buffer);
EC_GROUP_free(group);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
return ret;
}
#endif

675
trunk/3rdparty/openssl-1.1-fit/apps/enc.c vendored Normal file
View file

@ -0,0 +1,675 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/pem.h>
#ifndef OPENSSL_NO_COMP
# include <openssl/comp.h>
#endif
#include <ctype.h>
#undef SIZE
#undef BSIZE
#define SIZE (512)
#define BSIZE (8*1024)
static int set_hex(const char *in, unsigned char *out, int size);
static void show_ciphers(const OBJ_NAME *name, void *bio_);
struct doall_enc_ciphers {
BIO *bio;
int n;
};
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_LIST,
OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS enc_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"ciphers", OPT_LIST, '-', "List ciphers"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pass", OPT_PASS, 's', "Passphrase source"},
{"e", OPT_E, '-', "Encrypt"},
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
{"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
{"v", OPT_V, '-', "Verbose output"},
{"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
{"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
{"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
{"debug", OPT_DEBUG, '-', "Print debug info"},
{"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
{"base64", OPT_A, '-', "Same as option -a"},
{"A", OPT_UPPER_A, '-',
"Used with -[base64|a] to specify base64 buffer as a single line"},
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
{"k", OPT_K, 's', "Passphrase"},
{"kfile", OPT_KFILE, '<', "Read passphrase from file"},
{"K", OPT_UPPER_K, 's', "Raw key, in hex"},
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
{"iv", OPT_IV, 's', "IV in hex"},
{"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
{"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"},
{"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"},
{"none", OPT_NONE, '-', "Don't encrypt"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int enc_main(int argc, char **argv)
{
static char buf[128];
static const char magic[] = "Salted__";
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
NULL, *wbio = NULL;
EVP_CIPHER_CTX *ctx = NULL;
const EVP_CIPHER *cipher = NULL, *c;
const EVP_MD *dgst = NULL;
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
char *infile = NULL, *outfile = NULL, *prog;
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
char mbuf[sizeof(magic) - 1];
OPTION_CHOICE o;
int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
int enc = 1, printkey = 0, i, k;
int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY;
int ret = 1, inl, nopad = 0;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
int pbkdf2 = 0;
int iter = 0;
long n;
struct doall_enc_ciphers dec;
#ifdef ZLIB
int do_zlib = 0;
BIO *bzl = NULL;
#endif
/* first check the program name */
prog = opt_progname(argv[0]);
if (strcmp(prog, "base64") == 0) {
base64 = 1;
#ifdef ZLIB
} else if (strcmp(prog, "zlib") == 0) {
do_zlib = 1;
#endif
} else {
cipher = EVP_get_cipherbyname(prog);
if (cipher == NULL && strcmp(prog, "enc") != 0) {
BIO_printf(bio_err, "%s is not a known cipher\n", prog);
goto end;
}
}
prog = opt_init(argc, argv, enc_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(enc_options);
ret = 0;
goto end;
case OPT_LIST:
BIO_printf(bio_out, "Supported ciphers:\n");
dec.bio = bio_out;
dec.n = 0;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers, &dec);
BIO_printf(bio_out, "\n");
ret = 0;
goto end;
case OPT_E:
enc = 1;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASS:
passarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_D:
enc = 0;
break;
case OPT_P:
printkey = 1;
break;
case OPT_V:
verbose = 1;
break;
case OPT_NOPAD:
nopad = 1;
break;
case OPT_SALT:
nosalt = 0;
break;
case OPT_NOSALT:
nosalt = 1;
break;
case OPT_DEBUG:
debug = 1;
break;
case OPT_UPPER_P:
printkey = 2;
break;
case OPT_UPPER_A:
olb64 = 1;
break;
case OPT_A:
base64 = 1;
break;
case OPT_Z:
#ifdef ZLIB
do_zlib = 1;
#endif
break;
case OPT_BUFSIZE:
p = opt_arg();
i = (int)strlen(p) - 1;
k = i >= 1 && p[i] == 'k';
if (k)
p[i] = '\0';
if (!opt_long(opt_arg(), &n)
|| n < 0 || (k && n >= LONG_MAX / 1024))
goto opthelp;
if (k)
n *= 1024;
bsize = (int)n;
break;
case OPT_K:
str = opt_arg();
break;
case OPT_KFILE:
in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
if (in == NULL)
goto opthelp;
i = BIO_gets(in, buf, sizeof(buf));
BIO_free(in);
in = NULL;
if (i <= 0) {
BIO_printf(bio_err,
"%s Can't read key from %s\n", prog, opt_arg());
goto opthelp;
}
while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
buf[i] = '\0';
if (i <= 0) {
BIO_printf(bio_err, "%s: zero length password\n", prog);
goto opthelp;
}
str = buf;
break;
case OPT_UPPER_K:
hkey = opt_arg();
break;
case OPT_UPPER_S:
hsalt = opt_arg();
break;
case OPT_IV:
hiv = opt_arg();
break;
case OPT_MD:
if (!opt_md(opt_arg(), &dgst))
goto opthelp;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &c))
goto opthelp;
cipher = c;
break;
case OPT_ITER:
if (!opt_int(opt_arg(), &iter))
goto opthelp;
pbkdf2 = 1;
break;
case OPT_PBKDF2:
pbkdf2 = 1;
if (iter == 0) /* do not overwrite a chosen value */
iter = 10000;
break;
case OPT_NONE:
cipher = NULL;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
}
}
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
goto end;
}
if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog);
goto end;
}
if (dgst == NULL)
dgst = EVP_sha256();
if (iter == 0)
iter = 1;
/* It must be large enough for a base64 encoded line */
if (base64 && bsize < 80)
bsize = 80;
if (verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
#ifdef ZLIB
if (!do_zlib)
#endif
if (base64) {
if (enc)
outformat = FORMAT_BASE64;
else
informat = FORMAT_BASE64;
}
strbuf = app_malloc(SIZE, "strbuf");
buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");
if (infile == NULL) {
in = dup_bio_in(informat);
} else {
in = bio_open_default(infile, 'r', informat);
}
if (in == NULL)
goto end;
if (str == NULL && passarg != NULL) {
if (!app_passwd(passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
str = pass;
}
if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
for (;;) {
char prompt[200];
BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
if (i == 0) {
if (strbuf[0] == '\0') {
ret = 1;
goto end;
}
str = strbuf;
break;
}
if (i < 0) {
BIO_printf(bio_err, "bad password read\n");
goto end;
}
}
} else {
#endif
BIO_printf(bio_err, "password required\n");
goto end;
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
BIO_set_callback(out, BIO_debug_callback);
BIO_set_callback_arg(in, (char *)bio_err);
BIO_set_callback_arg(out, (char *)bio_err);
}
rbio = in;
wbio = out;
#ifdef ZLIB
if (do_zlib) {
if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
goto end;
if (debug) {
BIO_set_callback(bzl, BIO_debug_callback);
BIO_set_callback_arg(bzl, (char *)bio_err);
}
if (enc)
wbio = BIO_push(bzl, wbio);
else
rbio = BIO_push(bzl, rbio);
}
#endif
if (base64) {
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
if (debug) {
BIO_set_callback(b64, BIO_debug_callback);
BIO_set_callback_arg(b64, (char *)bio_err);
}
if (olb64)
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
if (enc)
wbio = BIO_push(b64, wbio);
else
rbio = BIO_push(b64, rbio);
}
if (cipher != NULL) {
/*
* Note that str is NULL if a key was passed on the command line, so
* we get no salt in that case. Is this a bug?
*/
if (str != NULL) {
/*
* Salt handling: if encrypting generate a salt and write to
* output BIO. If decrypting read salt from input BIO.
*/
unsigned char *sptr;
size_t str_len = strlen(str);
if (nosalt) {
sptr = NULL;
} else {
if (enc) {
if (hsalt) {
if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
} else if (RAND_bytes(salt, sizeof(salt)) <= 0) {
goto end;
}
/*
* If -P option then don't bother writing
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio,
(char *)salt,
sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
} else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio,
(unsigned char *)salt,
sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
} else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
sptr = salt;
}
if (pbkdf2 == 1) {
/*
* derive key and default iv
* concatenated into a temporary buffer
*/
unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
int iklen = EVP_CIPHER_key_length(cipher);
int ivlen = EVP_CIPHER_iv_length(cipher);
/* not needed if HASH_UPDATE() is fixed : */
int islen = (sptr != NULL ? sizeof(salt) : 0);
if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen,
iter, dgst, iklen+ivlen, tmpkeyiv)) {
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
goto end;
}
/* split and move data back to global buffer */
memcpy(key, tmpkeyiv, iklen);
memcpy(iv, tmpkeyiv+iklen, ivlen);
} else {
BIO_printf(bio_err, "*** WARNING : "
"deprecated key derivation used.\n"
"Using -iter or -pbkdf2 would be better.\n");
if (!EVP_BytesToKey(cipher, dgst, sptr,
(unsigned char *)str, str_len,
1, key, iv)) {
BIO_printf(bio_err, "EVP_BytesToKey failed\n");
goto end;
}
}
/*
* zero the complete buffer or the string passed from the command
* line.
*/
if (str == strbuf)
OPENSSL_cleanse(str, SIZE);
else
OPENSSL_cleanse(str, str_len);
}
if (hiv != NULL) {
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
} else if (!set_hex(hiv, iv, siz)) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
}
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0) {
/*
* No IV was explicitly set and no IV was generated.
* Hence the IV is undefined, making correct decryption impossible.
*/
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
if (hkey != NULL) {
if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
BIO_printf(bio_err, "invalid hex key value\n");
goto end;
}
/* wiping secret data as we no longer need it */
OPENSSL_cleanse(hkey, strlen(hkey));
}
if ((benc = BIO_new(BIO_f_cipher())) == NULL)
goto end;
/*
* Since we may be changing parameters work on the encryption context
* rather than calling BIO_set_cipher().
*/
BIO_get_cipher_ctx(benc, &ctx);
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (debug) {
BIO_set_callback(benc, BIO_debug_callback);
BIO_set_callback_arg(benc, (char *)bio_err);
}
if (printkey) {
if (!nosalt) {
printf("salt=");
for (i = 0; i < (int)sizeof(salt); i++)
printf("%02X", salt[i]);
printf("\n");
}
if (EVP_CIPHER_key_length(cipher) > 0) {
printf("key=");
for (i = 0; i < EVP_CIPHER_key_length(cipher); i++)
printf("%02X", key[i]);
printf("\n");
}
if (EVP_CIPHER_iv_length(cipher) > 0) {
printf("iv =");
for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++)
printf("%02X", iv[i]);
printf("\n");
}
if (printkey == 2) {
ret = 0;
goto end;
}
}
}
/* Only encrypt/decrypt as we write the file */
if (benc != NULL)
wbio = BIO_push(benc, wbio);
for (;;) {
inl = BIO_read(rbio, (char *)buff, bsize);
if (inl <= 0)
break;
if (BIO_write(wbio, (char *)buff, inl) != inl) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
}
if (!BIO_flush(wbio)) {
BIO_printf(bio_err, "bad decrypt\n");
goto end;
}
ret = 0;
if (verbose) {
BIO_printf(bio_err, "bytes read : %8ju\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out));
}
end:
ERR_print_errors(bio_err);
OPENSSL_free(strbuf);
OPENSSL_free(buff);
BIO_free(in);
BIO_free_all(out);
BIO_free(benc);
BIO_free(b64);
#ifdef ZLIB
BIO_free(bzl);
#endif
release_engine(e);
OPENSSL_free(pass);
return ret;
}
static void show_ciphers(const OBJ_NAME *name, void *arg)
{
struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
const EVP_CIPHER *cipher;
if (!islower((unsigned char)*name->name))
return;
/* Filter out ciphers that we cannot use */
cipher = EVP_get_cipherbyname(name->name);
if (cipher == NULL ||
(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
return;
BIO_printf(dec->bio, "-%-25s", name->name);
if (++dec->n == 3) {
BIO_printf(dec->bio, "\n");
dec->n = 0;
} else
BIO_printf(dec->bio, " ");
}
static int set_hex(const char *in, unsigned char *out, int size)
{
int i, n;
unsigned char j;
i = size * 2;
n = strlen(in);
if (n > i) {
BIO_printf(bio_err, "hex string is too long, ignoring excess\n");
n = i; /* ignore exceeding part */
} else if (n < i) {
BIO_printf(bio_err, "hex string is too short, padding with zero bytes to length\n");
}
memset(out, 0, size);
for (i = 0; i < n; i++) {
j = (unsigned char)*in++;
if (!isxdigit(j)) {
BIO_printf(bio_err, "non-hex digit\n");
return 0;
}
j = (unsigned char)OPENSSL_hexchar2int(j);
if (i & 1)
out[i / 2] |= j;
else
out[i / 2] = (j << 4);
}
return 1;
}

489
trunk/3rdparty/openssl-1.1-fit/apps/engine.c vendored Normal file
View file

@ -0,0 +1,489 @@
/*
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_ENGINE
NON_EMPTY_TRANSLATION_UNIT
#else
# include "apps.h"
# include "progs.h"
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include <openssl/err.h>
# include <openssl/engine.h>
# include <openssl/ssl.h>
# include <openssl/store.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
} OPTION_CHOICE;
const OPTIONS engine_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"},
{OPT_HELP_STR, 1, '-',
" engine... Engines to load\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"v", OPT_V, '-', "List 'control commands' For each specified engine"},
{"vv", OPT_VV, '-', "Also display each command's description"},
{"vvv", OPT_VVV, '-', "Also add the input flags for each command"},
{"vvvv", OPT_VVVV, '-', "Also show internal input flags"},
{"c", OPT_C, '-', "List the capabilities of specified engine"},
{"t", OPT_T, '-', "Check that specified engine is available"},
{"tt", OPT_TT, '-', "Display error trace for unavailable engines"},
{"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"},
{"post", OPT_POST, 's', "Run command against the ENGINE after loading it"},
{OPT_MORE_STR, OPT_EOF, 1,
"Commands are like \"SO_PATH:/lib/libdriver.so\""},
{NULL}
};
static int append_buf(char **buf, int *size, const char *s)
{
const int expand = 256;
int len = strlen(s) + 1;
char *p = *buf;
if (p == NULL) {
*size = ((len + expand - 1) / expand) * expand;
p = *buf = app_malloc(*size, "engine buffer");
} else {
const int blen = strlen(p);
if (blen > 0)
len += 2 + blen;
if (len > *size) {
*size = ((len + expand - 1) / expand) * expand;
p = OPENSSL_realloc(p, *size);
if (p == NULL) {
OPENSSL_free(*buf);
*buf = NULL;
return 0;
}
*buf = p;
}
if (blen > 0) {
p += blen;
*p++ = ',';
*p++ = ' ';
}
}
strcpy(p, s);
return 1;
}
static int util_flags(BIO *out, unsigned int flags, const char *indent)
{
int started = 0, err = 0;
/* Indent before displaying input flags */
BIO_printf(out, "%s%s(input flags): ", indent, indent);
if (flags == 0) {
BIO_printf(out, "<no flags>\n");
return 1;
}
/*
* If the object is internal, mark it in a way that shows instead of
* having it part of all the other flags, even if it really is.
*/
if (flags & ENGINE_CMD_FLAG_INTERNAL) {
BIO_printf(out, "[Internal] ");
}
if (flags & ENGINE_CMD_FLAG_NUMERIC) {
BIO_printf(out, "NUMERIC");
started = 1;
}
/*
* Now we check that no combinations of the mutually exclusive NUMERIC,
* STRING, and NO_INPUT flags have been used. Future flags that can be
* OR'd together with these would need to added after these to preserve
* the testing logic.
*/
if (flags & ENGINE_CMD_FLAG_STRING) {
if (started) {
BIO_printf(out, "|");
err = 1;
}
BIO_printf(out, "STRING");
started = 1;
}
if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
if (started) {
BIO_printf(out, "|");
err = 1;
}
BIO_printf(out, "NO_INPUT");
started = 1;
}
/* Check for unknown flags */
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
~ENGINE_CMD_FLAG_STRING &
~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
if (flags) {
if (started)
BIO_printf(out, "|");
BIO_printf(out, "<0x%04X>", flags);
}
if (err)
BIO_printf(out, " <illegal flags!>");
BIO_printf(out, "\n");
return 1;
}
static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
{
static const int line_wrap = 78;
int num;
int ret = 0;
char *name = NULL;
char *desc = NULL;
int flags;
int xpos = 0;
STACK_OF(OPENSSL_STRING) *cmds = NULL;
if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
0, NULL, NULL)) <= 0)) {
return 1;
}
cmds = sk_OPENSSL_STRING_new_null();
if (cmds == NULL)
goto err;
do {
int len;
/* Get the command input flags */
if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
NULL, NULL)) < 0)
goto err;
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
/* Get the command name */
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
NULL, NULL)) <= 0)
goto err;
name = app_malloc(len + 1, "name buffer");
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
NULL) <= 0)
goto err;
/* Get the command description */
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
NULL, NULL)) < 0)
goto err;
if (len > 0) {
desc = app_malloc(len + 1, "description buffer");
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
NULL) <= 0)
goto err;
}
/* Now decide on the output */
if (xpos == 0)
/* Do an indent */
xpos = BIO_puts(out, indent);
else
/* Otherwise prepend a ", " */
xpos += BIO_printf(out, ", ");
if (verbose == 1) {
/*
* We're just listing names, comma-delimited
*/
if ((xpos > (int)strlen(indent)) &&
(xpos + (int)strlen(name) > line_wrap)) {
BIO_printf(out, "\n");
xpos = BIO_puts(out, indent);
}
xpos += BIO_printf(out, "%s", name);
} else {
/* We're listing names plus descriptions */
BIO_printf(out, "%s: %s\n", name,
(desc == NULL) ? "<no description>" : desc);
/* ... and sometimes input flags */
if ((verbose >= 3) && !util_flags(out, flags, indent))
goto err;
xpos = 0;
}
}
OPENSSL_free(name);
name = NULL;
OPENSSL_free(desc);
desc = NULL;
/* Move to the next command */
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
} while (num > 0);
if (xpos > 0)
BIO_printf(out, "\n");
ret = 1;
err:
sk_OPENSSL_STRING_free(cmds);
OPENSSL_free(name);
OPENSSL_free(desc);
return ret;
}
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
BIO *out, const char *indent)
{
int loop, res, num = sk_OPENSSL_STRING_num(cmds);
if (num < 0) {
BIO_printf(out, "[Error]: internal stack error\n");
return;
}
for (loop = 0; loop < num; loop++) {
char buf[256];
const char *cmd, *arg;
cmd = sk_OPENSSL_STRING_value(cmds, loop);
res = 1; /* assume success */
/* Check if this command has no ":arg" */
if ((arg = strstr(cmd, ":")) == NULL) {
if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
res = 0;
} else {
if ((int)(arg - cmd) > 254) {
BIO_printf(out, "[Error]: command name too long\n");
return;
}
memcpy(buf, cmd, (int)(arg - cmd));
buf[arg - cmd] = '\0';
arg++; /* Move past the ":" */
/* Call the command with the argument */
if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
res = 0;
}
if (res) {
BIO_printf(out, "[Success]: %s\n", cmd);
} else {
BIO_printf(out, "[Failure]: %s\n", cmd);
ERR_print_errors(out);
}
}
}
struct util_store_cap_data {
ENGINE *engine;
char **cap_buf;
int *cap_size;
int ok;
};
static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg)
{
struct util_store_cap_data *ctx = arg;
if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) {
char buf[256];
BIO_snprintf(buf, sizeof(buf), "STORE(%s)",
OSSL_STORE_LOADER_get0_scheme(loader));
if (!append_buf(ctx->cap_buf, ctx->cap_size, buf))
ctx->ok = 0;
}
}
int engine_main(int argc, char **argv)
{
int ret = 1, i;
int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
ENGINE *e;
STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null();
STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
BIO *out;
const char *indent = " ";
OPTION_CHOICE o;
char *prog;
char *argv1;
out = dup_bio_out(FORMAT_TEXT);
if (engines == NULL || pre_cmds == NULL || post_cmds == NULL)
goto end;
/* Remember the original command name, parse/skip any leading engine
* names, and then setup to parse the rest of the line as flags. */
prog = argv[0];
while ((argv1 = argv[1]) != NULL && *argv1 != '-') {
sk_OPENSSL_CSTRING_push(engines, argv1);
argc--;
argv++;
}
argv[0] = prog;
opt_init(argc, argv, engine_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(engine_options);
ret = 0;
goto end;
case OPT_VVVV:
case OPT_VVV:
case OPT_VV:
case OPT_V:
/* Convert to an integer from one to four. */
i = (int)(o - OPT_V) + 1;
if (verbose < i)
verbose = i;
break;
case OPT_C:
list_cap = 1;
break;
case OPT_TT:
test_avail_noise++;
/* fall thru */
case OPT_T:
test_avail++;
break;
case OPT_PRE:
sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
break;
case OPT_POST:
sk_OPENSSL_STRING_push(post_cmds, opt_arg());
break;
}
}
/* Allow any trailing parameters as engine names. */
argc = opt_num_rest();
argv = opt_rest();
for ( ; *argv; argv++) {
if (**argv == '-') {
BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n",
prog);
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
}
sk_OPENSSL_CSTRING_push(engines, *argv);
}
if (sk_OPENSSL_CSTRING_num(engines) == 0) {
for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e));
}
}
ret = 0;
for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) {
const char *id = sk_OPENSSL_CSTRING_value(engines, i);
if ((e = ENGINE_by_id(id)) != NULL) {
const char *name = ENGINE_get_name(e);
/*
* Do "id" first, then "name". Easier to auto-parse.
*/
BIO_printf(out, "(%s) %s\n", id, name);
util_do_cmds(e, pre_cmds, out, indent);
if (strcmp(ENGINE_get_id(e), id) != 0) {
BIO_printf(out, "Loaded: (%s) %s\n",
ENGINE_get_id(e), ENGINE_get_name(e));
}
if (list_cap) {
int cap_size = 256;
char *cap_buf = NULL;
int k, n;
const int *nids;
ENGINE_CIPHERS_PTR fn_c;
ENGINE_DIGESTS_PTR fn_d;
ENGINE_PKEY_METHS_PTR fn_pk;
if (ENGINE_get_RSA(e) != NULL
&& !append_buf(&cap_buf, &cap_size, "RSA"))
goto end;
if (ENGINE_get_DSA(e) != NULL
&& !append_buf(&cap_buf, &cap_size, "DSA"))
goto end;
if (ENGINE_get_DH(e) != NULL
&& !append_buf(&cap_buf, &cap_size, "DH"))
goto end;
if (ENGINE_get_RAND(e) != NULL
&& !append_buf(&cap_buf, &cap_size, "RAND"))
goto end;
fn_c = ENGINE_get_ciphers(e);
if (fn_c == NULL)
goto skip_ciphers;
n = fn_c(e, NULL, &nids, 0);
for (k = 0; k < n; ++k)
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
goto end;
skip_ciphers:
fn_d = ENGINE_get_digests(e);
if (fn_d == NULL)
goto skip_digests;
n = fn_d(e, NULL, &nids, 0);
for (k = 0; k < n; ++k)
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
goto end;
skip_digests:
fn_pk = ENGINE_get_pkey_meths(e);
if (fn_pk == NULL)
goto skip_pmeths;
n = fn_pk(e, NULL, &nids, 0);
for (k = 0; k < n; ++k)
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
goto end;
skip_pmeths:
{
struct util_store_cap_data store_ctx;
store_ctx.engine = e;
store_ctx.cap_buf = &cap_buf;
store_ctx.cap_size = &cap_size;
store_ctx.ok = 1;
OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx);
if (!store_ctx.ok)
goto end;
}
if (cap_buf != NULL && (*cap_buf != '\0'))
BIO_printf(out, " [%s]\n", cap_buf);
OPENSSL_free(cap_buf);
}
if (test_avail) {
BIO_printf(out, "%s", indent);
if (ENGINE_init(e)) {
BIO_printf(out, "[ available ]\n");
util_do_cmds(e, post_cmds, out, indent);
ENGINE_finish(e);
} else {
BIO_printf(out, "[ unavailable ]\n");
if (test_avail_noise)
ERR_print_errors_fp(stdout);
ERR_clear_error();
}
}
if ((verbose > 0) && !util_verbose(e, verbose, out, indent))
goto end;
ENGINE_free(e);
} else {
ERR_print_errors(bio_err);
/* because exit codes above 127 have special meaning on Unix */
if (++ret > 127)
ret = 127;
}
}
end:
ERR_print_errors(bio_err);
sk_OPENSSL_CSTRING_free(engines);
sk_OPENSSL_STRING_free(pre_cmds);
sk_OPENSSL_STRING_free(post_cmds);
BIO_free_all(out);
return ret;
}
#endif

67
trunk/3rdparty/openssl-1.1-fit/apps/errstr.c vendored Normal file
View file

@ -0,0 +1,67 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP
} OPTION_CHOICE;
const OPTIONS errstr_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"},
{OPT_HELP_STR, 1, '-', " errnum Error number\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{NULL}
};
int errstr_main(int argc, char **argv)
{
OPTION_CHOICE o;
char buf[256], *prog;
int ret = 1;
unsigned long l;
prog = opt_init(argc, argv, errstr_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(errstr_options);
ret = 0;
goto end;
}
}
ret = 0;
for (argv = opt_rest(); *argv; argv++) {
if (sscanf(*argv, "%lx", &l) == 0) {
ret++;
} else {
/* We're not really an SSL application so this won't auto-init, but
* we're still interested in SSL error strings
*/
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
ERR_error_string_n(l, buf, sizeof(buf));
BIO_printf(bio_out, "%s\n", buf);
}
}
end:
return ret;
}

146
trunk/3rdparty/openssl-1.1-fit/apps/gendsa.c vendored Normal file
View file

@ -0,0 +1,146 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DSA
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <string.h>
# include <sys/types.h>
# include <sys/stat.h>
# include "apps.h"
# include "progs.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/dsa.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS gendsa_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output the key to the specified file"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
OPT_R_OPTIONS,
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};
int gendsa_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL, *in = NULL;
DSA *dsa = NULL;
const EVP_CIPHER *enc = NULL;
char *dsaparams = NULL;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
OPTION_CHOICE o;
int ret = 1, private = 0;
const BIGNUM *p = NULL;
prog = opt_init(argc, argv, gendsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(gendsa_options);
goto end;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
private = 1;
if (argc != 1)
goto opthelp;
dsaparams = *argv;
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
in = bio_open_default(dsaparams, 'r', FORMAT_PEM);
if (in == NULL)
goto end2;
if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
BIO_printf(bio_err, "unable to load DSA parameter file\n");
goto end;
}
BIO_free(in);
in = NULL;
out = bio_open_owner(outfile, FORMAT_PEM, private);
if (out == NULL)
goto end2;
DSA_get0_pqg(dsa, &p, NULL, NULL);
if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));
BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
if (!DSA_generate_key(dsa))
goto end;
assert(private);
if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
goto end;
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
end2:
BIO_free(in);
BIO_free_all(out);
DSA_free(dsa);
release_engine(e);
OPENSSL_free(passout);
return ret;
}
#endif

322
trunk/3rdparty/openssl-1.1-fit/apps/genpkey.c vendored Normal file
View file

@ -0,0 +1,322 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e);
static int genpkey_cb(EVP_PKEY_CTX *ctx);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
} OPTION_CHOICE;
const OPTIONS genpkey_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
{"pass", OPT_PASS, 's', "Output file pass phrase source"},
{"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
{"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
{"pkeyopt", OPT_PKEYOPT, 's',
"Set the public key algorithm option as opt:value"},
{"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
{"text", OPT_TEXT, '-', "Print the in text"},
{"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
/* This is deliberately last. */
{OPT_HELP_STR, 1, 1,
"Order of options may be important! See the documentation.\n"},
{NULL}
};
int genpkey_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog;
const EVP_CIPHER *cipher = NULL;
OPTION_CHOICE o;
int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
int private = 0;
prog = opt_init(argc, argv, genpkey_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(genpkey_options);
goto end;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASS:
passarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PARAMFILE:
if (do_param == 1)
goto opthelp;
if (!init_keygen_file(&ctx, opt_arg(), e))
goto end;
break;
case OPT_ALGORITHM:
if (!init_gen_str(&ctx, opt_arg(), e, do_param))
goto end;
break;
case OPT_PKEYOPT:
if (ctx == NULL) {
BIO_printf(bio_err, "%s: No keytype specified.\n", prog);
goto opthelp;
}
if (pkey_ctrl_string(ctx, opt_arg()) <= 0) {
BIO_printf(bio_err,
"%s: Error setting %s parameter:\n",
prog, opt_arg());
ERR_print_errors(bio_err);
goto end;
}
break;
case OPT_GENPARAM:
if (ctx != NULL)
goto opthelp;
do_param = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &cipher)
|| do_param == 1)
goto opthelp;
if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE) {
BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);
goto end;
}
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = do_param ? 0 : 1;
if (ctx == NULL)
goto opthelp;
if (!app_passwd(passarg, NULL, &pass, NULL)) {
BIO_puts(bio_err, "Error getting password\n");
goto end;
}
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
if (do_param) {
if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
BIO_puts(bio_err, "Error generating parameters\n");
ERR_print_errors(bio_err);
goto end;
}
} else {
if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
BIO_puts(bio_err, "Error generating key\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (do_param) {
rv = PEM_write_bio_Parameters(out, pkey);
} else if (outformat == FORMAT_PEM) {
assert(private);
rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
} else if (outformat == FORMAT_ASN1) {
assert(private);
rv = i2d_PrivateKey_bio(out, pkey);
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
if (rv <= 0) {
BIO_puts(bio_err, "Error writing key\n");
ERR_print_errors(bio_err);
}
if (text) {
if (do_param)
rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
else
rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
if (rv <= 0) {
BIO_puts(bio_err, "Error printing key\n");
ERR_print_errors(bio_err);
}
}
ret = 0;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
BIO_free_all(out);
BIO_free(in);
release_engine(e);
OPENSSL_free(pass);
return ret;
}
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e)
{
BIO *pbio;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
if (*pctx) {
BIO_puts(bio_err, "Parameters already set!\n");
return 0;
}
pbio = BIO_new_file(file, "r");
if (!pbio) {
BIO_printf(bio_err, "Can't open parameter file %s\n", file);
return 0;
}
pkey = PEM_read_bio_Parameters(pbio, NULL);
BIO_free(pbio);
if (!pkey) {
BIO_printf(bio_err, "Error reading parameter file %s\n", file);
return 0;
}
ctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL)
goto err;
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
EVP_PKEY_free(pkey);
*pctx = ctx;
return 1;
err:
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
return 0;
}
int init_gen_str(EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param)
{
EVP_PKEY_CTX *ctx = NULL;
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *tmpeng = NULL;
int pkey_id;
if (*pctx) {
BIO_puts(bio_err, "Algorithm already set!\n");
return 0;
}
ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
#ifndef OPENSSL_NO_ENGINE
if (!ameth && e)
ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
#endif
if (!ameth) {
BIO_printf(bio_err, "Algorithm %s not found\n", algname);
return 0;
}
ERR_clear_error();
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(tmpeng);
#endif
ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
if (!ctx)
goto err;
if (do_param) {
if (EVP_PKEY_paramgen_init(ctx) <= 0)
goto err;
} else {
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
}
*pctx = ctx;
return 1;
err:
BIO_printf(bio_err, "Error initializing %s context\n", algname);
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(ctx);
return 0;
}
static int genpkey_cb(EVP_PKEY_CTX *ctx)
{
char c = '*';
BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
int p;
p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
BIO_write(b, &c, 1);
(void)BIO_flush(b);
return 1;
}

201
trunk/3rdparty/openssl-1.1-fit/apps/genrsa.c vendored Normal file
View file

@ -0,0 +1,201 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <string.h>
# include <sys/types.h>
# include <sys/stat.h>
# include "apps.h"
# include "progs.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/rsa.h>
# include <openssl/evp.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# include <openssl/rand.h>
# define DEFBITS 2048
# define DEFPRIMES 2
static int genrsa_cb(int p, int n, BN_GENCB *cb);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_3, OPT_F4, OPT_ENGINE,
OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS genrsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"3", OPT_3, '-', "Use 3 for the E value"},
{"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
{"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
{"out", OPT_OUT, '>', "Output the key to specified file"},
OPT_R_OPTIONS,
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{"primes", OPT_PRIMES, 'p', "Specify number of primes"},
{NULL}
};
int genrsa_main(int argc, char **argv)
{
BN_GENCB *cb = BN_GENCB_new();
PW_CB_DATA cb_data;
ENGINE *eng = NULL;
BIGNUM *bn = BN_new();
BIO *out = NULL;
const BIGNUM *e;
RSA *rsa = NULL;
const EVP_CIPHER *enc = NULL;
int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
unsigned long f4 = RSA_F4;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
char *prog, *hexe, *dece;
OPTION_CHOICE o;
if (bn == NULL || cb == NULL)
goto end;
BN_GENCB_set(cb, genrsa_cb, bio_err);
prog = opt_init(argc, argv, genrsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(genrsa_options);
goto end;
case OPT_3:
f4 = 3;
break;
case OPT_F4:
f4 = RSA_F4;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
eng = setup_engine(opt_arg(), 0);
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
case OPT_PRIMES:
if (!opt_int(opt_arg(), &primes))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (argc == 1) {
if (!opt_int(argv[0], &num) || num <= 0)
goto end;
if (num > OPENSSL_RSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for RSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_RSA_MAX_MODULUS_BITS, num);
} else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
private = 1;
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
out = bio_open_owner(outfile, FORMAT_PEM, private);
if (out == NULL)
goto end;
BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n",
num, primes);
rsa = eng ? RSA_new_method(eng) : RSA_new();
if (rsa == NULL)
goto end;
if (!BN_set_word(bn, f4)
|| !RSA_generate_multi_prime_key(rsa, num, primes, bn, cb))
goto end;
RSA_get0_key(rsa, NULL, &e, NULL);
hexe = BN_bn2hex(e);
dece = BN_bn2dec(e);
if (hexe && dece) {
BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
}
OPENSSL_free(hexe);
OPENSSL_free(dece);
cb_data.password = passout;
cb_data.prompt_info = outfile;
assert(private);
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
(pem_password_cb *)password_callback,
&cb_data))
goto end;
ret = 0;
end:
BN_free(bn);
BN_GENCB_free(cb);
RSA_free(rsa);
BIO_free_all(out);
release_engine(eng);
OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
return ret;
}
static int genrsa_cb(int p, int n, BN_GENCB *cb)
{
char c = '*';
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
#endif

114
trunk/3rdparty/openssl-1.1-fit/apps/nseq.c vendored Normal file
View file

@ -0,0 +1,114 @@
/*
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_TOSEQ, OPT_IN, OPT_OUT
} OPTION_CHOICE;
const OPTIONS nseq_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{NULL}
};
int nseq_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
X509 *x509 = NULL;
NETSCAPE_CERT_SEQUENCE *seq = NULL;
OPTION_CHOICE o;
int toseq = 0, ret = 1, i;
char *infile = NULL, *outfile = NULL, *prog;
prog = opt_init(argc, argv, nseq_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(nseq_options);
goto end;
case OPT_TOSEQ:
toseq = 1;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
in = bio_open_default(infile, 'r', FORMAT_PEM);
if (in == NULL)
goto end;
out = bio_open_default(outfile, 'w', FORMAT_PEM);
if (out == NULL)
goto end;
if (toseq) {
seq = NETSCAPE_CERT_SEQUENCE_new();
if (seq == NULL)
goto end;
seq->certs = sk_X509_new_null();
if (seq->certs == NULL)
goto end;
while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
sk_X509_push(seq->certs, x509);
if (!sk_X509_num(seq->certs)) {
BIO_printf(bio_err, "%s: Error reading certs file %s\n",
prog, infile);
ERR_print_errors(bio_err);
goto end;
}
PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
ret = 0;
goto end;
}
seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL);
if (seq == NULL) {
BIO_printf(bio_err, "%s: Error reading sequence file %s\n",
prog, infile);
ERR_print_errors(bio_err);
goto end;
}
for (i = 0; i < sk_X509_num(seq->certs); i++) {
x509 = sk_X509_value(seq->certs, i);
dump_cert_text(out, x509);
PEM_write_bio_X509(out, x509);
}
ret = 0;
end:
BIO_free(in);
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
return ret;
}

1621
trunk/3rdparty/openssl-1.1-fit/apps/ocsp.c vendored Normal file
View file

File diff suppressed because it is too large Load diff

350
trunk/3rdparty/openssl-1.1-fit/apps/openssl-vms.cnf vendored Normal file
View file

@ -0,0 +1,350 @@
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = sys\$disk:[.demoCA # Where everything is kept
certs = $dir.certs] # Where the issued certs are kept
crl_dir = $dir.crl] # Where the issued crl are kept
database = $dir]index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several certs with same subject.
new_certs_dir = $dir.newcerts] # default place for new certs.
certificate = $dir]cacert.pem # The CA certificate
serial = $dir]serial. # The current serial number
crlnumber = $dir]crlnumber. # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir]crl.pem # The current CRL
private_key = $dir.private]cakey.pem# The private key
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = sys\$disk:[.demoCA # TSA root directory
serial = $dir]tsaserial. # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir.cacert.pem] # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)

826
trunk/3rdparty/openssl-1.1-fit/apps/openssl.c vendored Normal file
View file

@ -0,0 +1,826 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <internal/cryptlib.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
#include <openssl/err.h>
#include "s_apps.h"
/* Needed to get the other O_xxx flags. */
#ifdef OPENSSL_SYS_VMS
# include <unixio.h>
#endif
#include "apps.h"
#define INCLUDE_FUNCTION_TABLE
#include "progs.h"
/* Structure to hold the number of columns to be displayed and the
* field width used to display them.
*/
typedef struct {
int columns;
int width;
} DISPLAY_COLUMNS;
/* Special sentinel to exit the program. */
#define EXIT_THE_PROGRAM (-1)
/*
* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
* the base prototypes (we cast each variable inside the function to the
* required type of "FUNCTION*"). This removes the necessity for
* macro-generated wrapper functions.
*/
static LHASH_OF(FUNCTION) *prog_init(void);
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]);
static void list_pkey(void);
static void list_pkey_meth(void);
static void list_type(FUNC_TYPE ft, int one);
static void list_disabled(void);
char *default_config_file = NULL;
BIO *bio_in = NULL;
BIO *bio_out = NULL;
BIO *bio_err = NULL;
static void calculate_columns(DISPLAY_COLUMNS *dc)
{
FUNCTION *f;
int len, maxlen = 0;
for (f = functions; f->name != NULL; ++f)
if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher)
if ((len = strlen(f->name)) > maxlen)
maxlen = len;
dc->width = maxlen + 2;
dc->columns = (80 - 1) / dc->width;
}
static int apps_startup(void)
{
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
/* Set non-default library initialisation settings */
if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
| OPENSSL_INIT_LOAD_CONFIG, NULL))
return 0;
setup_ui_method();
return 1;
}
static void apps_shutdown(void)
{
destroy_ui_method();
destroy_prefix_method();
}
static char *make_config_name(void)
{
const char *t;
size_t len;
char *p;
if ((t = getenv("OPENSSL_CONF")) != NULL)
return OPENSSL_strdup(t);
t = X509_get_default_cert_area();
len = strlen(t) + 1 + strlen(OPENSSL_CONF) + 1;
p = app_malloc(len, "config filename buffer");
strcpy(p, t);
#ifndef OPENSSL_SYS_VMS
strcat(p, "/");
#endif
strcat(p, OPENSSL_CONF);
return p;
}
int main(int argc, char *argv[])
{
FUNCTION f, *fp;
LHASH_OF(FUNCTION) *prog = NULL;
char **copied_argv = NULL;
char *p, *pname;
char buf[1024];
const char *prompt;
ARGS arg;
int first, n, i, ret = 0;
arg.argv = NULL;
arg.size = 0;
/* Set up some of the environment. */
default_config_file = make_config_name();
bio_in = dup_bio_in(FORMAT_TEXT);
bio_out = dup_bio_out(FORMAT_TEXT);
bio_err = dup_bio_err(FORMAT_TEXT);
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
copied_argv = argv = copy_argv(&argc, argv);
#elif defined(_WIN32)
/*
* Replace argv[] with UTF-8 encoded strings.
*/
win32_utf8argv(&argc, &argv);
#endif
p = getenv("OPENSSL_DEBUG_MEMORY");
if (p != NULL && strcmp(p, "on") == 0)
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
if (getenv("OPENSSL_FIPS")) {
BIO_printf(bio_err, "FIPS mode not supported.\n");
return 1;
}
if (!apps_startup()) {
BIO_printf(bio_err,
"FATAL: Startup failure (dev note: apps_startup() failed)\n");
ERR_print_errors(bio_err);
ret = 1;
goto end;
}
prog = prog_init();
pname = opt_progname(argv[0]);
/* first check the program name */
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
if (fp != NULL) {
argv[0] = pname;
ret = fp->func(argc, argv);
goto end;
}
/* If there is stuff on the command line, run with that. */
if (argc != 1) {
argc--;
argv++;
ret = do_cmd(prog, argc, argv);
if (ret < 0)
ret = 0;
goto end;
}
/* ok, lets enter interactive mode */
for (;;) {
ret = 0;
/* Read a line, continue reading if line ends with \ */
for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) {
prompt = first ? "OpenSSL> " : "> ";
p[0] = '\0';
#ifndef READLINE
fputs(prompt, stdout);
fflush(stdout);
if (!fgets(p, n, stdin))
goto end;
if (p[0] == '\0')
goto end;
i = strlen(p);
if (i <= 1)
break;
if (p[i - 2] != '\\')
break;
i -= 2;
p += i;
n -= i;
#else
{
extern char *readline(const char *);
extern void add_history(const char *cp);
char *text;
text = readline(prompt);
if (text == NULL)
goto end;
i = strlen(text);
if (i == 0 || i > n)
break;
if (text[i - 1] != '\\') {
p += strlen(strcpy(p, text));
free(text);
add_history(buf);
break;
}
text[i - 1] = '\0';
p += strlen(strcpy(p, text));
free(text);
n -= i;
}
#endif
}
if (!chopup_args(&arg, buf)) {
BIO_printf(bio_err, "Can't parse (no memory?)\n");
break;
}
ret = do_cmd(prog, arg.argc, arg.argv);
if (ret == EXIT_THE_PROGRAM) {
ret = 0;
goto end;
}
if (ret != 0)
BIO_printf(bio_err, "error in %s\n", arg.argv[0]);
(void)BIO_flush(bio_out);
(void)BIO_flush(bio_err);
}
ret = 1;
end:
OPENSSL_free(copied_argv);
OPENSSL_free(default_config_file);
lh_FUNCTION_free(prog);
OPENSSL_free(arg.argv);
app_RAND_write();
BIO_free(bio_in);
BIO_free_all(bio_out);
apps_shutdown();
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (CRYPTO_mem_leaks(bio_err) <= 0)
ret = 1;
#endif
BIO_free(bio_err);
EXIT(ret);
}
static void list_cipher_fn(const EVP_CIPHER *c,
const char *from, const char *to, void *arg)
{
if (c != NULL) {
BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
} else {
if (from == NULL)
from = "<undefined>";
if (to == NULL)
to = "<undefined>";
BIO_printf(arg, "%s => %s\n", from, to);
}
}
static void list_md_fn(const EVP_MD *m,
const char *from, const char *to, void *arg)
{
if (m != NULL) {
BIO_printf(arg, "%s\n", EVP_MD_name(m));
} else {
if (from == NULL)
from = "<undefined>";
if (to == NULL)
to = "<undefined>";
BIO_printf((BIO *)arg, "%s => %s\n", from, to);
}
}
static void list_missing_help(void)
{
const FUNCTION *fp;
const OPTIONS *o;
for (fp = functions; fp->name != NULL; fp++) {
if ((o = fp->help) != NULL) {
/* If there is help, list what flags are not documented. */
for ( ; o->name != NULL; o++) {
if (o->helpstr == NULL)
BIO_printf(bio_out, "%s %s\n", fp->name, o->name);
}
} else if (fp->func != dgst_main) {
/* If not aliased to the dgst command, */
BIO_printf(bio_out, "%s *\n", fp->name);
}
}
}
static void list_options_for_command(const char *command)
{
const FUNCTION *fp;
const OPTIONS *o;
for (fp = functions; fp->name != NULL; fp++)
if (strcmp(fp->name, command) == 0)
break;
if (fp->name == NULL) {
BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
command);
return;
}
if ((o = fp->help) == NULL)
return;
for ( ; o->name != NULL; o++) {
if (o->name == OPT_HELP_STR
|| o->name == OPT_MORE_STR
|| o->name[0] == '\0')
continue;
BIO_printf(bio_out, "%s %c\n", o->name, o->valtype);
}
}
/* Unified enum for help and list commands. */
typedef enum HELPLIST_CHOICE {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE,
OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_OPTIONS,
OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, OPT_MISSING_HELP
} HELPLIST_CHOICE;
const OPTIONS list_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"1", OPT_ONE, '-', "List in one column"},
{"commands", OPT_COMMANDS, '-', "List of standard commands"},
{"digest-commands", OPT_DIGEST_COMMANDS, '-',
"List of message digest commands"},
{"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-',
"List of message digest algorithms"},
{"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"},
{"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
"List of cipher algorithms"},
{"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
"List of public key algorithms"},
{"public-key-methods", OPT_PK_METHOD, '-',
"List of public key methods"},
{"disabled", OPT_DISABLED, '-',
"List of disabled features"},
{"missing-help", OPT_MISSING_HELP, '-',
"List missing detailed help strings"},
{"options", OPT_OPTIONS, 's',
"List options for specified command"},
{NULL}
};
int list_main(int argc, char **argv)
{
char *prog;
HELPLIST_CHOICE o;
int one = 0, done = 0;
prog = opt_init(argc, argv, list_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF: /* Never hit, but suppresses warning */
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1;
case OPT_HELP:
opt_help(list_options);
break;
case OPT_ONE:
one = 1;
break;
case OPT_COMMANDS:
list_type(FT_general, one);
break;
case OPT_DIGEST_COMMANDS:
list_type(FT_md, one);
break;
case OPT_DIGEST_ALGORITHMS:
EVP_MD_do_all_sorted(list_md_fn, bio_out);
break;
case OPT_CIPHER_COMMANDS:
list_type(FT_cipher, one);
break;
case OPT_CIPHER_ALGORITHMS:
EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out);
break;
case OPT_PK_ALGORITHMS:
list_pkey();
break;
case OPT_PK_METHOD:
list_pkey_meth();
break;
case OPT_DISABLED:
list_disabled();
break;
case OPT_MISSING_HELP:
list_missing_help();
break;
case OPT_OPTIONS:
list_options_for_command(opt_arg());
break;
}
done = 1;
}
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
if (!done)
goto opthelp;
return 0;
}
typedef enum HELP_CHOICE {
OPT_hERR = -1, OPT_hEOF = 0, OPT_hHELP
} HELP_CHOICE;
const OPTIONS help_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: help [options]\n"},
{OPT_HELP_STR, 1, '-', " help [command]\n"},
{"help", OPT_hHELP, '-', "Display this summary"},
{NULL}
};
int help_main(int argc, char **argv)
{
FUNCTION *fp;
int i, nl;
FUNC_TYPE tp;
char *prog;
HELP_CHOICE o;
DISPLAY_COLUMNS dc;
prog = opt_init(argc, argv, help_options);
while ((o = opt_next()) != OPT_hEOF) {
switch (o) {
case OPT_hERR:
case OPT_hEOF:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1;
case OPT_hHELP:
opt_help(help_options);
return 0;
}
}
if (opt_num_rest() == 1) {
char *new_argv[3];
new_argv[0] = opt_rest()[0];
new_argv[1] = "--help";
new_argv[2] = NULL;
return do_cmd(prog_init(), 2, new_argv);
}
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Usage: %s\n", prog);
return 1;
}
calculate_columns(&dc);
BIO_printf(bio_err, "Standard commands");
i = 0;
tp = FT_none;
for (fp = functions; fp->name != NULL; fp++) {
nl = 0;
if (i++ % dc.columns == 0) {
BIO_printf(bio_err, "\n");
nl = 1;
}
if (fp->type != tp) {
tp = fp->type;
if (!nl)
BIO_printf(bio_err, "\n");
if (tp == FT_md) {
i = 1;
BIO_printf(bio_err,
"\nMessage Digest commands (see the `dgst' command for more details)\n");
} else if (tp == FT_cipher) {
i = 1;
BIO_printf(bio_err,
"\nCipher commands (see the `enc' command for more details)\n");
}
}
BIO_printf(bio_err, "%-*s", dc.width, fp->name);
}
BIO_printf(bio_err, "\n\n");
return 0;
}
static void list_type(FUNC_TYPE ft, int one)
{
FUNCTION *fp;
int i = 0;
DISPLAY_COLUMNS dc = {0};
if (!one)
calculate_columns(&dc);
for (fp = functions; fp->name != NULL; fp++) {
if (fp->type != ft)
continue;
if (one) {
BIO_printf(bio_out, "%s\n", fp->name);
} else {
if (i % dc.columns == 0 && i > 0)
BIO_printf(bio_out, "\n");
BIO_printf(bio_out, "%-*s", dc.width, fp->name);
i++;
}
}
if (!one)
BIO_printf(bio_out, "\n\n");
}
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
{
FUNCTION f, *fp;
if (argc <= 0 || argv[0] == NULL)
return 0;
f.name = argv[0];
fp = lh_FUNCTION_retrieve(prog, &f);
if (fp == NULL) {
if (EVP_get_digestbyname(argv[0])) {
f.type = FT_md;
f.func = dgst_main;
fp = &f;
} else if (EVP_get_cipherbyname(argv[0])) {
f.type = FT_cipher;
f.func = enc_main;
fp = &f;
}
}
if (fp != NULL) {
return fp->func(argc, argv);
}
if ((strncmp(argv[0], "no-", 3)) == 0) {
/*
* User is asking if foo is unsupported, by trying to "run" the
* no-foo command. Strange.
*/
f.name = argv[0] + 3;
if (lh_FUNCTION_retrieve(prog, &f) == NULL) {
BIO_printf(bio_out, "%s\n", argv[0]);
return 0;
}
BIO_printf(bio_out, "%s\n", argv[0] + 3);
return 1;
}
if (strcmp(argv[0], "quit") == 0 || strcmp(argv[0], "q") == 0 ||
strcmp(argv[0], "exit") == 0 || strcmp(argv[0], "bye") == 0)
/* Special value to mean "exit the program. */
return EXIT_THE_PROGRAM;
BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
argv[0]);
return 1;
}
static void list_pkey(void)
{
int i;
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
const EVP_PKEY_ASN1_METHOD *ameth;
int pkey_id, pkey_base_id, pkey_flags;
const char *pinfo, *pem_str;
ameth = EVP_PKEY_asn1_get0(i);
EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
&pinfo, &pem_str, ameth);
if (pkey_flags & ASN1_PKEY_ALIAS) {
BIO_printf(bio_out, "Name: %s\n", OBJ_nid2ln(pkey_id));
BIO_printf(bio_out, "\tAlias for: %s\n",
OBJ_nid2ln(pkey_base_id));
} else {
BIO_printf(bio_out, "Name: %s\n", pinfo);
BIO_printf(bio_out, "\tType: %s Algorithm\n",
pkey_flags & ASN1_PKEY_DYNAMIC ?
"External" : "Builtin");
BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
if (pem_str == NULL)
pem_str = "(none)";
BIO_printf(bio_out, "\tPEM string: %s\n", pem_str);
}
}
}
static void list_pkey_meth(void)
{
size_t i;
size_t meth_count = EVP_PKEY_meth_get_count();
for (i = 0; i < meth_count; i++) {
const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i);
int pkey_id, pkey_flags;
EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth);
BIO_printf(bio_out, "%s\n", OBJ_nid2ln(pkey_id));
BIO_printf(bio_out, "\tType: %s Algorithm\n",
pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin");
}
}
static int function_cmp(const FUNCTION * a, const FUNCTION * b)
{
return strncmp(a->name, b->name, 8);
}
static unsigned long function_hash(const FUNCTION * a)
{
return OPENSSL_LH_strhash(a->name);
}
static int SortFnByName(const void *_f1, const void *_f2)
{
const FUNCTION *f1 = _f1;
const FUNCTION *f2 = _f2;
if (f1->type != f2->type)
return f1->type - f2->type;
return strcmp(f1->name, f2->name);
}
static void list_disabled(void)
{
BIO_puts(bio_out, "Disabled algorithms:\n");
#ifdef OPENSSL_NO_ARIA
BIO_puts(bio_out, "ARIA\n");
#endif
#ifdef OPENSSL_NO_BF
BIO_puts(bio_out, "BF\n");
#endif
#ifdef OPENSSL_NO_BLAKE2
BIO_puts(bio_out, "BLAKE2\n");
#endif
#ifdef OPENSSL_NO_CAMELLIA
BIO_puts(bio_out, "CAMELLIA\n");
#endif
#ifdef OPENSSL_NO_CAST
BIO_puts(bio_out, "CAST\n");
#endif
#ifdef OPENSSL_NO_CMAC
BIO_puts(bio_out, "CMAC\n");
#endif
#ifdef OPENSSL_NO_CMS
BIO_puts(bio_out, "CMS\n");
#endif
#ifdef OPENSSL_NO_COMP
BIO_puts(bio_out, "COMP\n");
#endif
#ifdef OPENSSL_NO_DES
BIO_puts(bio_out, "DES\n");
#endif
#ifdef OPENSSL_NO_DGRAM
BIO_puts(bio_out, "DGRAM\n");
#endif
#ifdef OPENSSL_NO_DH
BIO_puts(bio_out, "DH\n");
#endif
#ifdef OPENSSL_NO_DSA
BIO_puts(bio_out, "DSA\n");
#endif
#if defined(OPENSSL_NO_DTLS)
BIO_puts(bio_out, "DTLS\n");
#endif
#if defined(OPENSSL_NO_DTLS1)
BIO_puts(bio_out, "DTLS1\n");
#endif
#if defined(OPENSSL_NO_DTLS1_2)
BIO_puts(bio_out, "DTLS1_2\n");
#endif
#ifdef OPENSSL_NO_EC
BIO_puts(bio_out, "EC\n");
#endif
#ifdef OPENSSL_NO_EC2M
BIO_puts(bio_out, "EC2M\n");
#endif
#ifdef OPENSSL_NO_ENGINE
BIO_puts(bio_out, "ENGINE\n");
#endif
#ifdef OPENSSL_NO_GOST
BIO_puts(bio_out, "GOST\n");
#endif
#ifdef OPENSSL_NO_HEARTBEATS
BIO_puts(bio_out, "HEARTBEATS\n");
#endif
#ifdef OPENSSL_NO_IDEA
BIO_puts(bio_out, "IDEA\n");
#endif
#ifdef OPENSSL_NO_MD2
BIO_puts(bio_out, "MD2\n");
#endif
#ifdef OPENSSL_NO_MD4
BIO_puts(bio_out, "MD4\n");
#endif
#ifdef OPENSSL_NO_MD5
BIO_puts(bio_out, "MD5\n");
#endif
#ifdef OPENSSL_NO_MDC2
BIO_puts(bio_out, "MDC2\n");
#endif
#ifdef OPENSSL_NO_OCB
BIO_puts(bio_out, "OCB\n");
#endif
#ifdef OPENSSL_NO_OCSP
BIO_puts(bio_out, "OCSP\n");
#endif
#ifdef OPENSSL_NO_PSK
BIO_puts(bio_out, "PSK\n");
#endif
#ifdef OPENSSL_NO_RC2
BIO_puts(bio_out, "RC2\n");
#endif
#ifdef OPENSSL_NO_RC4
BIO_puts(bio_out, "RC4\n");
#endif
#ifdef OPENSSL_NO_RC5
BIO_puts(bio_out, "RC5\n");
#endif
#ifdef OPENSSL_NO_RMD160
BIO_puts(bio_out, "RMD160\n");
#endif
#ifdef OPENSSL_NO_RSA
BIO_puts(bio_out, "RSA\n");
#endif
#ifdef OPENSSL_NO_SCRYPT
BIO_puts(bio_out, "SCRYPT\n");
#endif
#ifdef OPENSSL_NO_SCTP
BIO_puts(bio_out, "SCTP\n");
#endif
#ifdef OPENSSL_NO_SEED
BIO_puts(bio_out, "SEED\n");
#endif
#ifdef OPENSSL_NO_SM2
BIO_puts(bio_out, "SM2\n");
#endif
#ifdef OPENSSL_NO_SM3
BIO_puts(bio_out, "SM3\n");
#endif
#ifdef OPENSSL_NO_SM4
BIO_puts(bio_out, "SM4\n");
#endif
#ifdef OPENSSL_NO_SOCK
BIO_puts(bio_out, "SOCK\n");
#endif
#ifdef OPENSSL_NO_SRP
BIO_puts(bio_out, "SRP\n");
#endif
#ifdef OPENSSL_NO_SRTP
BIO_puts(bio_out, "SRTP\n");
#endif
#ifdef OPENSSL_NO_SSL3
BIO_puts(bio_out, "SSL3\n");
#endif
#ifdef OPENSSL_NO_TLS1
BIO_puts(bio_out, "TLS1\n");
#endif
#ifdef OPENSSL_NO_TLS1_1
BIO_puts(bio_out, "TLS1_1\n");
#endif
#ifdef OPENSSL_NO_TLS1_2
BIO_puts(bio_out, "TLS1_2\n");
#endif
#ifdef OPENSSL_NO_WHIRLPOOL
BIO_puts(bio_out, "WHIRLPOOL\n");
#endif
#ifndef ZLIB
BIO_puts(bio_out, "ZLIB\n");
#endif
}
static LHASH_OF(FUNCTION) *prog_init(void)
{
static LHASH_OF(FUNCTION) *ret = NULL;
static int prog_inited = 0;
FUNCTION *f;
size_t i;
if (prog_inited)
return ret;
prog_inited = 1;
/* Sort alphabetically within category. For nicer help displays. */
for (i = 0, f = functions; f->name != NULL; ++f, ++i)
;
qsort(functions, i, sizeof(*functions), SortFnByName);
if ((ret = lh_FUNCTION_new(function_hash, function_cmp)) == NULL)
return NULL;
for (f = functions; f->name != NULL; f++)
(void)lh_FUNCTION_insert(ret, f);
return ret;
}

350
trunk/3rdparty/openssl-1.1-fit/apps/openssl.cnf vendored Normal file
View file

@ -0,0 +1,350 @@
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several certs with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)

898
trunk/3rdparty/openssl-1.1-fit/apps/opt.c vendored Normal file
View file

@ -0,0 +1,898 @@
/*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "apps.h"
#include <string.h>
#if !defined(OPENSSL_SYS_MSDOS)
# include OPENSSL_UNISTD
#endif
#include <stdlib.h>
#include <errno.h>
#include <ctype.h>
#include <limits.h>
#include <openssl/bio.h>
#include <openssl/x509v3.h>
#define MAX_OPT_HELP_WIDTH 30
const char OPT_HELP_STR[] = "--";
const char OPT_MORE_STR[] = "---";
/* Our state */
static char **argv;
static int argc;
static int opt_index;
static char *arg;
static char *flag;
static char *dunno;
static const OPTIONS *unknown;
static const OPTIONS *opts;
static char prog[40];
/*
* Return the simple name of the program; removing various platform gunk.
*/
#if defined(OPENSSL_SYS_WIN32)
char *opt_progname(const char *argv0)
{
size_t i, n;
const char *p;
char *q;
/* find the last '/', '\' or ':' */
for (p = argv0 + strlen(argv0); --p > argv0;)
if (*p == '/' || *p == '\\' || *p == ':') {
p++;
break;
}
/* Strip off trailing nonsense. */
n = strlen(p);
if (n > 4 &&
(strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
n -= 4;
/* Copy over the name, in lowercase. */
if (n > sizeof(prog) - 1)
n = sizeof(prog) - 1;
for (q = prog, i = 0; i < n; i++, p++)
*q++ = tolower((unsigned char)*p);
*q = '\0';
return prog;
}
#elif defined(OPENSSL_SYS_VMS)
char *opt_progname(const char *argv0)
{
const char *p, *q;
/* Find last special character sys:[foo.bar]openssl */
for (p = argv0 + strlen(argv0); --p > argv0;)
if (*p == ':' || *p == ']' || *p == '>') {
p++;
break;
}
q = strrchr(p, '.');
strncpy(prog, p, sizeof(prog) - 1);
prog[sizeof(prog) - 1] = '\0';
if (q != NULL && q - p < sizeof(prog))
prog[q - p] = '\0';
return prog;
}
#else
char *opt_progname(const char *argv0)
{
const char *p;
/* Could use strchr, but this is like the ones above. */
for (p = argv0 + strlen(argv0); --p > argv0;)
if (*p == '/') {
p++;
break;
}
strncpy(prog, p, sizeof(prog) - 1);
prog[sizeof(prog) - 1] = '\0';
return prog;
}
#endif
char *opt_getprog(void)
{
return prog;
}
/* Set up the arg parsing. */
char *opt_init(int ac, char **av, const OPTIONS *o)
{
/* Store state. */
argc = ac;
argv = av;
opt_index = 1;
opts = o;
opt_progname(av[0]);
unknown = NULL;
for (; o->name; ++o) {
#ifndef NDEBUG
const OPTIONS *next;
int duplicated, i;
#endif
if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR)
continue;
#ifndef NDEBUG
i = o->valtype;
/* Make sure options are legit. */
assert(o->name[0] != '-');
assert(o->retval > 0);
switch (i) {
case 0: case '-': case '/': case '<': case '>': case 'E': case 'F':
case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
case 'u': case 'c':
break;
default:
assert(0);
}
/* Make sure there are no duplicates. */
for (next = o + 1; next->name; ++next) {
/*
* Some compilers inline strcmp and the assert string is too long.
*/
duplicated = strcmp(o->name, next->name) == 0;
assert(!duplicated);
}
#endif
if (o->name[0] == '\0') {
assert(unknown == NULL);
unknown = o;
assert(unknown->valtype == 0 || unknown->valtype == '-');
}
}
return prog;
}
static OPT_PAIR formats[] = {
{"PEM/DER", OPT_FMT_PEMDER},
{"pkcs12", OPT_FMT_PKCS12},
{"smime", OPT_FMT_SMIME},
{"engine", OPT_FMT_ENGINE},
{"msblob", OPT_FMT_MSBLOB},
{"nss", OPT_FMT_NSS},
{"text", OPT_FMT_TEXT},
{"http", OPT_FMT_HTTP},
{"pvk", OPT_FMT_PVK},
{NULL}
};
/* Print an error message about a failed format parse. */
int opt_format_error(const char *s, unsigned long flags)
{
OPT_PAIR *ap;
if (flags == OPT_FMT_PEMDER) {
BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n",
prog, s);
} else {
BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n",
prog, s);
for (ap = formats; ap->name; ap++)
if (flags & ap->retval)
BIO_printf(bio_err, " %s\n", ap->name);
}
return 0;
}
/* Parse a format string, put it into *result; return 0 on failure, else 1. */
int opt_format(const char *s, unsigned long flags, int *result)
{
switch (*s) {
default:
return 0;
case 'D':
case 'd':
if ((flags & OPT_FMT_PEMDER) == 0)
return opt_format_error(s, flags);
*result = FORMAT_ASN1;
break;
case 'T':
case 't':
if ((flags & OPT_FMT_TEXT) == 0)
return opt_format_error(s, flags);
*result = FORMAT_TEXT;
break;
case 'N':
case 'n':
if ((flags & OPT_FMT_NSS) == 0)
return opt_format_error(s, flags);
if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
return opt_format_error(s, flags);
*result = FORMAT_NSS;
break;
case 'S':
case 's':
if ((flags & OPT_FMT_SMIME) == 0)
return opt_format_error(s, flags);
*result = FORMAT_SMIME;
break;
case 'M':
case 'm':
if ((flags & OPT_FMT_MSBLOB) == 0)
return opt_format_error(s, flags);
*result = FORMAT_MSBLOB;
break;
case 'E':
case 'e':
if ((flags & OPT_FMT_ENGINE) == 0)
return opt_format_error(s, flags);
*result = FORMAT_ENGINE;
break;
case 'H':
case 'h':
if ((flags & OPT_FMT_HTTP) == 0)
return opt_format_error(s, flags);
*result = FORMAT_HTTP;
break;
case '1':
if ((flags & OPT_FMT_PKCS12) == 0)
return opt_format_error(s, flags);
*result = FORMAT_PKCS12;
break;
case 'P':
case 'p':
if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
if ((flags & OPT_FMT_PEMDER) == 0)
return opt_format_error(s, flags);
*result = FORMAT_PEM;
} else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
if ((flags & OPT_FMT_PVK) == 0)
return opt_format_error(s, flags);
*result = FORMAT_PVK;
} else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
|| strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
if ((flags & OPT_FMT_PKCS12) == 0)
return opt_format_error(s, flags);
*result = FORMAT_PKCS12;
} else {
return 0;
}
break;
}
return 1;
}
/* Parse a cipher name, put it in *EVP_CIPHER; return 0 on failure, else 1. */
int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
{
*cipherp = EVP_get_cipherbyname(name);
if (*cipherp != NULL)
return 1;
BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
return 0;
}
/*
* Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
*/
int opt_md(const char *name, const EVP_MD **mdp)
{
*mdp = EVP_get_digestbyname(name);
if (*mdp != NULL)
return 1;
BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
return 0;
}
/* Look through a list of name/value pairs. */
int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
{
const OPT_PAIR *pp;
for (pp = pairs; pp->name; pp++)
if (strcmp(pp->name, name) == 0) {
*result = pp->retval;
return 1;
}
BIO_printf(bio_err, "%s: Value must be one of:\n", prog);
for (pp = pairs; pp->name; pp++)
BIO_printf(bio_err, "\t%s\n", pp->name);
return 0;
}
/* Parse an int, put it into *result; return 0 on failure, else 1. */
int opt_int(const char *value, int *result)
{
long l;
if (!opt_long(value, &l))
return 0;
*result = (int)l;
if (*result != l) {
BIO_printf(bio_err, "%s: Value \"%s\" outside integer range\n",
prog, value);
return 0;
}
return 1;
}
static void opt_number_error(const char *v)
{
size_t i = 0;
struct strstr_pair_st {
char *prefix;
char *name;
} b[] = {
{"0x", "a hexadecimal"},
{"0X", "a hexadecimal"},
{"0", "an octal"}
};
for (i = 0; i < OSSL_NELEM(b); i++) {
if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
BIO_printf(bio_err,
"%s: Can't parse \"%s\" as %s number\n",
prog, v, b[i].name);
return;
}
}
BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", prog, v);
return;
}
/* Parse a long, put it into *result; return 0 on failure, else 1. */
int opt_long(const char *value, long *result)
{
int oerrno = errno;
long l;
char *endp;
errno = 0;
l = strtol(value, &endp, 0);
if (*endp
|| endp == value
|| ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
|| (l == 0 && errno != 0)) {
opt_number_error(value);
errno = oerrno;
return 0;
}
*result = l;
errno = oerrno;
return 1;
}
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
defined(INTMAX_MAX) && defined(UINTMAX_MAX)
/* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
int opt_imax(const char *value, intmax_t *result)
{
int oerrno = errno;
intmax_t m;
char *endp;
errno = 0;
m = strtoimax(value, &endp, 0);
if (*endp
|| endp == value
|| ((m == INTMAX_MAX || m == INTMAX_MIN) && errno == ERANGE)
|| (m == 0 && errno != 0)) {
opt_number_error(value);
errno = oerrno;
return 0;
}
*result = m;
errno = oerrno;
return 1;
}
/* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
int opt_umax(const char *value, uintmax_t *result)
{
int oerrno = errno;
uintmax_t m;
char *endp;
errno = 0;
m = strtoumax(value, &endp, 0);
if (*endp
|| endp == value
|| (m == UINTMAX_MAX && errno == ERANGE)
|| (m == 0 && errno != 0)) {
opt_number_error(value);
errno = oerrno;
return 0;
}
*result = m;
errno = oerrno;
return 1;
}
#endif
/*
* Parse an unsigned long, put it into *result; return 0 on failure, else 1.
*/
int opt_ulong(const char *value, unsigned long *result)
{
int oerrno = errno;
char *endptr;
unsigned long l;
errno = 0;
l = strtoul(value, &endptr, 0);
if (*endptr
|| endptr == value
|| ((l == ULONG_MAX) && errno == ERANGE)
|| (l == 0 && errno != 0)) {
opt_number_error(value);
errno = oerrno;
return 0;
}
*result = l;
errno = oerrno;
return 1;
}
/*
* We pass opt as an int but cast it to "enum range" so that all the
* items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
* in gcc do the right thing.
*/
enum range { OPT_V_ENUM };
int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
{
int i;
ossl_intmax_t t = 0;
ASN1_OBJECT *otmp;
X509_PURPOSE *xptmp;
const X509_VERIFY_PARAM *vtmp;
assert(vpm != NULL);
assert(opt > OPT_V__FIRST);
assert(opt < OPT_V__LAST);
switch ((enum range)opt) {
case OPT_V__FIRST:
case OPT_V__LAST:
return 0;
case OPT_V_POLICY:
otmp = OBJ_txt2obj(opt_arg(), 0);
if (otmp == NULL) {
BIO_printf(bio_err, "%s: Invalid Policy %s\n", prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_add0_policy(vpm, otmp);
break;
case OPT_V_PURPOSE:
/* purpose name -> purpose index */
i = X509_PURPOSE_get_by_sname(opt_arg());
if (i < 0) {
BIO_printf(bio_err, "%s: Invalid purpose %s\n", prog, opt_arg());
return 0;
}
/* purpose index -> purpose object */
xptmp = X509_PURPOSE_get0(i);
/* purpose object -> purpose value */
i = X509_PURPOSE_get_id(xptmp);
if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
BIO_printf(bio_err,
"%s: Internal error setting purpose %s\n",
prog, opt_arg());
return 0;
}
break;
case OPT_V_VERIFY_NAME:
vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
if (vtmp == NULL) {
BIO_printf(bio_err, "%s: Invalid verify name %s\n",
prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_set1(vpm, vtmp);
break;
case OPT_V_VERIFY_DEPTH:
i = atoi(opt_arg());
if (i >= 0)
X509_VERIFY_PARAM_set_depth(vpm, i);
break;
case OPT_V_VERIFY_AUTH_LEVEL:
i = atoi(opt_arg());
if (i >= 0)
X509_VERIFY_PARAM_set_auth_level(vpm, i);
break;
case OPT_V_ATTIME:
if (!opt_imax(opt_arg(), &t))
return 0;
if (t != (time_t)t) {
BIO_printf(bio_err, "%s: epoch time out of range %s\n",
prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
break;
case OPT_V_VERIFY_HOSTNAME:
if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
return 0;
break;
case OPT_V_VERIFY_EMAIL:
if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
return 0;
break;
case OPT_V_VERIFY_IP:
if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
return 0;
break;
case OPT_V_IGNORE_CRITICAL:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
break;
case OPT_V_ISSUER_CHECKS:
/* NOP, deprecated */
break;
case OPT_V_CRL_CHECK:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
break;
case OPT_V_CRL_CHECK_ALL:
X509_VERIFY_PARAM_set_flags(vpm,
X509_V_FLAG_CRL_CHECK |
X509_V_FLAG_CRL_CHECK_ALL);
break;
case OPT_V_POLICY_CHECK:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
break;
case OPT_V_EXPLICIT_POLICY:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
break;
case OPT_V_INHIBIT_ANY:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
break;
case OPT_V_INHIBIT_MAP:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
break;
case OPT_V_X509_STRICT:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
break;
case OPT_V_EXTENDED_CRL:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
break;
case OPT_V_USE_DELTAS:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
break;
case OPT_V_POLICY_PRINT:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
break;
case OPT_V_CHECK_SS_SIG:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
break;
case OPT_V_TRUSTED_FIRST:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
break;
case OPT_V_SUITEB_128_ONLY:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
break;
case OPT_V_SUITEB_128:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
break;
case OPT_V_SUITEB_192:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
break;
case OPT_V_PARTIAL_CHAIN:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
break;
case OPT_V_NO_ALT_CHAINS:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
break;
case OPT_V_NO_CHECK_TIME:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
break;
case OPT_V_ALLOW_PROXY_CERTS:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
break;
}
return 1;
}
/*
* Parse the next flag (and value if specified), return 0 if done, -1 on
* error, otherwise the flag's retval.
*/
int opt_next(void)
{
char *p;
const OPTIONS *o;
int ival;
long lval;
unsigned long ulval;
ossl_intmax_t imval;
ossl_uintmax_t umval;
/* Look at current arg; at end of the list? */
arg = NULL;
p = argv[opt_index];
if (p == NULL)
return 0;
/* If word doesn't start with a -, we're done. */
if (*p != '-')
return 0;
/* Hit "--" ? We're done. */
opt_index++;
if (strcmp(p, "--") == 0)
return 0;
/* Allow -nnn and --nnn */
if (*++p == '-')
p++;
flag = p - 1;
/* If we have --flag=foo, snip it off */
if ((arg = strchr(p, '=')) != NULL)
*arg++ = '\0';
for (o = opts; o->name; ++o) {
/* If not this option, move on to the next one. */
if (strcmp(p, o->name) != 0)
continue;
/* If it doesn't take a value, make sure none was given. */
if (o->valtype == 0 || o->valtype == '-') {
if (arg) {
BIO_printf(bio_err,
"%s: Option -%s does not take a value\n", prog, p);
return -1;
}
return o->retval;
}
/* Want a value; get the next param if =foo not used. */
if (arg == NULL) {
if (argv[opt_index] == NULL) {
BIO_printf(bio_err,
"%s: Option -%s needs a value\n", prog, o->name);
return -1;
}
arg = argv[opt_index++];
}
/* Syntax-check value. */
switch (o->valtype) {
default:
case 's':
/* Just a string. */
break;
case '/':
if (app_isdir(arg) > 0)
break;
BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg);
return -1;
case '<':
/* Input file. */
break;
case '>':
/* Output file. */
break;
case 'p':
case 'n':
if (!opt_int(arg, &ival)
|| (o->valtype == 'p' && ival <= 0)) {
BIO_printf(bio_err,
"%s: Non-positive number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
case 'M':
if (!opt_imax(arg, &imval)) {
BIO_printf(bio_err,
"%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
case 'U':
if (!opt_umax(arg, &umval)) {
BIO_printf(bio_err,
"%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
case 'l':
if (!opt_long(arg, &lval)) {
BIO_printf(bio_err,
"%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
case 'u':
if (!opt_ulong(arg, &ulval)) {
BIO_printf(bio_err,
"%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
case 'c':
case 'E':
case 'F':
case 'f':
if (opt_format(arg,
o->valtype == 'c' ? OPT_FMT_PDS :
o->valtype == 'E' ? OPT_FMT_PDE :
o->valtype == 'F' ? OPT_FMT_PEMDER
: OPT_FMT_ANY, &ival))
break;
BIO_printf(bio_err,
"%s: Invalid format \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
/* Return the flag value. */
return o->retval;
}
if (unknown != NULL) {
dunno = p;
return unknown->retval;
}
BIO_printf(bio_err, "%s: Option unknown option -%s\n", prog, p);
return -1;
}
/* Return the most recent flag parameter. */
char *opt_arg(void)
{
return arg;
}
/* Return the most recent flag. */
char *opt_flag(void)
{
return flag;
}
/* Return the unknown option. */
char *opt_unknown(void)
{
return dunno;
}
/* Return the rest of the arguments after parsing flags. */
char **opt_rest(void)
{
return &argv[opt_index];
}
/* How many items in remaining args? */
int opt_num_rest(void)
{
int i = 0;
char **pp;
for (pp = opt_rest(); *pp; pp++, i++)
continue;
return i;
}
/* Return a string describing the parameter type. */
static const char *valtype2param(const OPTIONS *o)
{
switch (o->valtype) {
case 0:
case '-':
return "";
case 's':
return "val";
case '/':
return "dir";
case '<':
return "infile";
case '>':
return "outfile";
case 'p':
return "+int";
case 'n':
return "int";
case 'l':
return "long";
case 'u':
return "ulong";
case 'E':
return "PEM|DER|ENGINE";
case 'F':
return "PEM|DER";
case 'f':
return "format";
case 'M':
return "intmax";
case 'U':
return "uintmax";
}
return "parm";
}
void opt_help(const OPTIONS *list)
{
const OPTIONS *o;
int i;
int standard_prolog;
int width = 5;
char start[80 + 1];
char *p;
const char *help;
/* Starts with its own help message? */
standard_prolog = list[0].name != OPT_HELP_STR;
/* Find the widest help. */
for (o = list; o->name; o++) {
if (o->name == OPT_MORE_STR)
continue;
i = 2 + (int)strlen(o->name);
if (o->valtype != '-')
i += 1 + strlen(valtype2param(o));
if (i < MAX_OPT_HELP_WIDTH && i > width)
width = i;
assert(i < (int)sizeof(start));
}
if (standard_prolog)
BIO_printf(bio_err, "Usage: %s [options]\nValid options are:\n",
prog);
/* Now let's print. */
for (o = list; o->name; o++) {
help = o->helpstr ? o->helpstr : "(No additional info)";
if (o->name == OPT_HELP_STR) {
BIO_printf(bio_err, help, prog);
continue;
}
/* Pad out prefix */
memset(start, ' ', sizeof(start) - 1);
start[sizeof(start) - 1] = '\0';
if (o->name == OPT_MORE_STR) {
/* Continuation of previous line; pad and print. */
start[width] = '\0';
BIO_printf(bio_err, "%s %s\n", start, help);
continue;
}
/* Build up the "-flag [param]" part. */
p = start;
*p++ = ' ';
*p++ = '-';
if (o->name[0])
p += strlen(strcpy(p, o->name));
else
*p++ = '*';
if (o->valtype != '-') {
*p++ = ' ';
p += strlen(strcpy(p, valtype2param(o)));
}
*p = ' ';
if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
*p = '\0';
BIO_printf(bio_err, "%s\n", start);
memset(start, ' ', sizeof(start));
}
start[width] = '\0';
BIO_printf(bio_err, "%s %s\n", start, help);
}
}

853
trunk/3rdparty/openssl-1.1-fit/apps/passwd.c vendored Normal file
View file

@ -0,0 +1,853 @@
/*
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_DES
# include <openssl/des.h>
#endif
#include <openssl/md5.h>
#include <openssl/sha.h>
static unsigned const char cov_2char[64] = {
/* from crypto/des/fcrypt.c */
0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
};
static const char ascii_dollar[] = { 0x24, 0x00 };
typedef enum {
passwd_unset = 0,
passwd_crypt,
passwd_md5,
passwd_apr1,
passwd_sha256,
passwd_sha512,
passwd_aixmd5
} passwd_modes;
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table,
int reverse, size_t pw_maxlen, passwd_modes mode);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN,
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS passwd_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Read passwords from file"},
{"noverify", OPT_NOVERIFY, '-',
"Never verify when reading password from terminal"},
{"quiet", OPT_QUIET, '-', "No warnings"},
{"table", OPT_TABLE, '-', "Format output as table"},
{"reverse", OPT_REVERSE, '-', "Switch table columns"},
{"salt", OPT_SALT, 's', "Use provided salt"},
{"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
{"6", OPT_6, '-', "SHA512-based password algorithm"},
{"5", OPT_5, '-', "SHA256-based password algorithm"},
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
{"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
#ifndef OPENSSL_NO_DES
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
#endif
OPT_R_OPTIONS,
{NULL}
};
int passwd_main(int argc, char **argv)
{
BIO *in = NULL;
char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL;
char *salt_malloc = NULL, *passwd_malloc = NULL, *prog;
OPTION_CHOICE o;
int in_stdin = 0, pw_source_defined = 0;
#ifndef OPENSSL_NO_UI_CONSOLE
int in_noverify = 0;
#endif
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
int ret = 1;
passwd_modes mode = passwd_unset;
size_t passwd_malloc_size = 0;
size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most
* passwords */
prog = opt_init(argc, argv, passwd_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(passwd_options);
ret = 0;
goto end;
case OPT_IN:
if (pw_source_defined)
goto opthelp;
infile = opt_arg();
pw_source_defined = 1;
break;
case OPT_NOVERIFY:
#ifndef OPENSSL_NO_UI_CONSOLE
in_noverify = 1;
#endif
break;
case OPT_QUIET:
quiet = 1;
break;
case OPT_TABLE:
table = 1;
break;
case OPT_REVERSE:
reverse = 1;
break;
case OPT_1:
if (mode != passwd_unset)
goto opthelp;
mode = passwd_md5;
break;
case OPT_5:
if (mode != passwd_unset)
goto opthelp;
mode = passwd_sha256;
break;
case OPT_6:
if (mode != passwd_unset)
goto opthelp;
mode = passwd_sha512;
break;
case OPT_APR1:
if (mode != passwd_unset)
goto opthelp;
mode = passwd_apr1;
break;
case OPT_AIXMD5:
if (mode != passwd_unset)
goto opthelp;
mode = passwd_aixmd5;
break;
case OPT_CRYPT:
#ifndef OPENSSL_NO_DES
if (mode != passwd_unset)
goto opthelp;
mode = passwd_crypt;
#endif
break;
case OPT_SALT:
passed_salt = 1;
salt = opt_arg();
break;
case OPT_STDIN:
if (pw_source_defined)
goto opthelp;
in_stdin = 1;
pw_source_defined = 1;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (*argv != NULL) {
if (pw_source_defined)
goto opthelp;
pw_source_defined = 1;
passwds = argv;
}
if (mode == passwd_unset) {
/* use default */
mode = passwd_crypt;
}
#ifdef OPENSSL_NO_DES
if (mode == passwd_crypt)
goto opthelp;
#endif
if (infile != NULL && in_stdin) {
BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
goto end;
}
if (infile != NULL || in_stdin) {
/*
* If in_stdin is true, we know that infile is NULL, and that
* bio_open_default() will give us back an alias for stdin.
*/
in = bio_open_default(infile, 'r', FORMAT_TEXT);
if (in == NULL)
goto end;
}
if (mode == passwd_crypt)
pw_maxlen = 8;
if (passwds == NULL) {
/* no passwords on the command line */
passwd_malloc_size = pw_maxlen + 2;
/* longer than necessary so that we can warn about truncation */
passwd = passwd_malloc =
app_malloc(passwd_malloc_size, "password buffer");
}
if ((in == NULL) && (passwds == NULL)) {
/*
* we use the following method to make sure what
* in the 'else' section is always compiled, to
* avoid rot of not-frequently-used code.
*/
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
/* build a null-terminated list */
static char *passwds_static[2] = { NULL, NULL };
passwds = passwds_static;
if (in == NULL) {
if (EVP_read_pw_string
(passwd_malloc, passwd_malloc_size, "Password: ",
!(passed_salt || in_noverify)) != 0)
goto end;
}
passwds[0] = passwd_malloc;
} else {
#endif
BIO_printf(bio_err, "password required\n");
goto end;
}
}
if (in == NULL) {
assert(passwds != NULL);
assert(*passwds != NULL);
do { /* loop over list of passwords */
passwd = *passwds++;
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out,
quiet, table, reverse, pw_maxlen, mode))
goto end;
} while (*passwds != NULL);
} else {
/* in != NULL */
int done;
assert(passwd != NULL);
do {
int r = BIO_gets(in, passwd, pw_maxlen + 1);
if (r > 0) {
char *c = (strchr(passwd, '\n'));
if (c != NULL) {
*c = 0; /* truncate at newline */
} else {
/* ignore rest of line */
char trash[BUFSIZ];
do
r = BIO_gets(in, trash, sizeof(trash));
while ((r > 0) && (!strchr(trash, '\n')));
}
if (!do_passwd
(passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet,
table, reverse, pw_maxlen, mode))
goto end;
}
done = (r <= 0);
} while (!done);
}
ret = 0;
end:
#if 0
ERR_print_errors(bio_err);
#endif
OPENSSL_free(salt_malloc);
OPENSSL_free(passwd_malloc);
BIO_free(in);
return ret;
}
/*
* MD5-based password algorithm (should probably be available as a library
* function; then the static buffer would not be acceptable). For magic
* string "1", this should be compatible to the MD5-based BSD password
* algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
* Apache password algorithm. (Apparently, the Apache password algorithm is
* identical except that the 'magic' string was changed -- the laziest
* application of the NIH principle I've ever encountered.)
*/
static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{
/* "$apr1$..salt..$.......md5hash..........\0" */
static char out_buf[6 + 9 + 24 + 2];
unsigned char buf[MD5_DIGEST_LENGTH];
char ascii_magic[5]; /* "apr1" plus '\0' */
char ascii_salt[9]; /* Max 8 chars plus '\0' */
char *ascii_passwd = NULL;
char *salt_out;
int n;
unsigned int i;
EVP_MD_CTX *md = NULL, *md2 = NULL;
size_t passwd_len, salt_len, magic_len;
passwd_len = strlen(passwd);
out_buf[0] = 0;
magic_len = strlen(magic);
OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
#ifdef CHARSET_EBCDIC
if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
#endif
/* The salt gets truncated to 8 chars */
OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
salt_len = strlen(ascii_salt);
#ifdef CHARSET_EBCDIC
ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
#endif
#ifdef CHARSET_EBCDIC
ascii_passwd = OPENSSL_strdup(passwd);
if (ascii_passwd == NULL)
return NULL;
ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
passwd = ascii_passwd;
#endif
if (magic_len > 0) {
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
if (magic_len > 4) /* assert it's "1" or "apr1" */
goto err;
OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
}
OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
goto err;
salt_out = out_buf;
if (magic_len > 0)
salt_out += 2 + magic_len;
if (salt_len > 8)
goto err;
md = EVP_MD_CTX_new();
if (md == NULL
|| !EVP_DigestInit_ex(md, EVP_md5(), NULL)
|| !EVP_DigestUpdate(md, passwd, passwd_len))
goto err;
if (magic_len > 0)
if (!EVP_DigestUpdate(md, ascii_dollar, 1)
|| !EVP_DigestUpdate(md, ascii_magic, magic_len)
|| !EVP_DigestUpdate(md, ascii_dollar, 1))
goto err;
if (!EVP_DigestUpdate(md, ascii_salt, salt_len))
goto err;
md2 = EVP_MD_CTX_new();
if (md2 == NULL
|| !EVP_DigestInit_ex(md2, EVP_md5(), NULL)
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|| !EVP_DigestUpdate(md2, ascii_salt, salt_len)
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|| !EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) {
if (!EVP_DigestUpdate(md, buf, sizeof(buf)))
goto err;
}
if (!EVP_DigestUpdate(md, buf, i))
goto err;
n = passwd_len;
while (n) {
if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1))
goto err;
n >>= 1;
}
if (!EVP_DigestFinal_ex(md, buf, NULL))
return NULL;
for (i = 0; i < 1000; i++) {
if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(md2,
(i & 1) ? (unsigned const char *)passwd : buf,
(i & 1) ? passwd_len : sizeof(buf)))
goto err;
if (i % 3) {
if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
goto err;
}
if (i % 7) {
if (!EVP_DigestUpdate(md2, passwd, passwd_len))
goto err;
}
if (!EVP_DigestUpdate(md2,
(i & 1) ? buf : (unsigned const char *)passwd,
(i & 1) ? sizeof(buf) : passwd_len))
goto err;
if (!EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
}
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
md2 = NULL;
md = NULL;
{
/* transform buf into output string */
unsigned char buf_perm[sizeof(buf)];
int dest, source;
char *output;
/* silly output permutation */
for (dest = 0, source = 0; dest < 14;
dest++, source = (source + 6) % 17)
buf_perm[dest] = buf[source];
buf_perm[14] = buf[5];
buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */
assert(16 == sizeof(buf_perm));
# endif
output = salt_out + salt_len;
assert(output == out_buf + strlen(out_buf));
*output++ = ascii_dollar[0];
for (i = 0; i < 15; i += 3) {
*output++ = cov_2char[buf_perm[i + 2] & 0x3f];
*output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
(buf_perm[i + 2] >> 6)];
*output++ = cov_2char[((buf_perm[i] & 3) << 4) |
(buf_perm[i + 1] >> 4)];
*output++ = cov_2char[buf_perm[i] >> 2];
}
assert(i == 15);
*output++ = cov_2char[buf_perm[i] & 0x3f];
*output++ = cov_2char[buf_perm[i] >> 6];
*output = 0;
assert(strlen(out_buf) < sizeof(out_buf));
#ifdef CHARSET_EBCDIC
ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
#endif
}
return out_buf;
err:
OPENSSL_free(ascii_passwd);
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
return NULL;
}
/*
* SHA based password algorithm, describe by Ulrich Drepper here:
* https://www.akkadia.org/drepper/SHA-crypt.txt
* (note that it's in the public domain)
*/
static char *shacrypt(const char *passwd, const char *magic, const char *salt)
{
/* Prefix for optional rounds specification. */
static const char rounds_prefix[] = "rounds=";
/* Maximum salt string length. */
# define SALT_LEN_MAX 16
/* Default number of rounds if not explicitly specified. */
# define ROUNDS_DEFAULT 5000
/* Minimum number of rounds. */
# define ROUNDS_MIN 1000
/* Maximum number of rounds. */
# define ROUNDS_MAX 999999999
/* "$6$rounds=<N>$......salt......$...shahash(up to 86 chars)...\0" */
static char out_buf[3 + 17 + 17 + 86 + 1];
unsigned char buf[SHA512_DIGEST_LENGTH];
unsigned char temp_buf[SHA512_DIGEST_LENGTH];
size_t buf_size = 0;
char ascii_magic[2];
char ascii_salt[17]; /* Max 16 chars plus '\0' */
char *ascii_passwd = NULL;
size_t n;
EVP_MD_CTX *md = NULL, *md2 = NULL;
const EVP_MD *sha = NULL;
size_t passwd_len, salt_len, magic_len;
unsigned int rounds = 5000; /* Default */
char rounds_custom = 0;
char *p_bytes = NULL;
char *s_bytes = NULL;
char *cp = NULL;
passwd_len = strlen(passwd);
magic_len = strlen(magic);
/* assert it's "5" or "6" */
if (magic_len != 1)
return NULL;
switch (magic[0]) {
case '5':
sha = EVP_sha256();
buf_size = 32;
break;
case '6':
sha = EVP_sha512();
buf_size = 64;
break;
default:
return NULL;
}
if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) {
const char *num = salt + sizeof(rounds_prefix) - 1;
char *endp;
unsigned long int srounds = strtoul (num, &endp, 10);
if (*endp == '$') {
salt = endp + 1;
if (srounds > ROUNDS_MAX)
rounds = ROUNDS_MAX;
else if (srounds < ROUNDS_MIN)
rounds = ROUNDS_MIN;
else
rounds = (unsigned int)srounds;
rounds_custom = 1;
} else {
return NULL;
}
}
OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
#ifdef CHARSET_EBCDIC
if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
#endif
/* The salt gets truncated to 16 chars */
OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
salt_len = strlen(ascii_salt);
#ifdef CHARSET_EBCDIC
ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
#endif
#ifdef CHARSET_EBCDIC
ascii_passwd = OPENSSL_strdup(passwd);
if (ascii_passwd == NULL)
return NULL;
ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
passwd = ascii_passwd;
#endif
out_buf[0] = 0;
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
if (rounds_custom) {
char tmp_buf[80]; /* "rounds=999999999" */
sprintf(tmp_buf, "rounds=%u", rounds);
#ifdef CHARSET_EBCDIC
/* In case we're really on a ASCII based platform and just pretend */
if (tmp_buf[0] != 0x72) /* ASCII 'r' */
ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf));
#endif
OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf));
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
}
OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
/* assert "$5$rounds=999999999$......salt......" */
if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len )
goto err;
md = EVP_MD_CTX_new();
if (md == NULL
|| !EVP_DigestInit_ex(md, sha, NULL)
|| !EVP_DigestUpdate(md, passwd, passwd_len)
|| !EVP_DigestUpdate(md, ascii_salt, salt_len))
goto err;
md2 = EVP_MD_CTX_new();
if (md2 == NULL
|| !EVP_DigestInit_ex(md2, sha, NULL)
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|| !EVP_DigestUpdate(md2, ascii_salt, salt_len)
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|| !EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
for (n = passwd_len; n > buf_size; n -= buf_size) {
if (!EVP_DigestUpdate(md, buf, buf_size))
goto err;
}
if (!EVP_DigestUpdate(md, buf, n))
goto err;
n = passwd_len;
while (n) {
if (!EVP_DigestUpdate(md,
(n & 1) ? buf : (unsigned const char *)passwd,
(n & 1) ? buf_size : passwd_len))
goto err;
n >>= 1;
}
if (!EVP_DigestFinal_ex(md, buf, NULL))
return NULL;
/* P sequence */
if (!EVP_DigestInit_ex(md2, sha, NULL))
goto err;
for (n = passwd_len; n > 0; n--)
if (!EVP_DigestUpdate(md2, passwd, passwd_len))
goto err;
if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
return NULL;
if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
goto err;
for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size)
memcpy(cp, temp_buf, buf_size);
memcpy(cp, temp_buf, n);
/* S sequence */
if (!EVP_DigestInit_ex(md2, sha, NULL))
goto err;
for (n = 16 + buf[0]; n > 0; n--)
if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
goto err;
if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
return NULL;
if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
goto err;
for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size)
memcpy(cp, temp_buf, buf_size);
memcpy(cp, temp_buf, n);
for (n = 0; n < rounds; n++) {
if (!EVP_DigestInit_ex(md2, sha, NULL))
goto err;
if (!EVP_DigestUpdate(md2,
(n & 1) ? (unsigned const char *)p_bytes : buf,
(n & 1) ? passwd_len : buf_size))
goto err;
if (n % 3) {
if (!EVP_DigestUpdate(md2, s_bytes, salt_len))
goto err;
}
if (n % 7) {
if (!EVP_DigestUpdate(md2, p_bytes, passwd_len))
goto err;
}
if (!EVP_DigestUpdate(md2,
(n & 1) ? buf : (unsigned const char *)p_bytes,
(n & 1) ? buf_size : passwd_len))
goto err;
if (!EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
}
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
md2 = NULL;
md = NULL;
OPENSSL_free(p_bytes);
OPENSSL_free(s_bytes);
p_bytes = NULL;
s_bytes = NULL;
cp = out_buf + strlen(out_buf);
*cp++ = ascii_dollar[0];
# define b64_from_24bit(B2, B1, B0, N) \
do { \
unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \
int i = (N); \
while (i-- > 0) \
{ \
*cp++ = cov_2char[w & 0x3f]; \
w >>= 6; \
} \
} while (0)
switch (magic[0]) {
case '5':
b64_from_24bit (buf[0], buf[10], buf[20], 4);
b64_from_24bit (buf[21], buf[1], buf[11], 4);
b64_from_24bit (buf[12], buf[22], buf[2], 4);
b64_from_24bit (buf[3], buf[13], buf[23], 4);
b64_from_24bit (buf[24], buf[4], buf[14], 4);
b64_from_24bit (buf[15], buf[25], buf[5], 4);
b64_from_24bit (buf[6], buf[16], buf[26], 4);
b64_from_24bit (buf[27], buf[7], buf[17], 4);
b64_from_24bit (buf[18], buf[28], buf[8], 4);
b64_from_24bit (buf[9], buf[19], buf[29], 4);
b64_from_24bit (0, buf[31], buf[30], 3);
break;
case '6':
b64_from_24bit (buf[0], buf[21], buf[42], 4);
b64_from_24bit (buf[22], buf[43], buf[1], 4);
b64_from_24bit (buf[44], buf[2], buf[23], 4);
b64_from_24bit (buf[3], buf[24], buf[45], 4);
b64_from_24bit (buf[25], buf[46], buf[4], 4);
b64_from_24bit (buf[47], buf[5], buf[26], 4);
b64_from_24bit (buf[6], buf[27], buf[48], 4);
b64_from_24bit (buf[28], buf[49], buf[7], 4);
b64_from_24bit (buf[50], buf[8], buf[29], 4);
b64_from_24bit (buf[9], buf[30], buf[51], 4);
b64_from_24bit (buf[31], buf[52], buf[10], 4);
b64_from_24bit (buf[53], buf[11], buf[32], 4);
b64_from_24bit (buf[12], buf[33], buf[54], 4);
b64_from_24bit (buf[34], buf[55], buf[13], 4);
b64_from_24bit (buf[56], buf[14], buf[35], 4);
b64_from_24bit (buf[15], buf[36], buf[57], 4);
b64_from_24bit (buf[37], buf[58], buf[16], 4);
b64_from_24bit (buf[59], buf[17], buf[38], 4);
b64_from_24bit (buf[18], buf[39], buf[60], 4);
b64_from_24bit (buf[40], buf[61], buf[19], 4);
b64_from_24bit (buf[62], buf[20], buf[41], 4);
b64_from_24bit (0, 0, buf[63], 2);
break;
default:
goto err;
}
*cp = '\0';
#ifdef CHARSET_EBCDIC
ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
#endif
return out_buf;
err:
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
OPENSSL_free(p_bytes);
OPENSSL_free(s_bytes);
OPENSSL_free(ascii_passwd);
return NULL;
}
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table,
int reverse, size_t pw_maxlen, passwd_modes mode)
{
char *hash = NULL;
assert(salt_p != NULL);
assert(salt_malloc_p != NULL);
/* first make sure we have a salt */
if (!passed_salt) {
size_t saltlen = 0;
size_t i;
#ifndef OPENSSL_NO_DES
if (mode == passwd_crypt)
saltlen = 2;
#endif /* !OPENSSL_NO_DES */
if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5)
saltlen = 8;
if (mode == passwd_sha256 || mode == passwd_sha512)
saltlen = 16;
assert(saltlen != 0);
if (*salt_malloc_p == NULL)
*salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer");
if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0)
goto end;
for (i = 0; i < saltlen; i++)
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
(*salt_p)[i] = 0;
# ifdef CHARSET_EBCDIC
/* The password encryption funtion will convert back to ASCII */
ascii2ebcdic(*salt_p, *salt_p, saltlen);
# endif
}
assert(*salt_p != NULL);
/* truncate password if necessary */
if ((strlen(passwd) > pw_maxlen)) {
if (!quiet)
/*
* XXX: really we should know how to print a size_t, not cast it
*/
BIO_printf(bio_err,
"Warning: truncating password to %u characters\n",
(unsigned)pw_maxlen);
passwd[pw_maxlen] = 0;
}
assert(strlen(passwd) <= pw_maxlen);
/* now compute password hash */
#ifndef OPENSSL_NO_DES
if (mode == passwd_crypt)
hash = DES_crypt(passwd, *salt_p);
#endif
if (mode == passwd_md5 || mode == passwd_apr1)
hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
if (mode == passwd_aixmd5)
hash = md5crypt(passwd, "", *salt_p);
if (mode == passwd_sha256 || mode == passwd_sha512)
hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p);
assert(hash != NULL);
if (table && !reverse)
BIO_printf(out, "%s\t%s\n", passwd, hash);
else if (table && reverse)
BIO_printf(out, "%s\t%s\n", hash, passwd);
else
BIO_printf(out, "%s\n", hash);
return 1;
end:
return 0;
}

1
trunk/3rdparty/openssl-1.1-fit/apps/pca-cert.srl vendored Normal file
View file

@ -0,0 +1 @@
07

16
trunk/3rdparty/openssl-1.1-fit/apps/pca-key.pem vendored Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALYYjjtpLs/lfkPF
xAFZ4V3He5mZFbsEakK9bA2fQaryreRwyfhbXbDJHyBV+c4xI5fbmmVd2t/us4k4
rMhGsBtL89SqCEHhPJpLFywiQVmJTAjANYrWkZK5uR/++YmZyzuLfPHLButuK6cF
GKXw3NNToxjYooMf0mad2rPX3cKTAgMBAAECgYBvrJ+Nz/Pli9jjt2V9bqHH4Y7r
o/avuwVv6Ltbn0+mhy4d6w3yQhYzVSTBr/iDe59YglUt1WFl8/4nKZrNOIzHJlav
Sw4hd3fYBHxbT+DgZMQ9ikjHECWRdDffrnlTLsSJAcxnpMJBPe3dKCRDMUrqWUvB
IIKaxyqmXJms5Y/wAQJBAPFL9NMKJcWBftMKXCasxsV0ZGjgqHGZODYjtGFN9jJO
6AbZrxfCcapTWG4RCC2o/EDEMN8aArEhfdrYY3lhXGsCQQDBMRzFevkD7SYXTw5G
NA/gJOAsFMYbt7tebcCRsHT7t3ymVfO2QwK7ZF0f/SYvi7cMAPraHvO7s3kFdGTB
kDx5AkAHBICASsFCdzurA5gef9PgFjx9WFtNwnkCChPK6KuKVwUkfdw7wqnvnDDs
Mo6cVVfQwmPxeR4u7JxuavCprQ01AkEAp5ZGAh1J9Jj9CQ1AMbAp8WOrvzGKJTM9
641Dll4/LLif/d7j2kDJFuvaSMyeGnKVqGkVMq/U+QeYPR4Z5TuM6QJAWK05qFed
wYgTZyVN0MY53ZOMAIWwjz0cr24TvDfmsZqIvguGL616GKQZKdKDZQyQHg+dCzqJ
HgIoacuFDKz5CA==
-----END PRIVATE KEY-----

11
trunk/3rdparty/openssl-1.1-fit/apps/pca-req.pem vendored Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBnDCCAQUCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDDBNUZXN0IFBDQSAo
MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2GI47aS7P5X5D
xcQBWeFdx3uZmRW7BGpCvWwNn0Gq8q3kcMn4W12wyR8gVfnOMSOX25plXdrf7rOJ
OKzIRrAbS/PUqghB4TyaSxcsIkFZiUwIwDWK1pGSubkf/vmJmcs7i3zxywbrbiun
BRil8NzTU6MY2KKDH9Jmndqz193CkwIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEA
eJdCB0nHnFK0hek4biAxX0GuJXkknuUy46NKEhv3GBwt4gtO29bfkbQTGOsBBKNs
KptlnkItscOXY+0lSva9K3XlwD9do7k2IZFtXJVayZVw1GcKybIY0l7B6kcSxG7T
f3CsO+ifdrsJKtyoZNs96lBMrtXyGybt3mgQNdZauQU=
-----END CERTIFICATE REQUEST-----

968
trunk/3rdparty/openssl-1.1-fit/apps/pkcs12.c vendored Normal file
View file

@ -0,0 +1,968 @@
/*
* Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#if defined(OPENSSL_NO_DES)
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include "apps.h"
# include "progs.h"
# include <openssl/crypto.h>
# include <openssl/err.h>
# include <openssl/pem.h>
# include <openssl/pkcs12.h>
# define NOKEYS 0x1
# define NOCERTS 0x2
# define INFO 0x4
# define CLCERTS 0x8
# define CACERTS 0x10
#define PASSWD_BUF_SIZE 2048
static int get_cert_chain(X509 *cert, X509_STORE *store,
STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, const PKCS12 *p12,
const char *pass, int passlen, int options,
char *pempass, const EVP_CIPHER *enc);
int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
const char *pass, int passlen, int options,
char *pempass, const EVP_CIPHER *enc);
int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
const char *pass, int passlen,
int options, char *pempass, const EVP_CIPHER *enc);
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
static int alg_print(const X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
static int set_pbe(int *ppbe, const char *str);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS,
OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs12_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
{"keyex", OPT_KEYEX, '-', "Set MS key exchange type"},
{"keysig", OPT_KEYSIG, '-', "Set MS key signature type"},
{"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
{"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
{"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
{"noout", OPT_NOOUT, '-', "Don't output anything, just verify"},
{"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
{"chain", OPT_CHAIN, '-', "Add certificate chain"},
{"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
{"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
# ifndef OPENSSL_NO_RC2
{"descert", OPT_DESCERT, '-',
"Encrypt output with 3DES (default RC2-40)"},
{"certpbe", OPT_CERTPBE, 's',
"Certificate PBE algorithm (default RC2-40)"},
# else
{"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
{"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
# endif
{"export", OPT_EXPORT, '-', "Output PKCS12 file"},
{"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
{"maciter", OPT_MACITER, '-', "Use MAC iteration"},
{"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
{"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
{"LMK", OPT_LMK, '-',
"Add local machine keyset attribute to private key"},
{"nodes", OPT_NODES, '-', "Don't encrypt private keys"},
{"macalg", OPT_MACALG, 's',
"Digest algorithm used in MAC (default SHA1)"},
{"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
OPT_R_OPTIONS,
{"inkey", OPT_INKEY, 's', "Private key if not infile"},
{"certfile", OPT_CERTFILE, '<', "Load certs from file"},
{"name", OPT_NAME, 's', "Use name as friendly name"},
{"CSP", OPT_CSP, 's', "Microsoft CSP name"},
{"caname", OPT_CANAME, 's',
"Use name as CA friendly name (can be repeated)"},
{"in", OPT_IN, '<', "Input filename"},
{"out", OPT_OUT, '>', "Output filename"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"password", OPT_PASSWORD, 's', "Set import/export password source"},
{"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
{"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
{"no-CAfile", OPT_NOCAFILE, '-',
"Do not load the default certificates file"},
{"no-CApath", OPT_NOCAPATH, '-',
"Do not load certificates from the default certificates directory"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};
int pkcs12_main(int argc, char **argv)
{
char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
char *name = NULL, *csp_name = NULL;
char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
# ifndef OPENSSL_NO_RC2
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
# else
int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
# endif
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1, macver = 1, add_lmk = 0, private = 0;
int noprompt = 0;
char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL, *macalg = NULL;
char *cpass = NULL, *mpass = NULL, *badpass = NULL;
const char *CApath = NULL, *CAfile = NULL, *prog;
int noCApath = 0, noCAfile = 0;
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
PKCS12 *p12 = NULL;
STACK_OF(OPENSSL_STRING) *canames = NULL;
const EVP_CIPHER *enc = EVP_des_ede3_cbc();
OPTION_CHOICE o;
prog = opt_init(argc, argv, pkcs12_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkcs12_options);
ret = 0;
goto end;
case OPT_NOKEYS:
options |= NOKEYS;
break;
case OPT_KEYEX:
keytype = KEY_EX;
break;
case OPT_KEYSIG:
keytype = KEY_SIG;
break;
case OPT_NOCERTS:
options |= NOCERTS;
break;
case OPT_CLCERTS:
options |= CLCERTS;
break;
case OPT_CACERTS:
options |= CACERTS;
break;
case OPT_NOOUT:
options |= (NOKEYS | NOCERTS);
break;
case OPT_INFO:
options |= INFO;
break;
case OPT_CHAIN:
chain = 1;
break;
case OPT_TWOPASS:
twopass = 1;
break;
case OPT_NOMACVER:
macver = 0;
break;
case OPT_DESCERT:
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
break;
case OPT_EXPORT:
export_cert = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto opthelp;
break;
case OPT_NOITER:
iter = 1;
break;
case OPT_MACITER:
maciter = PKCS12_DEFAULT_ITER;
break;
case OPT_NOMACITER:
maciter = 1;
break;
case OPT_NOMAC:
maciter = -1;
break;
case OPT_MACALG:
macalg = opt_arg();
break;
case OPT_NODES:
enc = NULL;
break;
case OPT_CERTPBE:
if (!set_pbe(&cert_pbe, opt_arg()))
goto opthelp;
break;
case OPT_KEYPBE:
if (!set_pbe(&key_pbe, opt_arg()))
goto opthelp;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_INKEY:
keyname = opt_arg();
break;
case OPT_CERTFILE:
certfile = opt_arg();
break;
case OPT_NAME:
name = opt_arg();
break;
case OPT_LMK:
add_lmk = 1;
break;
case OPT_CSP:
csp_name = opt_arg();
break;
case OPT_CANAME:
if (canames == NULL
&& (canames = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(canames, opt_arg());
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_PASSWORD:
passarg = opt_arg();
break;
case OPT_CAPATH:
CApath = opt_arg();
break;
case OPT_CAFILE:
CAfile = opt_arg();
break;
case OPT_NOCAPATH:
noCApath = 1;
break;
case OPT_NOCAFILE:
noCAfile = 1;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = 1;
if (passarg != NULL) {
if (export_cert)
passoutarg = passarg;
else
passinarg = passarg;
}
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (cpass == NULL) {
if (export_cert)
cpass = passout;
else
cpass = passin;
}
if (cpass != NULL) {
mpass = cpass;
noprompt = 1;
if (twopass) {
if (export_cert)
BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
else
BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
goto end;
}
} else {
cpass = pass;
mpass = macpass;
}
if (twopass) {
/* To avoid bit rot */
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
if (EVP_read_pw_string(
macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
} else {
#endif
BIO_printf(bio_err, "Unsupported option -twopass\n");
goto end;
}
}
if (export_cert) {
EVP_PKEY *key = NULL;
X509 *ucert = NULL, *x = NULL;
STACK_OF(X509) *certs = NULL;
const EVP_MD *macmd = NULL;
unsigned char *catmp = NULL;
int i;
if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
BIO_printf(bio_err, "Nothing to do!\n");
goto export_end;
}
if (options & NOCERTS)
chain = 0;
if (!(options & NOKEYS)) {
key = load_key(keyname ? keyname : infile,
FORMAT_PEM, 1, passin, e, "private key");
if (key == NULL)
goto export_end;
}
/* Load in all certs in input file */
if (!(options & NOCERTS)) {
if (!load_certs(infile, &certs, FORMAT_PEM, NULL,
"certificates"))
goto export_end;
if (key != NULL) {
/* Look for matching private key */
for (i = 0; i < sk_X509_num(certs); i++) {
x = sk_X509_value(certs, i);
if (X509_check_private_key(x, key)) {
ucert = x;
/* Zero keyid and alias */
X509_keyid_set1(ucert, NULL, 0);
X509_alias_set1(ucert, NULL, 0);
/* Remove from list */
(void)sk_X509_delete(certs, i);
break;
}
}
if (ucert == NULL) {
BIO_printf(bio_err,
"No certificate matches private key\n");
goto export_end;
}
}
}
/* Add any more certificates asked for */
if (certfile != NULL) {
if (!load_certs(certfile, &certs, FORMAT_PEM, NULL,
"certificates from certfile"))
goto export_end;
}
/* If chaining get chain from user cert */
if (chain) {
int vret;
STACK_OF(X509) *chain2;
X509_STORE *store;
if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath))
== NULL)
goto export_end;
vret = get_cert_chain(ucert, store, &chain2);
X509_STORE_free(store);
if (vret == X509_V_OK) {
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num(chain2); i++)
sk_X509_push(certs, sk_X509_value(chain2, i));
/* Free first certificate */
X509_free(sk_X509_value(chain2, 0));
sk_X509_free(chain2);
} else {
if (vret != X509_V_ERR_UNSPECIFIED)
BIO_printf(bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
else
ERR_print_errors(bio_err);
goto export_end;
}
}
/* Add any CA names */
for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
}
if (csp_name != NULL && key != NULL)
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
MBSTRING_ASC, (unsigned char *)csp_name,
-1);
if (add_lmk && key != NULL)
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
if (!noprompt) {
/* To avoid bit rot */
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
if (EVP_read_pw_string(pass, sizeof(pass),
"Enter Export Password:", 1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
}
} else {
#endif
BIO_printf(bio_err, "Password required\n");
goto export_end;
}
}
if (!twopass)
OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
p12 = PKCS12_create(cpass, name, key, ucert, certs,
key_pbe, cert_pbe, iter, -1, keytype);
if (!p12) {
ERR_print_errors(bio_err);
goto export_end;
}
if (macalg) {
if (!opt_md(macalg, &macmd))
goto opthelp;
}
if (maciter != -1)
PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
assert(private);
out = bio_open_owner(outfile, FORMAT_PKCS12, private);
if (out == NULL)
goto end;
i2d_PKCS12_bio(out, p12);
ret = 0;
export_end:
EVP_PKEY_free(key);
sk_X509_pop_free(certs, X509_free);
X509_free(ucert);
goto end;
}
in = bio_open_default(infile, 'r', FORMAT_PKCS12);
if (in == NULL)
goto end;
out = bio_open_owner(outfile, FORMAT_PEM, private);
if (out == NULL)
goto end;
if ((p12 = d2i_PKCS12_bio(in, NULL)) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (!noprompt) {
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
} else {
#endif
BIO_printf(bio_err, "Password required\n");
goto end;
}
}
if (!twopass)
OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && PKCS12_mac_present(p12)) {
const ASN1_INTEGER *tmaciter;
const X509_ALGOR *macalgid;
const ASN1_OBJECT *macobj;
const ASN1_OCTET_STRING *tmac;
const ASN1_OCTET_STRING *tsalt;
PKCS12_get0_mac(&tmac, &macalgid, &tsalt, &tmaciter, p12);
/* current hash algorithms do not use parameters so extract just name,
in future alg_print() may be needed */
X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
BIO_puts(bio_err, "MAC: ");
i2a_ASN1_OBJECT(bio_err, macobj);
BIO_printf(bio_err, ", Iteration %ld\n",
tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
}
if (macver) {
/* If we enter empty password try no password first */
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
/* If mac and crypto pass the same set it to NULL too */
if (!twopass)
cpass = NULL;
} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
/*
* May be UTF8 from previous version of OpenSSL:
* convert to a UTF8 form which will translate
* to the same Unicode password.
*/
unsigned char *utmp;
int utmplen;
utmp = OPENSSL_asc2uni(mpass, -1, NULL, &utmplen);
if (utmp == NULL)
goto end;
badpass = OPENSSL_uni2utf8(utmp, utmplen);
OPENSSL_free(utmp);
if (!PKCS12_verify_mac(p12, badpass, -1)) {
BIO_printf(bio_err, "Mac verify error: invalid password?\n");
ERR_print_errors(bio_err);
goto end;
} else {
BIO_printf(bio_err, "Warning: using broken algorithm\n");
if (!twopass)
cpass = badpass;
}
}
}
assert(private);
if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) {
BIO_printf(bio_err, "Error outputting keys and certificates\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
end:
PKCS12_free(p12);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
sk_OPENSSL_STRING_free(canames);
OPENSSL_free(badpass);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;
}
int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
int passlen, int options, char *pempass,
const EVP_CIPHER *enc)
{
STACK_OF(PKCS7) *asafes = NULL;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid;
int ret = 0;
PKCS7 *p7;
if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
return 0;
for (i = 0; i < sk_PKCS7_num(asafes); i++) {
p7 = sk_PKCS7_value(asafes, i);
bagnid = OBJ_obj2nid(p7->type);
if (bagnid == NID_pkcs7_data) {
bags = PKCS12_unpack_p7data(p7);
if (options & INFO)
BIO_printf(bio_err, "PKCS7 Data\n");
} else if (bagnid == NID_pkcs7_encrypted) {
if (options & INFO) {
BIO_printf(bio_err, "PKCS7 Encrypted data: ");
alg_print(p7->d.encrypted->enc_data->algorithm);
}
bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
} else {
continue;
}
if (!bags)
goto err;
if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
options, pempass, enc)) {
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
goto err;
}
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
bags = NULL;
}
ret = 1;
err:
sk_PKCS7_pop_free(asafes, PKCS7_free);
return ret;
}
int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
const char *pass, int passlen, int options,
char *pempass, const EVP_CIPHER *enc)
{
int i;
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
if (!dump_certs_pkeys_bag(out,
sk_PKCS12_SAFEBAG_value(bags, i),
pass, passlen, options, pempass, enc))
return 0;
}
return 1;
}
int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag,
const char *pass, int passlen, int options,
char *pempass, const EVP_CIPHER *enc)
{
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
const PKCS8_PRIV_KEY_INFO *p8c;
X509 *x509;
const STACK_OF(X509_ATTRIBUTE) *attrs;
int ret = 0;
attrs = PKCS12_SAFEBAG_get0_attrs(bag);
switch (PKCS12_SAFEBAG_get_nid(bag)) {
case NID_keyBag:
if (options & INFO)
BIO_printf(bio_err, "Key bag\n");
if (options & NOKEYS)
return 1;
print_attribs(out, attrs, "Bag Attributes");
p8c = PKCS12_SAFEBAG_get0_p8inf(bag);
if ((pkey = EVP_PKCS82PKEY(p8c)) == NULL)
return 0;
print_attribs(out, PKCS8_pkey_get0_attrs(p8c), "Key Attributes");
ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
case NID_pkcs8ShroudedKeyBag:
if (options & INFO) {
const X509_SIG *tp8;
const X509_ALGOR *tp8alg;
BIO_printf(bio_err, "Shrouded Keybag: ");
tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag);
X509_SIG_get0(tp8, &tp8alg, NULL);
alg_print(tp8alg);
}
if (options & NOKEYS)
return 1;
print_attribs(out, attrs, "Bag Attributes");
if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
return 0;
if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) {
PKCS8_PRIV_KEY_INFO_free(p8);
return 0;
}
print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
case NID_certBag:
if (options & INFO)
BIO_printf(bio_err, "Certificate bag\n");
if (options & NOCERTS)
return 1;
if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)) {
if (options & CACERTS)
return 1;
} else if (options & CLCERTS)
return 1;
print_attribs(out, attrs, "Bag Attributes");
if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
return 1;
if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
return 0;
dump_cert_text(out, x509);
ret = PEM_write_bio_X509(out, x509);
X509_free(x509);
break;
case NID_safeContentsBag:
if (options & INFO)
BIO_printf(bio_err, "Safe Contents bag\n");
print_attribs(out, attrs, "Bag Attributes");
return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag),
pass, passlen, options, pempass, enc);
default:
BIO_printf(bio_err, "Warning unsupported bag type: ");
i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_type(bag));
BIO_printf(bio_err, "\n");
return 1;
}
return ret;
}
/* Given a single certificate return a verified chain or NULL if error */
static int get_cert_chain(X509 *cert, X509_STORE *store,
STACK_OF(X509) **chain)
{
X509_STORE_CTX *store_ctx = NULL;
STACK_OF(X509) *chn = NULL;
int i = 0;
store_ctx = X509_STORE_CTX_new();
if (store_ctx == NULL) {
i = X509_V_ERR_UNSPECIFIED;
goto end;
}
if (!X509_STORE_CTX_init(store_ctx, store, cert, NULL)) {
i = X509_V_ERR_UNSPECIFIED;
goto end;
}
if (X509_verify_cert(store_ctx) > 0)
chn = X509_STORE_CTX_get1_chain(store_ctx);
else if ((i = X509_STORE_CTX_get_error(store_ctx)) == 0)
i = X509_V_ERR_UNSPECIFIED;
end:
X509_STORE_CTX_free(store_ctx);
*chain = chn;
return i;
}
static int alg_print(const X509_ALGOR *alg)
{
int pbenid, aparamtype;
const ASN1_OBJECT *aoid;
const void *aparam;
PBEPARAM *pbe = NULL;
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
pbenid = OBJ_obj2nid(aoid);
BIO_printf(bio_err, "%s", OBJ_nid2ln(pbenid));
/*
* If PBE algorithm is PBES2 decode algorithm parameters
* for additional details.
*/
if (pbenid == NID_pbes2) {
PBE2PARAM *pbe2 = NULL;
int encnid;
if (aparamtype == V_ASN1_SEQUENCE)
pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
if (pbe2 == NULL) {
BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
pbenid = OBJ_obj2nid(aoid);
X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
encnid = OBJ_obj2nid(aoid);
BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid),
OBJ_nid2sn(encnid));
/* If KDF is PBKDF2 decode parameters */
if (pbenid == NID_id_pbkdf2) {
PBKDF2PARAM *kdf = NULL;
int prfnid;
if (aparamtype == V_ASN1_SEQUENCE)
kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
if (kdf == NULL) {
BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
if (kdf->prf == NULL) {
prfnid = NID_hmacWithSHA1;
} else {
X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
prfnid = OBJ_obj2nid(aoid);
}
BIO_printf(bio_err, ", Iteration %ld, PRF %s",
ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
PBKDF2PARAM_free(kdf);
#ifndef OPENSSL_NO_SCRYPT
} else if (pbenid == NID_id_scrypt) {
SCRYPT_PARAMS *kdf = NULL;
if (aparamtype == V_ASN1_SEQUENCE)
kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(SCRYPT_PARAMS));
if (kdf == NULL) {
BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, "
"Block size(r): %ld, Paralelizm(p): %ld",
ASN1_STRING_length(kdf->salt),
ASN1_INTEGER_get(kdf->costParameter),
ASN1_INTEGER_get(kdf->blockSize),
ASN1_INTEGER_get(kdf->parallelizationParameter));
SCRYPT_PARAMS_free(kdf);
#endif
}
PBE2PARAM_free(pbe2);
} else {
if (aparamtype == V_ASN1_SEQUENCE)
pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
if (pbe == NULL) {
BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free(pbe);
}
done:
BIO_puts(bio_err, "\n");
return 1;
}
/* Load all certificates from a given file */
int cert_load(BIO *in, STACK_OF(X509) *sk)
{
int ret;
X509 *cert;
ret = 0;
while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
ret = 1;
sk_X509_push(sk, cert);
}
if (ret)
ERR_clear_error();
return ret;
}
/* Generalised attribute print: handle PKCS#8 and bag attributes */
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *av;
char *value;
int i, attr_nid;
if (!attrlst) {
BIO_printf(out, "%s: <No Attributes>\n", name);
return 1;
}
if (!sk_X509_ATTRIBUTE_num(attrlst)) {
BIO_printf(out, "%s: <Empty Attributes>\n", name);
return 1;
}
BIO_printf(out, "%s\n", name);
for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
ASN1_OBJECT *attr_obj;
attr = sk_X509_ATTRIBUTE_value(attrlst, i);
attr_obj = X509_ATTRIBUTE_get0_object(attr);
attr_nid = OBJ_obj2nid(attr_obj);
BIO_printf(out, " ");
if (attr_nid == NID_undef) {
i2a_ASN1_OBJECT(out, attr_obj);
BIO_printf(out, ": ");
} else {
BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
}
if (X509_ATTRIBUTE_count(attr)) {
av = X509_ATTRIBUTE_get0_type(attr, 0);
switch (av->type) {
case V_ASN1_BMPSTRING:
value = OPENSSL_uni2asc(av->value.bmpstring->data,
av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
OPENSSL_free(value);
break;
case V_ASN1_OCTET_STRING:
hex_prin(out, av->value.octet_string->data,
av->value.octet_string->length);
BIO_printf(out, "\n");
break;
case V_ASN1_BIT_STRING:
hex_prin(out, av->value.bit_string->data,
av->value.bit_string->length);
BIO_printf(out, "\n");
break;
default:
BIO_printf(out, "<Unsupported tag %d>\n", av->type);
break;
}
} else {
BIO_printf(out, "<No Values>\n");
}
}
return 1;
}
void hex_prin(BIO *out, unsigned char *buf, int len)
{
int i;
for (i = 0; i < len; i++)
BIO_printf(out, "%02X ", buf[i]);
}
static int set_pbe(int *ppbe, const char *str)
{
if (!str)
return 0;
if (strcmp(str, "NONE") == 0) {
*ppbe = -1;
return 1;
}
*ppbe = OBJ_txt2nid(str);
if (*ppbe == NID_undef) {
BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
return 0;
}
return 1;
}
#endif

198
trunk/3rdparty/openssl-1.1-fit/apps/pkcs7.c vendored Normal file
View file

@ -0,0 +1,198 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE
} OPTION_CHOICE;
const OPTIONS pkcs7_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"noout", OPT_NOOUT, '-', "Don't output encoded data"},
{"text", OPT_TEXT, '-', "Print full details of certificates"},
{"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
{"print_certs", OPT_PRINT_CERTS, '-',
"Print_certs print any certs or crl in the input"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int pkcs7_main(int argc, char **argv)
{
ENGINE *e = NULL;
PKCS7 *p7 = NULL;
BIO *in = NULL, *out = NULL;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
char *infile = NULL, *outfile = NULL, *prog;
int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
OPTION_CHOICE o;
prog = opt_init(argc, argv, pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkcs7_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_PRINT:
p7_print = 1;
break;
case OPT_PRINT_CERTS:
print_certs = 1;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
if (informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
if (p7 == NULL) {
BIO_printf(bio_err, "unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
if (print_certs) {
STACK_OF(X509) *certs = NULL;
STACK_OF(X509_CRL) *crls = NULL;
i = OBJ_obj2nid(p7->type);
switch (i) {
case NID_pkcs7_signed:
if (p7->d.sign != NULL) {
certs = p7->d.sign->cert;
crls = p7->d.sign->crl;
}
break;
case NID_pkcs7_signedAndEnveloped:
if (p7->d.signed_and_enveloped != NULL) {
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
}
break;
default:
break;
}
if (certs != NULL) {
X509 *x;
for (i = 0; i < sk_X509_num(certs); i++) {
x = sk_X509_value(certs, i);
if (text)
X509_print(out, x);
else
dump_cert_text(out, x);
if (!noout)
PEM_write_bio_X509(out, x);
BIO_puts(out, "\n");
}
}
if (crls != NULL) {
X509_CRL *crl;
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
crl = sk_X509_CRL_value(crls, i);
X509_CRL_print_ex(out, crl, get_nameopt());
if (!noout)
PEM_write_bio_X509_CRL(out, crl);
BIO_puts(out, "\n");
}
}
ret = 0;
goto end;
}
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else
i = PEM_write_bio_PKCS7(out, p7);
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret = 0;
end:
PKCS7_free(p7);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
return ret;
}

359
trunk/3rdparty/openssl-1.1-fit/apps/pkcs8.c vendored Normal file
View file

@ -0,0 +1,359 @@
/*
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT,
#ifndef OPENSSL_NO_SCRYPT
OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
#endif
OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
OPT_TRADITIONAL,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs8_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"topk8", OPT_TOPK8, '-', "Output PKCS8 file"},
{"noiter", OPT_NOITER, '-', "Use 1 as iteration count"},
{"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
OPT_R_OPTIONS,
{"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
{"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
{"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
{"iter", OPT_ITER, 'p', "Specify the iteration count"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
#ifndef OPENSSL_NO_SCRYPT
{"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
{"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
{"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
{"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
#endif
{NULL}
};
int pkcs8_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
X509_SIG *p8 = NULL;
const EVP_CIPHER *cipher = NULL;
char *infile = NULL, *outfile = NULL;
char *passinarg = NULL, *passoutarg = NULL, *prog;
#ifndef OPENSSL_NO_UI_CONSOLE
char pass[APP_PASS_LEN];
#endif
char *passin = NULL, *passout = NULL, *p8pass = NULL;
OPTION_CHOICE o;
int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
int private = 0, traditional = 0;
#ifndef OPENSSL_NO_SCRYPT
long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
#endif
prog = opt_init(argc, argv, pkcs8_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkcs8_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_TOPK8:
topk8 = 1;
break;
case OPT_NOITER:
iter = 1;
break;
case OPT_NOCRYPT:
nocrypt = 1;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_TRADITIONAL:
traditional = 1;
break;
case OPT_V2:
if (!opt_cipher(opt_arg(), &cipher))
goto opthelp;
break;
case OPT_V1:
pbe_nid = OBJ_txt2nid(opt_arg());
if (pbe_nid == NID_undef) {
BIO_printf(bio_err,
"%s: Unknown PBE algorithm %s\n", prog, opt_arg());
goto opthelp;
}
break;
case OPT_V2PRF:
pbe_nid = OBJ_txt2nid(opt_arg());
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
BIO_printf(bio_err,
"%s: Unknown PRF algorithm %s\n", prog, opt_arg());
goto opthelp;
}
if (cipher == NULL)
cipher = EVP_aes_256_cbc();
break;
case OPT_ITER:
if (!opt_int(opt_arg(), &iter))
goto opthelp;
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
#ifndef OPENSSL_NO_SCRYPT
case OPT_SCRYPT:
scrypt_N = 16384;
scrypt_r = 8;
scrypt_p = 1;
if (cipher == NULL)
cipher = EVP_aes_256_cbc();
break;
case OPT_SCRYPT_N:
if (!opt_long(opt_arg(), &scrypt_N) || scrypt_N <= 0)
goto opthelp;
break;
case OPT_SCRYPT_R:
if (!opt_long(opt_arg(), &scrypt_r) || scrypt_r <= 0)
goto opthelp;
break;
case OPT_SCRYPT_P:
if (!opt_long(opt_arg(), &scrypt_p) || scrypt_p <= 0)
goto opthelp;
break;
#endif
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = 1;
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if ((pbe_nid == -1) && cipher == NULL)
cipher = EVP_aes_256_cbc();
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
if (topk8) {
pkey = load_key(infile, informat, 1, passin, e, "key");
if (pkey == NULL)
goto end;
if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) {
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
goto end;
}
if (nocrypt) {
assert(private);
if (outformat == FORMAT_PEM) {
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
} else if (outformat == FORMAT_ASN1) {
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
} else {
X509_ALGOR *pbe;
if (cipher) {
#ifndef OPENSSL_NO_SCRYPT
if (scrypt_N && scrypt_r && scrypt_p)
pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
scrypt_N, scrypt_r, scrypt_p);
else
#endif
pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
pbe_nid);
} else {
pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0);
}
if (pbe == NULL) {
BIO_printf(bio_err, "Error setting PBE algorithm\n");
ERR_print_errors(bio_err);
goto end;
}
if (passout != NULL) {
p8pass = passout;
} else if (1) {
/* To avoid bit rot */
#ifndef OPENSSL_NO_UI_CONSOLE
p8pass = pass;
if (EVP_read_pw_string
(pass, sizeof(pass), "Enter Encryption Password:", 1)) {
X509_ALGOR_free(pbe);
goto end;
}
} else {
#endif
BIO_printf(bio_err, "Password required\n");
goto end;
}
p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe);
if (p8 == NULL) {
X509_ALGOR_free(pbe);
BIO_printf(bio_err, "Error encrypting key\n");
ERR_print_errors(bio_err);
goto end;
}
assert(private);
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8(out, p8);
else if (outformat == FORMAT_ASN1)
i2d_PKCS8_bio(out, p8);
else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
ret = 0;
goto end;
}
if (nocrypt) {
if (informat == FORMAT_PEM) {
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
} else if (informat == FORMAT_ASN1) {
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
} else {
if (informat == FORMAT_PEM) {
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
} else if (informat == FORMAT_ASN1) {
p8 = d2i_PKCS8_bio(in, NULL);
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
if (p8 == NULL) {
BIO_printf(bio_err, "Error reading key\n");
ERR_print_errors(bio_err);
goto end;
}
if (passin != NULL) {
p8pass = passin;
} else if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
p8pass = pass;
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
} else {
#endif
BIO_printf(bio_err, "Password required\n");
goto end;
}
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
}
if (p8inf == NULL) {
BIO_printf(bio_err, "Error decrypting key\n");
ERR_print_errors(bio_err);
goto end;
}
if ((pkey = EVP_PKCS82PKEY(p8inf)) == NULL) {
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
goto end;
}
assert(private);
if (outformat == FORMAT_PEM) {
if (traditional)
PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
NULL, passout);
else
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
} else if (outformat == FORMAT_ASN1) {
i2d_PrivateKey_bio(out, pkey);
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
ret = 0;
end:
X509_SIG_free(p8);
PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
release_engine(e);
BIO_free_all(out);
BIO_free(in);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;
}

243
trunk/3rdparty/openssl-1.1-fit/apps/pkey.c vendored Normal file
View file

@ -0,0 +1,243 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK
} OPTION_CHOICE;
const OPTIONS pkey_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"in", OPT_IN, 's', "Input key"},
{"out", OPT_OUT, '>', "Output file"},
{"pubin", OPT_PUBIN, '-',
"Read public key from input (default is private key)"},
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"text_pub", OPT_TEXT_PUB, '-', "Only output public key components"},
{"text", OPT_TEXT, '-', "Output in plaintext as well"},
{"noout", OPT_NOOUT, '-', "Don't output the key"},
{"", OPT_MD, '-', "Any supported cipher"},
{"traditional", OPT_TRADITIONAL, '-',
"Use traditional format for private keys"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"check", OPT_CHECK, '-', "Check key consistency"},
{"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"},
{NULL}
};
int pkey_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
const EVP_CIPHER *cipher = NULL;
char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
char *passinarg = NULL, *passoutarg = NULL, *prog;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
int private = 0, traditional = 0, check = 0, pub_check = 0;
prog = opt_init(argc, argv, pkey_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkey_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PUBIN:
pubin = pubout = pubtext = 1;
break;
case OPT_PUBOUT:
pubout = 1;
break;
case OPT_TEXT_PUB:
pubtext = text = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_TRADITIONAL:
traditional = 1;
break;
case OPT_CHECK:
check = 1;
break;
case OPT_PUB_CHECK:
pub_check = 1;
break;
case OPT_MD:
if (!opt_cipher(opt_unknown(), &cipher))
goto opthelp;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = !noout && !pubout ? 1 : 0;
if (text && !pubtext)
private = 1;
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "key");
if (pkey == NULL)
goto end;
if (check || pub_check) {
int r;
EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (check)
r = EVP_PKEY_check(ctx);
else
r = EVP_PKEY_public_check(ctx);
if (r == 1) {
BIO_printf(out, "Key is valid\n");
} else {
/*
* Note: at least for RSA keys if this function returns
* -1, there will be no error reasons.
*/
unsigned long err;
BIO_printf(out, "Key is invalid\n");
while ((err = ERR_peek_error()) != 0) {
BIO_printf(out, "Detailed error: %s\n",
ERR_reason_error_string(err));
ERR_get_error(); /* remove err from error stack */
}
}
EVP_PKEY_CTX_free(ctx);
}
if (!noout) {
if (outformat == FORMAT_PEM) {
if (pubout) {
if (!PEM_write_bio_PUBKEY(out, pkey))
goto end;
} else {
assert(private);
if (traditional) {
if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
NULL, 0, NULL,
passout))
goto end;
} else {
if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
NULL, 0, NULL, passout))
goto end;
}
}
} else if (outformat == FORMAT_ASN1) {
if (pubout) {
if (!i2d_PUBKEY_bio(out, pkey))
goto end;
} else {
assert(private);
if (!i2d_PrivateKey_bio(out, pkey))
goto end;
}
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
if (text) {
if (pubtext) {
if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0)
goto end;
} else {
assert(private);
if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0)
goto end;
}
}
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
EVP_PKEY_free(pkey);
release_engine(e);
BIO_free_all(out);
BIO_free(in);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;
}

142
trunk/3rdparty/openssl-1.1-fit/apps/pkeyparam.c vendored Normal file
View file

@ -0,0 +1,142 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
OPT_ENGINE, OPT_CHECK
} OPTION_CHOICE;
const OPTIONS pkeyparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"text", OPT_TEXT, '-', "Print parameters as text"},
{"noout", OPT_NOOUT, '-', "Don't output encoded parameters"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"check", OPT_CHECK, '-', "Check key param consistency"},
{NULL}
};
int pkeyparam_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
EVP_PKEY *pkey = NULL;
int text = 0, noout = 0, ret = 1, check = 0;
OPTION_CHOICE o;
char *infile = NULL, *outfile = NULL, *prog;
prog = opt_init(argc, argv, pkeyparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkeyparam_options);
ret = 0;
goto end;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_TEXT:
text = 1;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_CHECK:
check = 1;
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
in = bio_open_default(infile, 'r', FORMAT_PEM);
if (in == NULL)
goto end;
out = bio_open_default(outfile, 'w', FORMAT_PEM);
if (out == NULL)
goto end;
pkey = PEM_read_bio_Parameters(in, NULL);
if (pkey == NULL) {
BIO_printf(bio_err, "Error reading parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (check) {
int r;
EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
}
r = EVP_PKEY_param_check(ctx);
if (r == 1) {
BIO_printf(out, "Parameters are valid\n");
} else {
/*
* Note: at least for RSA keys if this function returns
* -1, there will be no error reasons.
*/
unsigned long err;
BIO_printf(out, "Parameters are invalid\n");
while ((err = ERR_peek_error()) != 0) {
BIO_printf(out, "Detailed error: %s\n",
ERR_reason_error_string(err));
ERR_get_error(); /* remove err from error stack */
}
}
EVP_PKEY_CTX_free(ctx);
}
if (!noout)
PEM_write_bio_Parameters(out, pkey);
if (text)
EVP_PKEY_print_params(out, pkey, 0, NULL);
ret = 0;
end:
EVP_PKEY_free(pkey);
release_engine(e);
BIO_free_all(out);
BIO_free(in);
return ret;
}

525
trunk/3rdparty/openssl-1.1-fit/apps/pkeyutl.c vendored Normal file
View file

@ -0,0 +1,525 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "apps.h"
#include "progs.h"
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#define KEY_NONE 0
#define KEY_PRIVKEY 1
#define KEY_PUBKEY 2
#define KEY_CERT 3
static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
const char *keyfile, int keyform, int key_type,
char *passinarg, int pkey_op, ENGINE *e,
const int impl);
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE *e);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
const unsigned char *in, size_t inlen);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS pkeyutl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"pubin", OPT_PUBIN, '-', "Input is a public key"},
{"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
{"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
{"sign", OPT_SIGN, '-', "Sign input data with private key"},
{"verify", OPT_VERIFY, '-', "Verify with public key"},
{"verifyrecover", OPT_VERIFYRECOVER, '-',
"Verify with public key, recover original data"},
{"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
{"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
{"derive", OPT_DERIVE, '-', "Derive shared secret"},
{"kdf", OPT_KDF, 's', "Use KDF algorithm"},
{"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
{"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
{"inkey", OPT_INKEY, 's', "Input private key file"},
{"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
"Also use engine given by -engine for crypto operations"},
#endif
{NULL}
};
int pkeyutl_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL;
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
OPTION_CHOICE o;
int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int engine_impl = 0;
int ret = 1, rv = -1;
size_t buf_outlen;
const char *inkey = NULL;
const char *peerkey = NULL;
const char *kdfalg = NULL;
int kdflen = 0;
STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
prog = opt_init(argc, argv, pkeyutl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkeyutl_options);
ret = 0;
goto end;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_SIGFILE:
sigfile = opt_arg();
break;
case OPT_ENGINE_IMPL:
engine_impl = 1;
break;
case OPT_INKEY:
inkey = opt_arg();
break;
case OPT_PEERKEY:
peerkey = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PEERFORM:
if (!opt_format(opt_arg(), OPT_FMT_PDE, &peerform))
goto opthelp;
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform))
goto opthelp;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PUBIN:
key_type = KEY_PUBKEY;
break;
case OPT_CERTIN:
key_type = KEY_CERT;
break;
case OPT_ASN1PARSE:
asn1parse = 1;
break;
case OPT_HEXDUMP:
hexdump = 1;
break;
case OPT_SIGN:
pkey_op = EVP_PKEY_OP_SIGN;
break;
case OPT_VERIFY:
pkey_op = EVP_PKEY_OP_VERIFY;
break;
case OPT_VERIFYRECOVER:
pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
break;
case OPT_ENCRYPT:
pkey_op = EVP_PKEY_OP_ENCRYPT;
break;
case OPT_DECRYPT:
pkey_op = EVP_PKEY_OP_DECRYPT;
break;
case OPT_DERIVE:
pkey_op = EVP_PKEY_OP_DERIVE;
break;
case OPT_KDF:
pkey_op = EVP_PKEY_OP_DERIVE;
key_type = KEY_NONE;
kdfalg = opt_arg();
break;
case OPT_KDFLEN:
kdflen = atoi(opt_arg());
break;
case OPT_REV:
rev = 1;
break;
case OPT_PKEYOPT:
if ((pkeyopts == NULL &&
(pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) {
BIO_puts(bio_err, "out of memory\n");
goto end;
}
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
if (kdfalg != NULL) {
if (kdflen == 0) {
BIO_printf(bio_err,
"%s: no KDF length given (-kdflen parameter).\n", prog);
goto opthelp;
}
} else if (inkey == NULL) {
BIO_printf(bio_err,
"%s: no private key given (-inkey parameter).\n", prog);
goto opthelp;
} else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) {
BIO_printf(bio_err,
"%s: no peer key given (-peerkey parameter).\n", prog);
goto opthelp;
}
ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
passinarg, pkey_op, e, engine_impl);
if (ctx == NULL) {
BIO_printf(bio_err, "%s: Error initializing context\n", prog);
ERR_print_errors(bio_err);
goto end;
}
if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) {
BIO_printf(bio_err, "%s: Error setting up peer key\n", prog);
ERR_print_errors(bio_err);
goto end;
}
if (pkeyopts != NULL) {
int num = sk_OPENSSL_STRING_num(pkeyopts);
int i;
for (i = 0; i < num; ++i) {
const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
if (pkey_ctrl_string(ctx, opt) <= 0) {
BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
prog, opt);
ERR_print_errors(bio_err);
goto end;
}
}
}
if (sigfile != NULL && (pkey_op != EVP_PKEY_OP_VERIFY)) {
BIO_printf(bio_err,
"%s: Signature file specified for non verify\n", prog);
goto end;
}
if (sigfile == NULL && (pkey_op == EVP_PKEY_OP_VERIFY)) {
BIO_printf(bio_err,
"%s: No signature file specified for verify\n", prog);
goto end;
}
if (pkey_op != EVP_PKEY_OP_DERIVE) {
in = bio_open_default(infile, 'r', FORMAT_BINARY);
if (in == NULL)
goto end;
}
out = bio_open_default(outfile, 'w', FORMAT_BINARY);
if (out == NULL)
goto end;
if (sigfile != NULL) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
if (sigbio == NULL) {
BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
goto end;
}
siglen = bio_to_mem(&sig, keysize * 10, sigbio);
BIO_free(sigbio);
if (siglen < 0) {
BIO_printf(bio_err, "Error reading signature data\n");
goto end;
}
}
if (in != NULL) {
/* Read the input data */
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
if (buf_inlen < 0) {
BIO_printf(bio_err, "Error reading input Data\n");
goto end;
}
if (rev) {
size_t i;
unsigned char ctmp;
size_t l = (size_t)buf_inlen;
for (i = 0; i < l / 2; i++) {
ctmp = buf_in[i];
buf_in[i] = buf_in[l - 1 - i];
buf_in[l - 1 - i] = ctmp;
}
}
}
/* Sanity check the input */
if (buf_inlen > EVP_MAX_MD_SIZE
&& (pkey_op == EVP_PKEY_OP_SIGN
|| pkey_op == EVP_PKEY_OP_VERIFY
|| pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
BIO_printf(bio_err,
"Error: The input data looks too long to be a hash\n");
goto end;
}
if (pkey_op == EVP_PKEY_OP_VERIFY) {
rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
buf_in, (size_t)buf_inlen);
if (rv == 1) {
BIO_puts(out, "Signature Verified Successfully\n");
ret = 0;
} else {
BIO_puts(out, "Signature Verification Failure\n");
}
goto end;
}
if (kdflen != 0) {
buf_outlen = kdflen;
rv = 1;
} else {
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
}
if (rv > 0 && buf_outlen != 0) {
buf_out = app_malloc(buf_outlen, "buffer output");
rv = do_keyop(ctx, pkey_op,
buf_out, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
}
if (rv <= 0) {
if (pkey_op != EVP_PKEY_OP_DERIVE) {
BIO_puts(bio_err, "Public Key operation error\n");
} else {
BIO_puts(bio_err, "Key derivation failed\n");
}
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
if (asn1parse) {
if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
ERR_print_errors(bio_err);
} else if (hexdump) {
BIO_dump(out, (char *)buf_out, buf_outlen);
} else {
BIO_write(out, buf_out, buf_outlen);
}
end:
EVP_PKEY_CTX_free(ctx);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
OPENSSL_free(buf_in);
OPENSSL_free(buf_out);
OPENSSL_free(sig);
sk_OPENSSL_STRING_free(pkeyopts);
return ret;
}
static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
const char *keyfile, int keyform, int key_type,
char *passinarg, int pkey_op, ENGINE *e,
const int engine_impl)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
ENGINE *impl = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
|| (pkey_op == EVP_PKEY_OP_DERIVE))
&& (key_type != KEY_PRIVKEY && kdfalg == NULL)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
break;
case KEY_CERT:
x = load_cert(keyfile, keyform, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
}
break;
case KEY_NONE:
break;
}
#ifndef OPENSSL_NO_ENGINE
if (engine_impl)
impl = e;
#endif
if (kdfalg != NULL) {
int kdfnid = OBJ_sn2nid(kdfalg);
if (kdfnid == NID_undef) {
kdfnid = OBJ_ln2nid(kdfalg);
if (kdfnid == NID_undef) {
BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n",
kdfalg);
goto end;
}
}
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
} else {
if (pkey == NULL)
goto end;
*pkeysize = EVP_PKEY_size(pkey);
ctx = EVP_PKEY_CTX_new(pkey, impl);
EVP_PKEY_free(pkey);
}
if (ctx == NULL)
goto end;
switch (pkey_op) {
case EVP_PKEY_OP_SIGN:
rv = EVP_PKEY_sign_init(ctx);
break;
case EVP_PKEY_OP_VERIFY:
rv = EVP_PKEY_verify_init(ctx);
break;
case EVP_PKEY_OP_VERIFYRECOVER:
rv = EVP_PKEY_verify_recover_init(ctx);
break;
case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt_init(ctx);
break;
case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt_init(ctx);
break;
case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive_init(ctx);
break;
}
if (rv <= 0) {
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
}
end:
OPENSSL_free(passin);
return ctx;
}
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE *e)
{
EVP_PKEY *peer = NULL;
ENGINE *engine = NULL;
int ret;
if (peerform == FORMAT_ENGINE)
engine = e;
peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
if (peer == NULL) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
ERR_print_errors(bio_err);
return 0;
}
ret = EVP_PKEY_derive_set_peer(ctx, peer);
EVP_PKEY_free(peer);
if (ret <= 0)
ERR_print_errors(bio_err);
return ret;
}
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
const unsigned char *in, size_t inlen)
{
int rv = 0;
switch (pkey_op) {
case EVP_PKEY_OP_VERIFYRECOVER:
rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_SIGN:
rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive(ctx, out, poutlen);
break;
}
return rv;
}

133
trunk/3rdparty/openssl-1.1-fit/apps/prime.c vendored Normal file
View file

@ -0,0 +1,133 @@
/*
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bn.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS
} OPTION_CHOICE;
const OPTIONS prime_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"},
{OPT_HELP_STR, 1, '-',
" number Number to check for primality\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"hex", OPT_HEX, '-', "Hex output"},
{"generate", OPT_GENERATE, '-', "Generate a prime"},
{"bits", OPT_BITS, 'p', "Size of number in bits"},
{"safe", OPT_SAFE, '-',
"When used with -generate, generate a safe prime"},
{"checks", OPT_CHECKS, 'p', "Number of checks"},
{NULL}
};
int prime_main(int argc, char **argv)
{
BIGNUM *bn = NULL;
int hex = 0, checks = 20, generate = 0, bits = 0, safe = 0, ret = 1;
char *prog;
OPTION_CHOICE o;
prog = opt_init(argc, argv, prime_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(prime_options);
ret = 0;
goto end;
case OPT_HEX:
hex = 1;
break;
case OPT_GENERATE:
generate = 1;
break;
case OPT_BITS:
bits = atoi(opt_arg());
break;
case OPT_SAFE:
safe = 1;
break;
case OPT_CHECKS:
checks = atoi(opt_arg());
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (generate) {
if (argc != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
} else if (argc == 0) {
BIO_printf(bio_err, "%s: No prime specified\n", prog);
goto opthelp;
}
if (generate) {
char *s;
if (!bits) {
BIO_printf(bio_err, "Specify the number of bits.\n");
goto end;
}
bn = BN_new();
if (bn == NULL) {
BIO_printf(bio_err, "Out of memory.\n");
goto end;
}
if (!BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL)) {
BIO_printf(bio_err, "Failed to generate prime.\n");
goto end;
}
s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
if (s == NULL) {
BIO_printf(bio_err, "Out of memory.\n");
goto end;
}
BIO_printf(bio_out, "%s\n", s);
OPENSSL_free(s);
} else {
for ( ; *argv; argv++) {
int r;
if (hex)
r = BN_hex2bn(&bn, argv[0]);
else
r = BN_dec2bn(&bn, argv[0]);
if (!r) {
BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);
goto end;
}
BN_print(bio_out, bn);
BIO_printf(bio_out, " (%s) %s prime\n",
argv[0],
BN_is_prime_ex(bn, checks, NULL, NULL)
? "is" : "is not");
}
}
ret = 0;
end:
BN_free(bn);
return ret;
}

16
trunk/3rdparty/openssl-1.1-fit/apps/privkey.pem vendored Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMo7DFNMqywUA1O/
qvWqCOm6rGrUAcR+dKsSXw6y2qiKO7APDDyotc0b4Mxwqjga98npex2RBIwUoCGJ
iEmMXo/a8RbXVUZ+ZwcAX7PC+XeXVC5qoajaBBkd2MvYmib/2PqnNrgvhHsUL5dO
xhC7cRqxLM/g45k3Yyw+nGa+WkTdAgMBAAECgYBMBT5w4dVG0I8foGFnz+9hzWab
Ee9IKjE5TcKmB93ilXQyjrWO5+zPmbc7ou6aAKk9IaPCTY1kCyzW7pho7Xdt+RFq
TgVXGZZfqtixO7f2/5oqZAkd00eOn9ZrhBpVMu4yXbbDvhDyFe4/oy0HGDjRUhxa
Lf6ZlBuTherxm4eFkQJBAPBQwRs9UtqaMAQlagA9pV5UsQjV1WT4IxDURMPfXgCd
ETNkB6pP0SmxQm5xhv9N2HY1UtoWpug9s0OU5IJB15sCQQDXbfbjiujNbuOxCFNw
68JZaCFVdNovyOWORkpenQLNEjVkmTCS9OayK09ADEYtsdpUGKeF+2EYBNkFr5px
CajnAkBMYI4PNz1HBuwt1SpMa0tMoMQnV7bbwVV7usskKbC5pzHZUHhzM6z5gEHp
0iEisT4Ty7zKXZqsgzefSgoaMAzzAkEAoCIaUhtwXzwdPfvNYnOs3J6doJMimECB
+lbfcyLM8TimvadtRt+KGEg/OYGmLNM2UiqdY+duzdbUpvhYGcwvYwJAQvaoi9z2
CkiwSs/PFrLaNlfLJmXRsUBzmiWYoh6+IQJJorEXz7ewI72ee9RBO4s746cgUFwH
Ri+qO+HhZFUBqQ==
-----END PRIVATE KEY-----

181
trunk/3rdparty/openssl-1.1-fit/apps/progs.pl vendored Normal file
View file

@ -0,0 +1,181 @@
#! /usr/bin/env perl
# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Generate progs.h file by looking for command mains in list of C files
# passed on the command line.
use strict;
use warnings;
use lib '.';
use configdata qw/@disablables %unified_info/;
my %commands = ();
my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
my $apps_openssl = shift @ARGV;
my $YEAR = [localtime()]->[5] + 1900;
# because the program apps/openssl has object files as sources, and
# they then have the corresponding C files as source, we need to chain
# the lookups in %unified_info
my @openssl_source =
map { @{$unified_info{sources}->{$_}} }
grep { /\.o$/ }
@{$unified_info{sources}->{$apps_openssl}};
foreach my $filename (@openssl_source) {
open F, $filename or die "Couldn't open $filename: $!\n";
foreach ( grep /$cmdre/, <F> ) {
my @foo = /$cmdre/;
$commands{$1} = 1;
}
close F;
}
@ARGV = sort keys %commands;
print <<"EOF";
/*
* WARNING: do not edit!
* Generated by apps/progs.pl
*
* Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
typedef enum FUNC_TYPE {
FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
FT_md_alg, FT_cipher_alg
} FUNC_TYPE;
typedef struct function_st {
FUNC_TYPE type;
const char *name;
int (*func)(int argc, char *argv[]);
const OPTIONS *help;
} FUNCTION;
DEFINE_LHASH_OF(FUNCTION);
EOF
foreach (@ARGV) {
printf "extern int %s_main(int argc, char *argv[]);\n", $_;
}
print "\n";
foreach (@ARGV) {
printf "extern const OPTIONS %s_options[];\n", $_;
}
print "\n";
my %cmd_disabler = (
ciphers => "sock",
genrsa => "rsa",
rsautl => "rsa",
gendsa => "dsa",
dsaparam => "dsa",
gendh => "dh",
dhparam => "dh",
ecparam => "ec",
pkcs12 => "des",
);
print "#ifdef INCLUDE_FUNCTION_TABLE\n";
print "static FUNCTION functions[] = {\n";
foreach my $cmd ( @ARGV ) {
my $str = " {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options},\n";
if ($cmd =~ /^s_/) {
print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n";
} elsif (grep { $cmd eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
} elsif (my $disabler = $cmd_disabler{$cmd}) {
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
} else {
print $str;
}
}
my %md_disabler = (
blake2b512 => "blake2",
blake2s256 => "blake2",
);
foreach my $cmd (
"md2", "md4", "md5",
"gost",
"sha1", "sha224", "sha256", "sha384",
"sha512", "sha512-224", "sha512-256",
"sha3-224", "sha3-256", "sha3-384", "sha3-512",
"shake128", "shake256",
"mdc2", "rmd160", "blake2b512", "blake2s256",
"sm3"
) {
my $str = " {FT_md, \"$cmd\", dgst_main},\n";
if (grep { $cmd eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
} elsif (my $disabler = $md_disabler{$cmd}) {
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
} else {
print $str;
}
}
my %cipher_disabler = (
des3 => "des",
desx => "des",
cast5 => "cast",
);
foreach my $cmd (
"aes-128-cbc", "aes-128-ecb",
"aes-192-cbc", "aes-192-ecb",
"aes-256-cbc", "aes-256-ecb",
"aria-128-cbc", "aria-128-cfb",
"aria-128-ctr", "aria-128-ecb", "aria-128-ofb",
"aria-128-cfb1", "aria-128-cfb8",
"aria-192-cbc", "aria-192-cfb",
"aria-192-ctr", "aria-192-ecb", "aria-192-ofb",
"aria-192-cfb1", "aria-192-cfb8",
"aria-256-cbc", "aria-256-cfb",
"aria-256-ctr", "aria-256-ecb", "aria-256-ofb",
"aria-256-cfb1", "aria-256-cfb8",
"camellia-128-cbc", "camellia-128-ecb",
"camellia-192-cbc", "camellia-192-ecb",
"camellia-256-cbc", "camellia-256-ecb",
"base64", "zlib",
"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
"rc2", "bf", "cast", "rc5",
"des-ecb", "des-ede", "des-ede3",
"des-cbc", "des-ede-cbc","des-ede3-cbc",
"des-cfb", "des-ede-cfb","des-ede3-cfb",
"des-ofb", "des-ede-ofb","des-ede3-ofb",
"idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
"seed-cbc","seed-ecb", "seed-cfb", "seed-ofb",
"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb",
"sm4-cbc", "sm4-ecb", "sm4-cfb", "sm4-ofb", "sm4-ctr"
) {
my $str = " {FT_cipher, \"$cmd\", enc_main, enc_options},\n";
(my $algo = $cmd) =~ s/-.*//g;
if ($cmd eq "zlib") {
print "#ifdef ZLIB\n${str}#endif\n";
} elsif (grep { $algo eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_" . uc($algo) . "\n${str}#endif\n";
} elsif (my $disabler = $cipher_disabler{$algo}) {
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
} else {
print $str;
}
}
print " {0, NULL, NULL}\n};\n";
print "#endif\n";

133
trunk/3rdparty/openssl-1.1-fit/apps/rand.c vendored Normal file
View file

@ -0,0 +1,133 @@
/*
* Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "apps.h"
#include "progs.h"
#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS rand_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [flags] num\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output file"},
OPT_R_OPTIONS,
{"base64", OPT_BASE64, '-', "Base64 encode output"},
{"hex", OPT_HEX, '-', "Hex encode output"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int rand_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL;
char *outfile = NULL, *prog;
OPTION_CHOICE o;
int format = FORMAT_BINARY, i, num = -1, r, ret = 1;
prog = opt_init(argc, argv, rand_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(rand_options);
ret = 0;
goto end;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_BASE64:
format = FORMAT_BASE64;
break;
case OPT_HEX:
format = FORMAT_TEXT;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (argc == 1) {
if (!opt_int(argv[0], &num) || num <= 0)
goto end;
} else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
out = bio_open_default(outfile, 'w', format);
if (out == NULL)
goto end;
if (format == FORMAT_BASE64) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL)
goto end;
out = BIO_push(b64, out);
}
while (num > 0) {
unsigned char buf[4096];
int chunk;
chunk = num;
if (chunk > (int)sizeof(buf))
chunk = sizeof(buf);
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto end;
if (format != FORMAT_TEXT) {
if (BIO_write(out, buf, chunk) != chunk)
goto end;
} else {
for (i = 0; i < chunk; i++)
if (BIO_printf(out, "%02x", buf[i]) != 2)
goto end;
}
num -= chunk;
}
if (format == FORMAT_TEXT)
BIO_puts(out, "\n");
if (BIO_flush(out) <= 0)
goto end;
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
release_engine(e);
BIO_free_all(out);
return ret;
}

532
trunk/3rdparty/openssl-1.1-fit/apps/rehash.c vendored Normal file
View file

@ -0,0 +1,532 @@
/*
* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "apps.h"
#include "progs.h"
#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \
(defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000)
# include <unistd.h>
# include <stdio.h>
# include <limits.h>
# include <errno.h>
# include <string.h>
# include <ctype.h>
# include <sys/stat.h>
/*
* Make sure that the processing of symbol names is treated the same as when
* libcrypto is built. This is done automatically for public headers (see
* include/openssl/__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H),
* but not for internal headers.
*/
# ifdef __VMS
# pragma names save
# pragma names as_is,shortened
# endif
# include "internal/o_dir.h"
# ifdef __VMS
# pragma names restore
# endif
# include <openssl/evp.h>
# include <openssl/pem.h>
# include <openssl/x509.h>
# ifndef PATH_MAX
# define PATH_MAX 4096
# endif
# ifndef NAME_MAX
# define NAME_MAX 255
# endif
# define MAX_COLLISIONS 256
# if defined(OPENSSL_SYS_VXWORKS)
/*
* VxWorks has no symbolic links
*/
# define lstat(path, buf) stat(path, buf)
int symlink(const char *target, const char *linkpath)
{
errno = ENOSYS;
return -1;
}
ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
{
errno = ENOSYS;
return -1;
}
# endif
typedef struct hentry_st {
struct hentry_st *next;
char *filename;
unsigned short old_id;
unsigned char need_symlink;
unsigned char digest[EVP_MAX_MD_SIZE];
} HENTRY;
typedef struct bucket_st {
struct bucket_st *next;
HENTRY *first_entry, *last_entry;
unsigned int hash;
unsigned short type;
unsigned short num_needed;
} BUCKET;
enum Type {
/* Keep in sync with |suffixes|, below. */
TYPE_CERT=0, TYPE_CRL=1
};
enum Hash {
HASH_OLD, HASH_NEW, HASH_BOTH
};
static int evpmdsize;
static const EVP_MD *evpmd;
static int remove_links = 1;
static int verbose = 0;
static BUCKET *hash_table[257];
static const char *suffixes[] = { "", "r" };
static const char *extensions[] = { "pem", "crt", "cer", "crl" };
static void bit_set(unsigned char *set, unsigned int bit)
{
set[bit >> 3] |= 1 << (bit & 0x7);
}
static int bit_isset(unsigned char *set, unsigned int bit)
{
return set[bit >> 3] & (1 << (bit & 0x7));
}
/*
* Process an entry; return number of errors.
*/
static int add_entry(enum Type type, unsigned int hash, const char *filename,
const unsigned char *digest, int need_symlink,
unsigned short old_id)
{
static BUCKET nilbucket;
static HENTRY nilhentry;
BUCKET *bp;
HENTRY *ep, *found = NULL;
unsigned int ndx = (type + hash) % OSSL_NELEM(hash_table);
for (bp = hash_table[ndx]; bp; bp = bp->next)
if (bp->type == type && bp->hash == hash)
break;
if (bp == NULL) {
bp = app_malloc(sizeof(*bp), "hash bucket");
*bp = nilbucket;
bp->next = hash_table[ndx];
bp->type = type;
bp->hash = hash;
hash_table[ndx] = bp;
}
for (ep = bp->first_entry; ep; ep = ep->next) {
if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
BIO_printf(bio_err,
"%s: warning: skipping duplicate %s in %s\n",
opt_getprog(),
type == TYPE_CERT ? "certificate" : "CRL", filename);
return 0;
}
if (strcmp(filename, ep->filename) == 0) {
found = ep;
if (digest == NULL)
break;
}
}
ep = found;
if (ep == NULL) {
if (bp->num_needed >= MAX_COLLISIONS) {
BIO_printf(bio_err,
"%s: error: hash table overflow for %s\n",
opt_getprog(), filename);
return 1;
}
ep = app_malloc(sizeof(*ep), "collision bucket");
*ep = nilhentry;
ep->old_id = ~0;
ep->filename = OPENSSL_strdup(filename);
if (bp->last_entry)
bp->last_entry->next = ep;
if (bp->first_entry == NULL)
bp->first_entry = ep;
bp->last_entry = ep;
}
if (old_id < ep->old_id)
ep->old_id = old_id;
if (need_symlink && !ep->need_symlink) {
ep->need_symlink = 1;
bp->num_needed++;
memcpy(ep->digest, digest, evpmdsize);
}
return 0;
}
/*
* Check if a symlink goes to the right spot; return 0 if okay.
* This can be -1 if bad filename, or an error count.
*/
static int handle_symlink(const char *filename, const char *fullpath)
{
unsigned int hash = 0;
int i, type, id;
unsigned char ch;
char linktarget[PATH_MAX], *endptr;
ossl_ssize_t n;
for (i = 0; i < 8; i++) {
ch = filename[i];
if (!isxdigit(ch))
return -1;
hash <<= 4;
hash += OPENSSL_hexchar2int(ch);
}
if (filename[i++] != '.')
return -1;
for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
const char *suffix = suffixes[type];
if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
break;
}
i += strlen(suffixes[type]);
id = strtoul(&filename[i], &endptr, 10);
if (*endptr != '\0')
return -1;
n = readlink(fullpath, linktarget, sizeof(linktarget));
if (n < 0 || n >= (int)sizeof(linktarget))
return -1;
linktarget[n] = 0;
return add_entry(type, hash, linktarget, NULL, 0, id);
}
/*
* process a file, return number of errors.
*/
static int do_file(const char *filename, const char *fullpath, enum Hash h)
{
STACK_OF (X509_INFO) *inf = NULL;
X509_INFO *x;
X509_NAME *name = NULL;
BIO *b;
const char *ext;
unsigned char digest[EVP_MAX_MD_SIZE];
int type, errs = 0;
size_t i;
/* Does it end with a recognized extension? */
if ((ext = strrchr(filename, '.')) == NULL)
goto end;
for (i = 0; i < OSSL_NELEM(extensions); i++) {
if (strcasecmp(extensions[i], ext + 1) == 0)
break;
}
if (i >= OSSL_NELEM(extensions))
goto end;
/* Does it have X.509 data in it? */
if ((b = BIO_new_file(fullpath, "r")) == NULL) {
BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n",
opt_getprog(), filename);
errs++;
goto end;
}
inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL);
BIO_free(b);
if (inf == NULL)
goto end;
if (sk_X509_INFO_num(inf) != 1) {
BIO_printf(bio_err,
"%s: warning: skipping %s,"
"it does not contain exactly one certificate or CRL\n",
opt_getprog(), filename);
/* This is not an error. */
goto end;
}
x = sk_X509_INFO_value(inf, 0);
if (x->x509 != NULL) {
type = TYPE_CERT;
name = X509_get_subject_name(x->x509);
X509_digest(x->x509, evpmd, digest, NULL);
} else if (x->crl != NULL) {
type = TYPE_CRL;
name = X509_CRL_get_issuer(x->crl);
X509_CRL_digest(x->crl, evpmd, digest, NULL);
} else {
++errs;
goto end;
}
if (name != NULL) {
if ((h == HASH_NEW) || (h == HASH_BOTH))
errs += add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0);
if ((h == HASH_OLD) || (h == HASH_BOTH))
errs += add_entry(type, X509_NAME_hash_old(name), filename, digest, 1, ~0);
}
end:
sk_X509_INFO_pop_free(inf, X509_INFO_free);
return errs;
}
static void str_free(char *s)
{
OPENSSL_free(s);
}
static int ends_with_dirsep(const char *path)
{
if (*path != '\0')
path += strlen(path) - 1;
# if defined __VMS
if (*path == ']' || *path == '>' || *path == ':')
return 1;
# elif defined _WIN32
if (*path == '\\')
return 1;
# endif
return *path == '/';
}
/*
* Process a directory; return number of errors found.
*/
static int do_dir(const char *dirname, enum Hash h)
{
BUCKET *bp, *nextbp;
HENTRY *ep, *nextep;
OPENSSL_DIR_CTX *d = NULL;
struct stat st;
unsigned char idmask[MAX_COLLISIONS / 8];
int n, numfiles, nextid, buflen, errs = 0;
size_t i;
const char *pathsep;
const char *filename;
char *buf, *copy = NULL;
STACK_OF(OPENSSL_STRING) *files = NULL;
if (app_access(dirname, W_OK) < 0) {
BIO_printf(bio_err, "Skipping %s, can't write\n", dirname);
return 1;
}
buflen = strlen(dirname);
pathsep = (buflen && !ends_with_dirsep(dirname)) ? "/": "";
buflen += NAME_MAX + 1 + 1;
buf = app_malloc(buflen, "filename buffer");
if (verbose)
BIO_printf(bio_out, "Doing %s\n", dirname);
if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
errs = 1;
goto err;
}
while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
if ((copy = OPENSSL_strdup(filename)) == NULL
|| sk_OPENSSL_STRING_push(files, copy) == 0) {
OPENSSL_free(copy);
BIO_puts(bio_err, "out of memory\n");
errs = 1;
goto err;
}
}
OPENSSL_DIR_end(&d);
sk_OPENSSL_STRING_sort(files);
numfiles = sk_OPENSSL_STRING_num(files);
for (n = 0; n < numfiles; ++n) {
filename = sk_OPENSSL_STRING_value(files, n);
if (BIO_snprintf(buf, buflen, "%s%s%s",
dirname, pathsep, filename) >= buflen)
continue;
if (lstat(buf, &st) < 0)
continue;
if (S_ISLNK(st.st_mode) && handle_symlink(filename, buf) == 0)
continue;
errs += do_file(filename, buf, h);
}
for (i = 0; i < OSSL_NELEM(hash_table); i++) {
for (bp = hash_table[i]; bp; bp = nextbp) {
nextbp = bp->next;
nextid = 0;
memset(idmask, 0, (bp->num_needed + 7) / 8);
for (ep = bp->first_entry; ep; ep = ep->next)
if (ep->old_id < bp->num_needed)
bit_set(idmask, ep->old_id);
for (ep = bp->first_entry; ep; ep = nextep) {
nextep = ep->next;
if (ep->old_id < bp->num_needed) {
/* Link exists, and is used as-is */
BIO_snprintf(buf, buflen, "%08x.%s%d", bp->hash,
suffixes[bp->type], ep->old_id);
if (verbose)
BIO_printf(bio_out, "link %s -> %s\n",
ep->filename, buf);
} else if (ep->need_symlink) {
/* New link needed (it may replace something) */
while (bit_isset(idmask, nextid))
nextid++;
BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
dirname, pathsep, &n, bp->hash,
suffixes[bp->type], nextid);
if (verbose)
BIO_printf(bio_out, "link %s -> %s\n",
ep->filename, &buf[n]);
if (unlink(buf) < 0 && errno != ENOENT) {
BIO_printf(bio_err,
"%s: Can't unlink %s, %s\n",
opt_getprog(), buf, strerror(errno));
errs++;
}
if (symlink(ep->filename, buf) < 0) {
BIO_printf(bio_err,
"%s: Can't symlink %s, %s\n",
opt_getprog(), ep->filename,
strerror(errno));
errs++;
}
bit_set(idmask, nextid);
} else if (remove_links) {
/* Link to be deleted */
BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
dirname, pathsep, &n, bp->hash,
suffixes[bp->type], ep->old_id);
if (verbose)
BIO_printf(bio_out, "unlink %s\n",
&buf[n]);
if (unlink(buf) < 0 && errno != ENOENT) {
BIO_printf(bio_err,
"%s: Can't unlink %s, %s\n",
opt_getprog(), buf, strerror(errno));
errs++;
}
}
OPENSSL_free(ep->filename);
OPENSSL_free(ep);
}
OPENSSL_free(bp);
}
hash_table[i] = NULL;
}
err:
sk_OPENSSL_STRING_pop_free(files, str_free);
OPENSSL_free(buf);
return errs;
}
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE
} OPTION_CHOICE;
const OPTIONS rehash_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert-directory...]\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"h", OPT_HELP, '-', "Display this summary"},
{"compat", OPT_COMPAT, '-', "Create both new- and old-style hash links"},
{"old", OPT_OLD, '-', "Use old-style hash to generate links"},
{"n", OPT_N, '-', "Do not remove existing links"},
{"v", OPT_VERBOSE, '-', "Verbose output"},
{NULL}
};
int rehash_main(int argc, char **argv)
{
const char *env, *prog;
char *e, *m;
int errs = 0;
OPTION_CHOICE o;
enum Hash h = HASH_NEW;
prog = opt_init(argc, argv, rehash_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(rehash_options);
goto end;
case OPT_COMPAT:
h = HASH_BOTH;
break;
case OPT_OLD:
h = HASH_OLD;
break;
case OPT_N:
remove_links = 0;
break;
case OPT_VERBOSE:
verbose = 1;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
evpmd = EVP_sha1();
evpmdsize = EVP_MD_size(evpmd);
if (*argv != NULL) {
while (*argv != NULL)
errs += do_dir(*argv++, h);
} else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
m = OPENSSL_strdup(env);
for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
errs += do_dir(e, h);
OPENSSL_free(m);
} else {
errs += do_dir(X509_get_default_cert_dir(), h);
}
end:
return errs;
}
#else
const OPTIONS rehash_options[] = {
{NULL}
};
int rehash_main(int argc, char **argv)
{
BIO_printf(bio_err, "Not available; use c_rehash script\n");
return 1;
}
#endif /* defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) */

1664
trunk/3rdparty/openssl-1.1-fit/apps/req.c vendored Normal file
View file

File diff suppressed because it is too large Load diff

11
trunk/3rdparty/openssl-1.1-fit/apps/req.pem vendored Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
-----END CERTIFICATE REQUEST-----

316
trunk/3rdparty/openssl-1.1-fit/apps/rsa.c vendored Normal file
View file

@ -0,0 +1,316 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include <time.h>
# include "apps.h"
# include "progs.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/rsa.h>
# include <openssl/evp.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# include <openssl/bn.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN,
OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
/* Do not change the order here; see case statements below */
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
} OPTION_CHOICE;
const OPTIONS rsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},
{"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
{"in", OPT_IN, 's', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
{"pubout", OPT_PUBOUT, '-', "Output a public key"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
{"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
{"check", OPT_CHECK, '-', "Verify key consistency"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};
int rsa_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL;
RSA *rsa = NULL;
const EVP_CIPHER *enc = NULL;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
int i, private = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
int pvk_encr = 2;
# endif
OPTION_CHOICE o;
prog = opt_init(argc, argv, rsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(rsa_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PUBIN:
pubin = 1;
break;
case OPT_PUBOUT:
pubout = 1;
break;
case OPT_RSAPUBKEY_IN:
pubin = 2;
break;
case OPT_RSAPUBKEY_OUT:
pubout = 2;
break;
case OPT_PVK_STRONG: /* pvk_encr:= 2 */
case OPT_PVK_WEAK: /* pvk_encr:= 1 */
case OPT_PVK_NONE: /* pvk_encr:= 0 */
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
pvk_encr = (o - OPT_PVK_NONE);
# endif
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_MODULUS:
modulus = 1;
break;
case OPT_CHECK:
check = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto opthelp;
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = (text && !pubin) || (!pubout && !noout) ? 1 : 0;
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (check && pubin) {
BIO_printf(bio_err, "Only private keys can be checked\n");
goto end;
}
{
EVP_PKEY *pkey;
if (pubin) {
int tmpformat = -1;
if (pubin == 2) {
if (informat == FORMAT_PEM)
tmpformat = FORMAT_PEMRSA;
else if (informat == FORMAT_ASN1)
tmpformat = FORMAT_ASN1RSA;
} else {
tmpformat = informat;
}
pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
} else {
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
}
if (pkey != NULL)
rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
}
if (rsa == NULL) {
ERR_print_errors(bio_err);
goto end;
}
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
if (text) {
assert(pubin || private);
if (!RSA_print(out, rsa, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
}
if (modulus) {
const BIGNUM *n;
RSA_get0_key(rsa, &n, NULL, NULL);
BIO_printf(out, "Modulus=");
BN_print(out, n);
BIO_printf(out, "\n");
}
if (check) {
int r = RSA_check_key_ex(rsa, NULL);
if (r == 1) {
BIO_printf(out, "RSA key ok\n");
} else if (r == 0) {
unsigned long err;
while ((err = ERR_peek_error()) != 0 &&
ERR_GET_LIB(err) == ERR_LIB_RSA &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY_EX &&
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
BIO_printf(out, "RSA key error: %s\n",
ERR_reason_error_string(err));
ERR_get_error(); /* remove err from error stack */
}
} else if (r == -1) {
ERR_print_errors(bio_err);
goto end;
}
}
if (noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing RSA key\n");
if (outformat == FORMAT_ASN1) {
if (pubout || pubin) {
if (pubout == 2)
i = i2d_RSAPublicKey_bio(out, rsa);
else
i = i2d_RSA_PUBKEY_bio(out, rsa);
} else {
assert(private);
i = i2d_RSAPrivateKey_bio(out, rsa);
}
} else if (outformat == FORMAT_PEM) {
if (pubout || pubin) {
if (pubout == 2)
i = PEM_write_bio_RSAPublicKey(out, rsa);
else
i = PEM_write_bio_RSA_PUBKEY(out, rsa);
} else {
assert(private);
i = PEM_write_bio_RSAPrivateKey(out, rsa,
enc, NULL, 0, NULL, passout);
}
# ifndef OPENSSL_NO_DSA
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
if (pk == NULL)
goto end;
EVP_PKEY_set1_RSA(pk, rsa);
if (outformat == FORMAT_PVK) {
if (pubin) {
BIO_printf(bio_err, "PVK form impossible with public key input\n");
EVP_PKEY_free(pk);
goto end;
}
assert(private);
# ifdef OPENSSL_NO_RC4
BIO_printf(bio_err, "PVK format not supported\n");
EVP_PKEY_free(pk);
goto end;
# else
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
# endif
} else if (pubin || pubout) {
i = i2b_PublicKey_bio(out, pk);
} else {
assert(private);
i = i2b_PrivateKey_bio(out, pk);
}
EVP_PKEY_free(pk);
# endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (i <= 0) {
BIO_printf(bio_err, "unable to write key\n");
ERR_print_errors(bio_err);
} else {
ret = 0;
}
end:
release_engine(e);
BIO_free_all(out);
RSA_free(rsa);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;
}
#endif

101
trunk/3rdparty/openssl-1.1-fit/apps/rsa8192.pem vendored Normal file
View file

@ -0,0 +1,101 @@
-----BEGIN RSA PRIVATE KEY-----
MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
-----END RSA PRIVATE KEY-----

282
trunk/3rdparty/openssl-1.1-fit/apps/rsautl.c vendored Normal file
View file

@ -0,0 +1,282 @@
/*
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT
#else
# include "apps.h"
# include "progs.h"
# include <string.h>
# include <openssl/err.h>
# include <openssl/pem.h>
# include <openssl/rsa.h>
# define RSA_SIGN 1
# define RSA_VERIFY 2
# define RSA_ENCRYPT 3
# define RSA_DECRYPT 4
# define KEY_PRIVKEY 1
# define KEY_PUBKEY 2
# define KEY_CERT 3
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
OPT_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931,
OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS rsautl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"inkey", OPT_INKEY, 's', "Input key"},
{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
{"pubin", OPT_PUBIN, '-', "Input is an RSA public"},
{"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"},
{"ssl", OPT_SSL, '-', "Use SSL v2 padding"},
{"raw", OPT_RAW, '-', "Use no padding"},
{"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"},
{"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"},
{"sign", OPT_SIGN, '-', "Sign with private key"},
{"verify", OPT_VERIFY, '-', "Verify with public key"},
{"asn1parse", OPT_ASN1PARSE, '-',
"Run output through asn1parse; useful with -verify"},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
{"x931", OPT_X931, '-', "Use ANSI X9.31 padding"},
{"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
{"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
OPT_R_OPTIONS,
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};
int rsautl_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
RSA *rsa = NULL;
X509 *x;
char *infile = NULL, *outfile = NULL, *keyfile = NULL;
char *passinarg = NULL, *passin = NULL, *prog;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
int rsa_inlen, keyformat = FORMAT_PEM, keysize, ret = 1;
int rsa_outlen = 0, hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
OPTION_CHOICE o;
prog = opt_init(argc, argv, rsautl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(rsautl_options);
ret = 0;
goto end;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_ASN1PARSE:
asn1parse = 1;
break;
case OPT_HEXDUMP:
hexdump = 1;
break;
case OPT_RAW:
pad = RSA_NO_PADDING;
break;
case OPT_OAEP:
pad = RSA_PKCS1_OAEP_PADDING;
break;
case OPT_SSL:
pad = RSA_SSLV23_PADDING;
break;
case OPT_PKCS:
pad = RSA_PKCS1_PADDING;
break;
case OPT_X931:
pad = RSA_X931_PADDING;
break;
case OPT_SIGN:
rsa_mode = RSA_SIGN;
need_priv = 1;
break;
case OPT_VERIFY:
rsa_mode = RSA_VERIFY;
break;
case OPT_REV:
rev = 1;
break;
case OPT_ENCRYPT:
rsa_mode = RSA_ENCRYPT;
break;
case OPT_DECRYPT:
rsa_mode = RSA_DECRYPT;
need_priv = 1;
break;
case OPT_PUBIN:
key_type = KEY_PUBKEY;
break;
case OPT_CERTIN:
key_type = KEY_CERT;
break;
case OPT_INKEY:
keyfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
if (need_priv && (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key");
break;
case KEY_CERT:
x = load_cert(keyfile, keyformat, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
}
break;
}
if (pkey == NULL)
return 1;
rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
if (rsa == NULL) {
BIO_printf(bio_err, "Error getting RSA key\n");
ERR_print_errors(bio_err);
goto end;
}
in = bio_open_default(infile, 'r', FORMAT_BINARY);
if (in == NULL)
goto end;
out = bio_open_default(outfile, 'w', FORMAT_BINARY);
if (out == NULL)
goto end;
keysize = RSA_size(rsa);
rsa_in = app_malloc(keysize * 2, "hold rsa key");
rsa_out = app_malloc(keysize, "output rsa key");
/* Read the input data */
rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
if (rsa_inlen < 0) {
BIO_printf(bio_err, "Error reading input Data\n");
goto end;
}
if (rev) {
int i;
unsigned char ctmp;
for (i = 0; i < rsa_inlen / 2; i++) {
ctmp = rsa_in[i];
rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
rsa_in[rsa_inlen - 1 - i] = ctmp;
}
}
switch (rsa_mode) {
case RSA_VERIFY:
rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_SIGN:
rsa_outlen =
RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_ENCRYPT:
rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_DECRYPT:
rsa_outlen =
RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
}
if (rsa_outlen < 0) {
BIO_printf(bio_err, "RSA operation error\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
if (asn1parse) {
if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
ERR_print_errors(bio_err);
}
} else if (hexdump) {
BIO_dump(out, (char *)rsa_out, rsa_outlen);
} else {
BIO_write(out, rsa_out, rsa_outlen);
}
end:
RSA_free(rsa);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
OPENSSL_free(rsa_in);
OPENSSL_free(rsa_out);
OPENSSL_free(passin);
return ret;
}
#endif

15
trunk/3rdparty/openssl-1.1-fit/apps/s1024key.pem vendored Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
-----END RSA PRIVATE KEY-----

11
trunk/3rdparty/openssl-1.1-fit/apps/s1024req.pem vendored Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
-----END CERTIFICATE REQUEST-----

9
trunk/3rdparty/openssl-1.1-fit/apps/s512-key.pem vendored Normal file
View file

@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
-----END RSA PRIVATE KEY-----

8
trunk/3rdparty/openssl-1.1-fit/apps/s512-req.pem vendored Normal file
View file

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
-----END CERTIFICATE REQUEST-----

89
trunk/3rdparty/openssl-1.1-fit/apps/s_apps.h vendored Normal file
View file

@ -0,0 +1,89 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
# include <conio.h>
#endif
#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
# define _kbhit kbhit
#endif
#define PORT "4433"
#define PROTOCOL "tcp"
typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
int do_server(int *accept_sock, const char *host, const char *port,
int family, int type, int protocol, do_server_cb cb,
unsigned char *context, int naccept, BIO *bio_s_out);
#ifdef HEADER_X509_H
int verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
#ifdef HEADER_SSL_H
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
STACK_OF(X509) *chain, int build_chain);
int ssl_print_sigalgs(BIO *out, SSL *s);
int ssl_print_point_formats(BIO *out, SSL *s);
int ssl_print_groups(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
int init_client(int *sock, const char *host, const char *port,
const char *bindhost, const char *bindport,
int family, int type, int protocol);
int should_retry(int i);
long bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
#ifdef HEADER_SSL_H
void apps_ssl_info_callback(const SSL *s, int where, int ret);
void msg_cb(int write_p, int version, int content_type, const void *buf,
size_t len, SSL *ssl, void *arg);
void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data,
int len, void *arg);
#endif
int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len);
int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len);
#ifdef __VMS /* 31 char symbol name limit */
# define generate_stateless_cookie_callback generate_stateless_cookie_cb
# define verify_stateless_cookie_callback verify_stateless_cookie_cb
#endif
int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
size_t *cookie_len);
int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
size_t cookie_len);
typedef struct ssl_excert_st SSL_EXCERT;
void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
void ssl_excert_free(SSL_EXCERT *exc);
int args_excert(int option, SSL_EXCERT **pexc);
int load_excert(SSL_EXCERT **pexc);
void print_verify_detail(SSL *s, BIO *bio);
void print_ssl_summary(SSL *s);
#ifdef HEADER_SSL_H
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
int crl_download);
int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
const char *vfyCAfile, const char *chCApath,
const char *chCAfile, STACK_OF(X509_CRL) *crls,
int crl_download);
void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
int set_keylog_file(SSL_CTX *ctx, const char *keylog_file);
void print_ca_names(BIO *bio, SSL *s);
#endif

1481
trunk/3rdparty/openssl-1.1-fit/apps/s_cb.c vendored Normal file
View file

File diff suppressed because it is too large Load diff

3544
trunk/3rdparty/openssl-1.1-fit/apps/s_client.c vendored Normal file
View file

File diff suppressed because it is too large Load diff

3632
trunk/3rdparty/openssl-1.1-fit/apps/s_server.c vendored Normal file
View file

File diff suppressed because it is too large Load diff

395
trunk/3rdparty/openssl-1.1-fit/apps/s_socket.c vendored Normal file
View file

@ -0,0 +1,395 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* socket-related functions used by s_client and s_server */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <signal.h>
#include <openssl/opensslconf.h>
/*
* With IPv6, it looks like Digital has mixed up the proper order of
* recursive header file inclusion, resulting in the compiler complaining
* that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
* needed to have fileno() declared correctly... So let's define u_int
*/
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
# define __U_INT
typedef unsigned int u_int;
#endif
#ifndef OPENSSL_NO_SOCK
# include "apps.h"
# include "s_apps.h"
# include "internal/sockets.h"
# include <openssl/bio.h>
# include <openssl/err.h>
/* Keep track of our peer's address for the cookie callback */
BIO_ADDR *ourpeer = NULL;
/*
* init_client - helper routine to set up socket communication
* @sock: pointer to storage of resulting socket.
* @host: the host name or path (for AF_UNIX) to connect to.
* @port: the port to connect to (ignored for AF_UNIX).
* @bindhost: source host or path (for AF_UNIX).
* @bindport: source port (ignored for AF_UNIX).
* @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
* AF_UNSPEC
* @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
* @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
*
* This will create a socket and use it to connect to a host:port, or if
* family == AF_UNIX, to the path found in host.
*
* If the host has more than one address, it will try them one by one until
* a successful connection is established. The resulting socket will be
* found in *sock on success, it will be given INVALID_SOCKET otherwise.
*
* Returns 1 on success, 0 on failure.
*/
int init_client(int *sock, const char *host, const char *port,
const char *bindhost, const char *bindport,
int family, int type, int protocol)
{
BIO_ADDRINFO *res = NULL;
BIO_ADDRINFO *bindaddr = NULL;
const BIO_ADDRINFO *ai = NULL;
const BIO_ADDRINFO *bi = NULL;
int found = 0;
int ret;
if (BIO_sock_init() != 1)
return 0;
ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
&res);
if (ret == 0) {
ERR_print_errors(bio_err);
return 0;
}
if (bindhost != NULL || bindport != NULL) {
ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
family, type, protocol, &bindaddr);
if (ret == 0) {
ERR_print_errors (bio_err);
goto out;
}
}
ret = 0;
for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
/* Admittedly, these checks are quite paranoid, we should not get
* anything in the BIO_ADDRINFO chain that we haven't
* asked for. */
OPENSSL_assert((family == AF_UNSPEC
|| family == BIO_ADDRINFO_family(ai))
&& (type == 0 || type == BIO_ADDRINFO_socktype(ai))
&& (protocol == 0
|| protocol == BIO_ADDRINFO_protocol(ai)));
if (bindaddr != NULL) {
for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai))
break;
}
if (bi == NULL)
continue;
++found;
}
*sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
BIO_ADDRINFO_protocol(ai), 0);
if (*sock == INVALID_SOCKET) {
/* Maybe the kernel doesn't support the socket family, even if
* BIO_lookup() added it in the returned result...
*/
continue;
}
if (bi != NULL) {
if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
BIO_SOCK_REUSEADDR)) {
BIO_closesocket(*sock);
*sock = INVALID_SOCKET;
break;
}
}
#ifndef OPENSSL_NO_SCTP
if (protocol == IPPROTO_SCTP) {
/*
* For SCTP we have to set various options on the socket prior to
* connecting. This is done automatically by BIO_new_dgram_sctp().
* We don't actually need the created BIO though so we free it again
* immediately.
*/
BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE);
if (tmpbio == NULL) {
ERR_print_errors(bio_err);
return 0;
}
BIO_free(tmpbio);
}
#endif
if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
BIO_closesocket(*sock);
*sock = INVALID_SOCKET;
continue;
}
/* Success, don't try any more addresses */
break;
}
if (*sock == INVALID_SOCKET) {
if (bindaddr != NULL && !found) {
BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
bindhost != NULL ? bindhost : "",
bindport != NULL ? ":" : "",
bindport != NULL ? bindport : "");
ERR_clear_error();
ret = 0;
}
ERR_print_errors(bio_err);
} else {
/* Remove any stale errors from previous connection attempts */
ERR_clear_error();
ret = 1;
}
out:
if (bindaddr != NULL) {
BIO_ADDRINFO_free (bindaddr);
}
BIO_ADDRINFO_free(res);
return ret;
}
/*
* do_server - helper routine to perform a server operation
* @accept_sock: pointer to storage of resulting socket.
* @host: the host name or path (for AF_UNIX) to connect to.
* @port: the port to connect to (ignored for AF_UNIX).
* @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
* AF_UNSPEC
* @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
* @cb: pointer to a function that receives the accepted socket and
* should perform the communication with the connecting client.
* @context: pointer to memory that's passed verbatim to the cb function.
* @naccept: number of times an incoming connect should be accepted. If -1,
* unlimited number.
*
* This will create a socket and use it to listen to a host:port, or if
* family == AF_UNIX, to the path found in host, then start accepting
* incoming connections and run cb on the resulting socket.
*
* 0 on failure, something other on success.
*/
int do_server(int *accept_sock, const char *host, const char *port,
int family, int type, int protocol, do_server_cb cb,
unsigned char *context, int naccept, BIO *bio_s_out)
{
int asock = 0;
int sock;
int i;
BIO_ADDRINFO *res = NULL;
const BIO_ADDRINFO *next;
int sock_family, sock_type, sock_protocol, sock_port;
const BIO_ADDR *sock_address;
int sock_options = BIO_SOCK_REUSEADDR;
int ret = 0;
if (BIO_sock_init() != 1)
return 0;
if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
&res)) {
ERR_print_errors(bio_err);
return 0;
}
/* Admittedly, these checks are quite paranoid, we should not get
* anything in the BIO_ADDRINFO chain that we haven't asked for */
OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
&& (type == 0 || type == BIO_ADDRINFO_socktype(res))
&& (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res)));
sock_family = BIO_ADDRINFO_family(res);
sock_type = BIO_ADDRINFO_socktype(res);
sock_protocol = BIO_ADDRINFO_protocol(res);
sock_address = BIO_ADDRINFO_address(res);
next = BIO_ADDRINFO_next(res);
if (sock_family == AF_INET6)
sock_options |= BIO_SOCK_V6_ONLY;
if (next != NULL
&& BIO_ADDRINFO_socktype(next) == sock_type
&& BIO_ADDRINFO_protocol(next) == sock_protocol) {
if (sock_family == AF_INET
&& BIO_ADDRINFO_family(next) == AF_INET6) {
sock_family = AF_INET6;
sock_address = BIO_ADDRINFO_address(next);
} else if (sock_family == AF_INET6
&& BIO_ADDRINFO_family(next) == AF_INET) {
sock_options &= ~BIO_SOCK_V6_ONLY;
}
}
asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
if (asock == INVALID_SOCKET
|| !BIO_listen(asock, sock_address, sock_options)) {
BIO_ADDRINFO_free(res);
ERR_print_errors(bio_err);
if (asock != INVALID_SOCKET)
BIO_closesocket(asock);
goto end;
}
#ifndef OPENSSL_NO_SCTP
if (protocol == IPPROTO_SCTP) {
/*
* For SCTP we have to set various options on the socket prior to
* accepting. This is done automatically by BIO_new_dgram_sctp().
* We don't actually need the created BIO though so we free it again
* immediately.
*/
BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);
if (tmpbio == NULL) {
BIO_closesocket(asock);
ERR_print_errors(bio_err);
goto end;
}
BIO_free(tmpbio);
}
#endif
sock_port = BIO_ADDR_rawport(sock_address);
BIO_ADDRINFO_free(res);
res = NULL;
if (sock_port == 0) {
/* dynamically allocated port, report which one */
union BIO_sock_info_u info;
char *hostname = NULL;
char *service = NULL;
int success = 0;
if ((info.addr = BIO_ADDR_new()) != NULL
&& BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
&& (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
&& (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
&& BIO_printf(bio_s_out,
strchr(hostname, ':') == NULL
? /* IPv4 */ "ACCEPT %s:%s\n"
: /* IPv6 */ "ACCEPT [%s]:%s\n",
hostname, service) > 0)
success = 1;
(void)BIO_flush(bio_s_out);
OPENSSL_free(hostname);
OPENSSL_free(service);
BIO_ADDR_free(info.addr);
if (!success) {
BIO_closesocket(asock);
ERR_print_errors(bio_err);
goto end;
}
} else {
(void)BIO_printf(bio_s_out, "ACCEPT\n");
(void)BIO_flush(bio_s_out);
}
if (accept_sock != NULL)
*accept_sock = asock;
for (;;) {
char sink[64];
struct timeval timeout;
fd_set readfds;
if (type == SOCK_STREAM) {
BIO_ADDR_free(ourpeer);
ourpeer = BIO_ADDR_new();
if (ourpeer == NULL) {
BIO_closesocket(asock);
ERR_print_errors(bio_err);
goto end;
}
do {
sock = BIO_accept_ex(asock, ourpeer, 0);
} while (sock < 0 && BIO_sock_should_retry(sock));
if (sock < 0) {
ERR_print_errors(bio_err);
BIO_closesocket(asock);
break;
}
BIO_set_tcp_ndelay(sock, 1);
i = (*cb)(sock, type, protocol, context);
/*
* If we ended with an alert being sent, but still with data in the
* network buffer to be read, then calling BIO_closesocket() will
* result in a TCP-RST being sent. On some platforms (notably
* Windows) then this will result in the peer immediately abandoning
* the connection including any buffered alert data before it has
* had a chance to be read. Shutting down the sending side first,
* and then closing the socket sends TCP-FIN first followed by
* TCP-RST. This seems to allow the peer to read the alert data.
*/
shutdown(sock, 1); /* SHUT_WR */
/*
* We just said we have nothing else to say, but it doesn't mean
* that the other side has nothing. It's even recommended to
* consume incoming data. [In testing context this ensures that
* alerts are passed on...]
*/
timeout.tv_sec = 0;
timeout.tv_usec = 500000; /* some extreme round-trip */
do {
FD_ZERO(&readfds);
openssl_fdset(sock, &readfds);
} while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
&& readsocket(sock, sink, sizeof(sink)) > 0);
BIO_closesocket(sock);
} else {
i = (*cb)(asock, type, protocol, context);
}
if (naccept != -1)
naccept--;
if (i < 0 || naccept == 0) {
BIO_closesocket(asock);
ret = i;
break;
}
}
end:
# ifdef AF_UNIX
if (family == AF_UNIX)
unlink(host);
# endif
BIO_ADDR_free(ourpeer);
ourpeer = NULL;
return ret;
}
#endif /* OPENSSL_NO_SOCK */

405
trunk/3rdparty/openssl-1.1-fit/apps/s_time.c vendored Normal file
View file

@ -0,0 +1,405 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_SOCK
#include "apps.h"
#include "progs.h"
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/pem.h>
#include "s_apps.h"
#include <openssl/err.h>
#include <internal/sockets.h>
#if !defined(OPENSSL_SYS_MSDOS)
# include OPENSSL_UNISTD
#endif
#define SSL_CONNECT_NAME "localhost:4433"
#define SECONDS 30
#define SECONDSSTR "30"
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
/*
* Define a HTTP get command globally.
* Also define the size of the command, this is two bytes less than
* the size of the string because the %s is replaced by the URL.
*/
static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2;
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY,
OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE,
OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3,
OPT_WWW
} OPTION_CHOICE;
const OPTIONS s_time_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"connect", OPT_CONNECT, 's',
"Where to connect as post:port (default is " SSL_CONNECT_NAME ")"},
{"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"},
{"ciphersuites", OPT_CIPHERSUITES, 's',
"Specify TLSv1.3 ciphersuites to be used"},
{"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
{"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
{"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
{"no-CAfile", OPT_NOCAFILE, '-',
"Do not load the default certificates file"},
{"no-CApath", OPT_NOCAPATH, '-',
"Do not load certificates from the default certificates directory"},
{"new", OPT_NEW, '-', "Just time new connections"},
{"reuse", OPT_REUSE, '-', "Just time connection reuse"},
{"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
{"verify", OPT_VERIFY, 'p',
"Turn on peer certificate verification, set depth"},
{"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR},
{"www", OPT_WWW, 's', "Fetch specified page from the site"},
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
#endif
{NULL}
};
#define START 0
#define STOP 1
static double tm_Time_F(int s)
{
return app_tminterval(s, 1);
}
int s_time_main(int argc, char **argv)
{
char buf[1024 * 8];
SSL *scon = NULL;
SSL_CTX *ctx = NULL;
const SSL_METHOD *meth = NULL;
char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *ciphersuites = NULL;
char *www_path = NULL;
char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
double totalTime = 0.0;
int noCApath = 0, noCAfile = 0;
int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
long bytes_read = 0, finishtime = 0;
OPTION_CHOICE o;
int max_version = 0, ver, buf_len;
size_t buf_size;
meth = TLS_client_method();
prog = opt_init(argc, argv, s_time_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(s_time_options);
ret = 0;
goto end;
case OPT_CONNECT:
host = opt_arg();
break;
case OPT_REUSE:
perform = 2;
break;
case OPT_NEW:
perform = 1;
break;
case OPT_VERIFY:
if (!opt_int(opt_arg(), &verify_args.depth))
goto opthelp;
BIO_printf(bio_err, "%s: verify depth is %d\n",
prog, verify_args.depth);
break;
case OPT_CERT:
certfile = opt_arg();
break;
case OPT_NAMEOPT:
if (!set_nameopt(opt_arg()))
goto end;
break;
case OPT_KEY:
keyfile = opt_arg();
break;
case OPT_CAPATH:
CApath = opt_arg();
break;
case OPT_CAFILE:
CAfile = opt_arg();
break;
case OPT_NOCAPATH:
noCApath = 1;
break;
case OPT_NOCAFILE:
noCAfile = 1;
break;
case OPT_CIPHER:
cipher = opt_arg();
break;
case OPT_CIPHERSUITES:
ciphersuites = opt_arg();
break;
case OPT_BUGS:
st_bugs = 1;
break;
case OPT_TIME:
if (!opt_int(opt_arg(), &maxtime))
goto opthelp;
break;
case OPT_WWW:
www_path = opt_arg();
buf_size = strlen(www_path) + fmt_http_get_cmd_size;
if (buf_size > sizeof(buf)) {
BIO_printf(bio_err, "%s: -www option is too long\n", prog);
goto end;
}
break;
case OPT_SSL3:
max_version = SSL3_VERSION;
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
if (cipher == NULL)
cipher = getenv("SSL_CIPHER");
if ((ctx = SSL_CTX_new(meth)) == NULL)
goto end;
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_quiet_shutdown(ctx, 1);
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto end;
if (st_bugs)
SSL_CTX_set_options(ctx, SSL_OP_ALL);
if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher))
goto end;
if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites))
goto end;
if (!set_cert_stuff(ctx, certfile, keyfile))
goto end;
if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
ERR_print_errors(bio_err);
goto end;
}
if (!(perform & 1))
goto next;
printf("Collecting connection statistics for %d seconds\n", maxtime);
/* Loop and time how long it takes to make connections */
bytes_read = 0;
finishtime = (long)time(NULL) + maxtime;
tm_Time_F(START);
for (;;) {
if (finishtime < (long)time(NULL))
break;
if ((scon = doConnection(NULL, host, ctx)) == NULL)
goto end;
if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
www_path);
if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
BIO_closesocket(SSL_get_fd(scon));
nConn += 1;
if (SSL_session_reused(scon)) {
ver = 'r';
} else {
ver = SSL_version(scon);
if (ver == TLS1_VERSION)
ver = 't';
else if (ver == SSL3_VERSION)
ver = '3';
else
ver = '*';
}
fputc(ver, stdout);
fflush(stdout);
SSL_free(scon);
scon = NULL;
}
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
i = (int)((long)time(NULL) - finishtime + maxtime);
printf
("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
/*
* Now loop and time connections using the same session id over and over
*/
next:
if (!(perform & 2))
goto end;
printf("\n\nNow timing with session id reuse.\n");
/* Get an SSL object so we can reuse the session id */
if ((scon = doConnection(NULL, host, ctx)) == NULL) {
BIO_printf(bio_err, "Unable to get connection\n");
goto end;
}
if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path);
if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
continue;
}
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
BIO_closesocket(SSL_get_fd(scon));
nConn = 0;
totalTime = 0.0;
finishtime = (long)time(NULL) + maxtime;
printf("starting\n");
bytes_read = 0;
tm_Time_F(START);
for (;;) {
if (finishtime < (long)time(NULL))
break;
if ((doConnection(scon, host, ctx)) == NULL)
goto end;
if (www_path != NULL) {
buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
www_path);
if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
BIO_closesocket(SSL_get_fd(scon));
nConn += 1;
if (SSL_session_reused(scon)) {
ver = 'r';
} else {
ver = SSL_version(scon);
if (ver == TLS1_VERSION)
ver = 't';
else if (ver == SSL3_VERSION)
ver = '3';
else
ver = '*';
}
fputc(ver, stdout);
fflush(stdout);
}
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
printf
("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
ret = 0;
end:
SSL_free(scon);
SSL_CTX_free(ctx);
return ret;
}
/*-
* doConnection - make a connection
*/
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
{
BIO *conn;
SSL *serverCon;
int i;
if ((conn = BIO_new(BIO_s_connect())) == NULL)
return NULL;
BIO_set_conn_hostname(conn, host);
BIO_set_conn_mode(conn, BIO_SOCK_NODELAY);
if (scon == NULL)
serverCon = SSL_new(ctx);
else {
serverCon = scon;
SSL_set_connect_state(serverCon);
}
SSL_set_bio(serverCon, conn, conn);
/* ok, lets connect */
i = SSL_connect(serverCon);
if (i <= 0) {
BIO_printf(bio_err, "ERROR\n");
if (verify_args.error != X509_V_OK)
BIO_printf(bio_err, "verify error:%s\n",
X509_verify_cert_error_string(verify_args.error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
SSL_free(serverCon);
return NULL;
}
#if defined(SOL_SOCKET) && defined(SO_LINGER)
{
struct linger no_linger;
int fd;
no_linger.l_onoff = 1;
no_linger.l_linger = 0;
fd = SSL_get_fd(serverCon);
if (fd >= 0)
(void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger,
sizeof(no_linger));
}
#endif
return serverCon;
}
#endif /* OPENSSL_NO_SOCK */

52
trunk/3rdparty/openssl-1.1-fit/apps/server.pem vendored Normal file
View file

@ -0,0 +1,52 @@
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
-----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
-----END RSA PRIVATE KEY-----

Some files were not shown because too many files have changed in this diff Show more