void OpenSSL_add_all_digests(void) { #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl2-md5"); EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) EVP_add_digest(EVP_sha()); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss()); #endif #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss1()); EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif #endif #ifndef OPENSSL_NO_GOST EVP_add_digest(EVP_gostr341194()); EVP_add_digest(EVP_gost2814789imit()); EVP_add_digest(EVP_streebog256()); EVP_add_digest(EVP_streebog512()); #endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif #ifndef OPENSSL_NO_RIPEMD EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160, "ripemd"); EVP_add_digest_alias(SN_ripemd160, "rmd160"); #endif #ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); #endif #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #endif #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif }
EXPORT_C int SSL_library_init(void) { //#ifdef EMULATOR // InitSSLWsdVar(); //#endif #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); #endif #ifndef OPENSSL_NO_IDEA EVP_add_cipher(EVP_idea_cbc()); #endif #ifndef OPENSSL_NO_RC4 EVP_add_cipher(EVP_rc4()); #endif #ifndef OPENSSL_NO_RC2 EVP_add_cipher(EVP_rc2_cbc()); #endif #ifndef OPENSSL_NO_AES EVP_add_cipher(EVP_aes_128_cbc()); EVP_add_cipher(EVP_aes_192_cbc()); EVP_add_cipher(EVP_aes_256_cbc()); #endif #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5,"ssl2-md5"); EVP_add_digest_alias(SN_md5,"ssl3-md5"); #endif #ifndef OPENSSL_NO_SHA EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif /* If you want support for phased out ciphers, add the following */ #if 0 EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); #endif #ifndef OPENSSL_NO_COMP /* This will initialise the built-in compression algorithms. The value returned is a STACK_OF(SSL_COMP), but that can be discarded safely */ (void)SSL_COMP_get_compression_methods(); #endif /* initialize cipher/digest methods table */ ssl_load_ciphers(); return(1); }
ikptr ikrt_openssl_evp_dss (ikpcb * pcb) { #ifdef HAVE_EVP_DSS const EVP_MD * rv; rv = EVP_dss(); return ika_pointer_alloc(pcb, (long)rv); #else feature_failure(__func__); #endif }
void OpenSSL_add_all_digests(void) { #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5,"ssl2-md5"); EVP_add_digest_alias(SN_md5,"ssl3-md5"); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) EVP_add_digest(EVP_sha()); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss()); #endif #endif #ifndef OPENSSL_NO_SHA EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss1()); EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif #endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif #ifndef OPENSSL_NO_RIPEMD EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160,"ripemd"); EVP_add_digest_alias(SN_ripemd160,"rmd160"); #endif #ifndef OPENSSL_NO_SHA256 /* EVP_add_digest(EVP_sha224()); To be added later */ EVP_add_digest(EVP_sha256()); #endif #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #endif }
const EVP_MD * hb_EVP_MD_par( int iParam ) { const EVP_MD * p; if( HB_ISCHAR( iParam ) ) return EVP_get_digestbyname( hb_parc( iParam ) ); switch( hb_parni( iParam ) ) { case HB_EVP_MD_MD_NULL: p = EVP_md_null(); break; #ifndef OPENSSL_NO_MD4 case HB_EVP_MD_MD4: p = EVP_md4(); break; #endif #ifndef OPENSSL_NO_MD5 case HB_EVP_MD_MD5: p = EVP_md5(); break; #endif #ifndef OPENSSL_NO_SHA #if OPENSSL_VERSION_NUMBER < 0x10100000L && \ ! defined( LIBRESSL_VERSION_NUMBER ) case HB_EVP_MD_SHA: p = EVP_sha(); break; #endif case HB_EVP_MD_SHA1: p = EVP_sha1(); break; #if OPENSSL_VERSION_NUMBER < 0x10100000L case HB_EVP_MD_DSS: p = EVP_dss(); break; case HB_EVP_MD_DSS1: p = EVP_dss1(); break; #endif #if OPENSSL_VERSION_NUMBER >= 0x00908000L && \ OPENSSL_VERSION_NUMBER < 0x10100000L case HB_EVP_MD_ECDSA: p = EVP_ecdsa(); break; #endif #endif #ifndef OPENSSL_NO_SHA256 case HB_EVP_MD_SHA224: p = EVP_sha224(); break; case HB_EVP_MD_SHA256: p = EVP_sha256(); break; #endif #ifndef OPENSSL_NO_SHA512 case HB_EVP_MD_SHA384: p = EVP_sha384(); break; case HB_EVP_MD_SHA512: p = EVP_sha512(); break; #endif #ifndef OPENSSL_NO_RIPEMD case HB_EVP_MD_RIPEMD160: p = EVP_ripemd160(); break; #endif default: p = NULL; } return p; }
int SSL_library_init(void) { #ifndef NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); #endif #ifndef NO_IDEA EVP_add_cipher(EVP_idea_cbc()); #endif #ifndef NO_RC4 EVP_add_cipher(EVP_rc4()); #endif #ifndef NO_RC2 EVP_add_cipher(EVP_rc2_cbc()); #endif #ifndef NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5,"ssl2-md5"); EVP_add_digest_alias(SN_md5,"ssl3-md5"); #endif #ifndef NO_SHA EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); #endif #if !defined(NO_SHA) && !defined(NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif /* If you want support for phased out ciphers, add the following */ #if 0 EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); #endif return(1); }
static int hb_EVP_MD_ptr_to_id( const EVP_MD * p ) { int n; if( p == EVP_md_null() ) n = HB_EVP_MD_MD_NULL; #ifndef OPENSSL_NO_MD4 else if( p == EVP_md4() ) n = HB_EVP_MD_MD4; #endif #ifndef OPENSSL_NO_MD5 else if( p == EVP_md5() ) n = HB_EVP_MD_MD5; #endif #ifndef OPENSSL_NO_SHA #if OPENSSL_VERSION_NUMBER < 0x10100000L && \ ! defined( LIBRESSL_VERSION_NUMBER ) else if( p == EVP_sha() ) n = HB_EVP_MD_SHA; #endif else if( p == EVP_sha1() ) n = HB_EVP_MD_SHA1; #if OPENSSL_VERSION_NUMBER < 0x10100000L else if( p == EVP_dss() ) n = HB_EVP_MD_DSS; else if( p == EVP_dss1() ) n = HB_EVP_MD_DSS1; #endif #if OPENSSL_VERSION_NUMBER >= 0x00908000L && \ OPENSSL_VERSION_NUMBER < 0x10100000L else if( p == EVP_ecdsa() ) n = HB_EVP_MD_ECDSA; #endif #endif #ifndef OPENSSL_NO_SHA256 else if( p == EVP_sha224() ) n = HB_EVP_MD_SHA224; else if( p == EVP_sha256() ) n = HB_EVP_MD_SHA256; #endif #ifndef OPENSSL_NO_SHA512 else if( p == EVP_sha384() ) n = HB_EVP_MD_SHA384; else if( p == EVP_sha512() ) n = HB_EVP_MD_SHA512; #endif #ifndef OPENSSL_NO_RIPEMD else if( p == EVP_ripemd160() ) n = HB_EVP_MD_RIPEMD160; #endif else n = HB_EVP_MD_UNSUPPORTED; return n; }
static int hb_EVP_MD_ptr_to_id( const EVP_MD * p ) { int n; if( p == EVP_md_null() ) n = HB_EVP_MD_MD_NULL; #ifndef OPENSSL_NO_MD2 else if( p == EVP_md2() ) n = HB_EVP_MD_MD2; #endif #ifndef OPENSSL_NO_MD4 else if( p == EVP_md4() ) n = HB_EVP_MD_MD4; #endif #ifndef OPENSSL_NO_MD5 else if( p == EVP_md5() ) n = HB_EVP_MD_MD5; #endif #ifndef OPENSSL_NO_SHA else if( p == EVP_sha() ) n = HB_EVP_MD_SHA; else if( p == EVP_sha1() ) n = HB_EVP_MD_SHA1; else if( p == EVP_dss() ) n = HB_EVP_MD_DSS; else if( p == EVP_dss1() ) n = HB_EVP_MD_DSS1; #if ! defined( HB_OPENSSL_OLD_OSX_ ) else if( p == EVP_ecdsa() ) n = HB_EVP_MD_ECDSA; #endif #endif #ifndef OPENSSL_NO_SHA256 else if( p == EVP_sha224() ) n = HB_EVP_MD_SHA224; else if( p == EVP_sha256() ) n = HB_EVP_MD_SHA256; #endif #ifndef OPENSSL_NO_SHA512 else if( p == EVP_sha384() ) n = HB_EVP_MD_SHA384; else if( p == EVP_sha512() ) n = HB_EVP_MD_SHA512; #endif #ifndef OPENSSL_NO_MDC2 else if( p == EVP_mdc2() ) n = HB_EVP_MD_MDC2; #endif #ifndef OPENSSL_NO_RIPEMD else if( p == EVP_ripemd160() ) n = HB_EVP_MD_RIPEMD160; #endif else n = HB_EVP_MD_UNSUPPORTED; return n; }
int SSL_library_init(void) { #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); #endif #ifndef OPENSSL_NO_IDEA EVP_add_cipher(EVP_idea_cbc()); #endif #ifndef OPENSSL_NO_RC4 EVP_add_cipher(EVP_rc4()); # if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__)) EVP_add_cipher(EVP_rc4_hmac_md5()); # endif #endif #ifndef OPENSSL_NO_RC2 EVP_add_cipher(EVP_rc2_cbc()); /* * Not actually used for SSL/TLS but this makes PKCS#12 work if an * application only calls SSL_library_init(). */ EVP_add_cipher(EVP_rc2_40_cbc()); #endif #ifndef OPENSSL_NO_AES EVP_add_cipher(EVP_aes_128_cbc()); EVP_add_cipher(EVP_aes_192_cbc()); EVP_add_cipher(EVP_aes_256_cbc()); EVP_add_cipher(EVP_aes_128_gcm()); EVP_add_cipher(EVP_aes_256_gcm()); # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); # endif # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); # endif #endif #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_cbc()); EVP_add_cipher(EVP_camellia_256_cbc()); #endif #ifndef OPENSSL_NO_SEED EVP_add_cipher(EVP_seed_cbc()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl2-md5"); EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif #ifndef OPENSSL_NO_SHA EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #endif #ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); #endif #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif #ifndef NO_GMSSL EVP_add_cipher(EVP_sms4_cbc()); EVP_add_digest(EVP_sm3()); #endif /* If you want support for phased out ciphers, add the following */ #if 0 EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); #endif #ifndef OPENSSL_NO_COMP /* * This will initialise the built-in compression algorithms. The value * returned is a STACK_OF(SSL_COMP), but that can be discarded safely */ (void)SSL_COMP_get_compression_methods(); #endif /* initialize cipher/digest methods table */ ssl_load_ciphers(); return (1); }
int genrequest(char department[], char cname0[]) { X509_REQ *webrequest = NULL; EVP_PKEY *pubkey = NULL; X509_NAME *reqname = NULL; DSA *mydsa = NULL; RSA *myrsa = NULL; BIO *outbio = NULL; X509_NAME_ENTRY *e; int i; FILE *fp, *fp2; char buf[80] = ""; char country[81] = "UK"; char province[81] = "Gloucestershire"; char locality[81] = "Tetbury"; char organisation[81] = "TETBURY SOFTWARE SERVICES Ltd"; char email_addr[81] = "*****@*****.**"; char cname1[81] = ""; char cname2[81] = ""; char surname[81] = ""; char givenname[81] = ""; char keytype[81] = "rsa"; int rsastrength = 4096; int dsastrength = 0; /* we do not accept requests with no data, i.e. being empty with just a public key. Although technically possible to sign and create a cert, they don't make much sense. We require here at least one CN supplied. */ if(strlen(cname0) == 0 && strlen(cname1) == 0 && strlen(cname2) == 0) printf("Error supply at least one CNAME in request subject"); /* -------------------------------------------------------------------------- * * These function calls are essential to make many PEM + other openssl * * functions work. It is not well documented, I found out after looking into * * the openssl source directly. * * needed by: PEM_read_PrivateKey(), X509_REQ_verify() ... * * -------------------------------------------------------------------------- */ OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* ------------------------------------------------------------------------- * * Generate the key pair based on the selected keytype * * ------------------------------------------------------------------------- */ if ((pubkey=EVP_PKEY_new()) == NULL) printf("Error creating EVP_PKEY structure."); if(strcmp(keytype, "rsa") == 0) { myrsa = RSA_new(); if (! (myrsa = RSA_generate_key(rsastrength, RSA_F4, NULL, NULL))) printf("Error generating the RSA key."); if (!EVP_PKEY_assign_RSA(pubkey,myrsa)) printf("Error assigning RSA key to EVP_PKEY structure."); } else if(strcmp(keytype, "dsa") == 0) { mydsa = DSA_new(); mydsa = DSA_generate_parameters(dsastrength, NULL, 0, NULL, NULL, NULL, NULL); if (! (DSA_generate_key(mydsa))) printf("Error generating the DSA key."); if (!EVP_PKEY_assign_DSA(pubkey,mydsa)) printf("Error assigning DSA key to EVP_PKEY structure."); } else printf("Error: Wrong keytype - choose either RSA or DSA."); /* ------------------------------------------------------------------------- * * Generate the certificate request from scratch * * ------------------------------------------------------------------------- */ if ((webrequest=X509_REQ_new()) == NULL) printf("Error creating new X509_REQ structure."); if (X509_REQ_set_pubkey(webrequest, pubkey) == 0) printf("Error setting public key for X509_REQ structure."); if ((reqname=X509_REQ_get_subject_name(webrequest)) == NULL) printf("Error setting public key for X509_REQ structure."); /* The following functions create and add the entries, working out * * the correct string type and performing checks on its length. * * We also check the return value for errors... */ if(strlen(country) != 0) X509_NAME_add_entry_by_txt(reqname,"C", MBSTRING_ASC, (unsigned char*) country, -1, -1, 0); if(strlen(province) != 0) X509_NAME_add_entry_by_txt(reqname,"ST", MBSTRING_ASC, (unsigned char *) province, -1, -1, 0); if(strlen(locality) != 0) X509_NAME_add_entry_by_txt(reqname,"L", MBSTRING_ASC, (unsigned char *) locality, -1, -1, 0); if(strlen(organisation) != 0) X509_NAME_add_entry_by_txt(reqname,"O", MBSTRING_ASC, (unsigned char *) organisation, -1, -1, 0); if(strlen(department) != 0) X509_NAME_add_entry_by_txt(reqname,"OU", MBSTRING_ASC, (unsigned char *) department, -1, -1, 0); if(strlen(email_addr) != 0) X509_NAME_add_entry_by_txt(reqname,"emailAddress", MBSTRING_ASC, (unsigned char *) email_addr, -1, -1, 0); if(strlen(cname0) != 0) X509_NAME_add_entry_by_txt(reqname,"CN", MBSTRING_ASC, (unsigned char *) cname0, -1, -1, 0); if(strlen(cname1) != 0) X509_NAME_add_entry_by_txt(reqname,"CN", MBSTRING_ASC, (unsigned char *) cname1, -1, -1, 0); if(strlen(cname2) != 0) X509_NAME_add_entry_by_txt(reqname,"CN", MBSTRING_ASC, (unsigned char *) cname2, -1, -1, 0); if(strlen(surname) != 0) X509_NAME_add_entry_by_txt(reqname,"SN", MBSTRING_ASC, (unsigned char *) surname, -1, -1, 0); if(strlen(givenname) != 0) X509_NAME_add_entry_by_txt(reqname,"GN", MBSTRING_ASC, (unsigned char *) givenname, -1, -1, 0); /* ------------------------------------------------------------------------- * * Sign the certificate request: md5 for RSA keys, dss for DSA keys * * ------------------------------------------------------------------------- */ if(strcmp(keytype, "rsa") == 0) { if (!X509_REQ_sign(webrequest,pubkey,EVP_md5())) printf("Error MD5 signing X509_REQ structure."); } else if(strcmp(keytype, "dsa") == 0) { if (!X509_REQ_sign(webrequest,pubkey,EVP_dss())) printf("Error DSS signing X509_REQ structure."); } /* ------------------------------------------------------------------------- * * and sort out the content plus start the html output * * ------------------------------------------------------------------------- */ if (! (fp=fopen("clave_publica.pem", "w"))) printf("No puedo crear el fichero de la request"); if (! (fp2=fopen("clave_privada.pem", "w"))) printf("No puedo crear el fichero de la clave privada"); outbio = BIO_new(BIO_s_file()); BIO_set_fp(outbio, fp, BIO_NOCLOSE); if (! PEM_write_bio_X509_REQ(outbio, webrequest)) printf("Error printing the request"); for (i = 0; i < X509_NAME_entry_count(reqname); i++) { e = X509_NAME_get_entry(reqname, i); OBJ_obj2txt(buf, 80, e->object, 0); } PEM_write_PrivateKey(fp2,pubkey,NULL,NULL,0,0,NULL); BIO_free(outbio); fclose(fp); fclose(fp2); return(0); }