static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx, int type) { int param_nid = NID_undef; if (type == 2) { BIGNUM *key; if (!BIO_indent(out, indent, 128)) return 0; BIO_printf(out, "Private key: "); key = gost_get0_priv_key(pkey); if (!key) BIO_printf(out, "<undefined)"); else BN_print(out, key); BIO_printf(out, "\n"); } if (type >= 1) { BN_CTX *ctx = BN_CTX_new(); BIGNUM *X, *Y; const EC_POINT *pubkey; const EC_GROUP *group; if (!ctx) { GOSTerr(GOST_F_PRINT_GOST_01, ERR_R_MALLOC_FAILURE); return 0; } BN_CTX_start(ctx); X = BN_CTX_get(ctx); Y = BN_CTX_get(ctx); pubkey = EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey)); group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey)); if (!EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, ctx)) { GOSTerr(GOST_F_PRINT_GOST_01, ERR_R_EC_LIB); BN_CTX_free(ctx); return 0; } if (!BIO_indent(out, indent, 128)) return 0; BIO_printf(out, "Public key:\n"); if (!BIO_indent(out, indent + 3, 128)) return 0; BIO_printf(out, "X:"); BN_print(out, X); BIO_printf(out, "\n"); BIO_indent(out, indent + 3, 128); BIO_printf(out, "Y:"); BN_print(out, Y); BIO_printf(out, "\n"); BN_CTX_end(ctx); BN_CTX_free(ctx); } param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group (EVP_PKEY_get0((EVP_PKEY *)pkey))); if (!BIO_indent(out, indent, 128)) return 0; BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid)); return 1; }
int test_div(BIO *bp, BN_CTX *ctx) { BIGNUM a,b,c,d,e; int i; BN_init(&a); BN_init(&b); BN_init(&c); BN_init(&d); BN_init(&e); for (i=0; i<num0+num1; i++) { if (i < num1) { BN_bntest_rand(&a,400,0,0); BN_copy(&b,&a); BN_lshift(&a,&a,i); BN_add_word(&a,i); } else BN_bntest_rand(&b,50+3*(i-num1),0,0); a.neg=rand_neg(); b.neg=rand_neg(); BN_div(&d,&c,&a,&b,ctx); if (bp != NULL) { if (!results) { BN_print(bp,&a); BIO_puts(bp," / "); BN_print(bp,&b); BIO_puts(bp," - "); } BN_print(bp,&d); BIO_puts(bp,"\n"); if (!results) { BN_print(bp,&a); BIO_puts(bp," % "); BN_print(bp,&b); BIO_puts(bp," - "); } BN_print(bp,&c); BIO_puts(bp,"\n"); } BN_mul(&e,&d,&b,ctx); BN_add(&d,&e,&c); BN_sub(&d,&d,&a); if(!BN_is_zero(&d)) { fprintf(stderr,"Division test failed!\n"); return 0; } } BN_free(&a); BN_free(&b); BN_free(&c); BN_free(&d); BN_free(&e); return(1); }
int MAIN(int argc, char **argv) { ENGINE *e = NULL; int ret=1; X509_REQ *req=NULL; X509 *x=NULL,*xca=NULL; ASN1_OBJECT *objtmp; EVP_PKEY *Upkey=NULL,*CApkey=NULL; ASN1_INTEGER *sno = NULL; int i,num,badops=0; BIO *out=NULL; BIO *STDout=NULL; STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; int informat,outformat,keyformat,CAformat,CAkeyformat; char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *CAkeyfile=NULL,*CAserial=NULL; char *alias=NULL; int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; int ocspid=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; int pprint = 0; char **pp; X509_STORE *ctx=NULL; X509_REQ *rq=NULL; int fingerprint=0; char buf[256]; const EVP_MD *md_alg,*digest=EVP_md5(); CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; int checkend=0,checkoffset=0; unsigned long nmflag = 0, certflag = 0; char *engine=NULL; reqfile=0; apps_startup(); if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; STDout=BIO_new_fp(stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); STDout = BIO_push(tmpbio, STDout); } #endif informat=FORMAT_PEM; outformat=FORMAT_PEM; keyformat=FORMAT_PEM; CAformat=FORMAT_PEM; CAkeyformat=FORMAT_PEM; ctx=X509_STORE_new(); if (ctx == NULL) goto end; X509_STORE_set_verify_cb_func(ctx,callb); argc--; argv++; num=0; while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) goto bad; keyformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-req") == 0) { reqfile=1; need_rand = 1; } else if (strcmp(*argv,"-CAform") == 0) { if (--argc < 1) goto bad; CAformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-CAkeyform") == 0) { if (--argc < 1) goto bad; CAkeyformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-days") == 0) { if (--argc < 1) goto bad; days=atoi(*(++argv)); if (days == 0) { BIO_printf(STDout,"bad number of days\n"); goto bad; } } else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; passargin= *(++argv); } else if (strcmp(*argv,"-extfile") == 0) { if (--argc < 1) goto bad; extfile= *(++argv); } else if (strcmp(*argv,"-extensions") == 0) { if (--argc < 1) goto bad; extsect= *(++argv); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-signkey") == 0) { if (--argc < 1) goto bad; keyfile= *(++argv); sign_flag= ++num; need_rand = 1; } else if (strcmp(*argv,"-CA") == 0) { if (--argc < 1) goto bad; CAfile= *(++argv); CA_flag= ++num; need_rand = 1; } else if (strcmp(*argv,"-CAkey") == 0) { if (--argc < 1) goto bad; CAkeyfile= *(++argv); } else if (strcmp(*argv,"-CAserial") == 0) { if (--argc < 1) goto bad; CAserial= *(++argv); } else if (strcmp(*argv,"-set_serial") == 0) { if (--argc < 1) goto bad; if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv)))) goto bad; } else if (strcmp(*argv,"-addtrust") == 0) { if (--argc < 1) goto bad; if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) { BIO_printf(bio_err, "Invalid trust object value %s\n", *argv); goto bad; } if (!trust) trust = sk_ASN1_OBJECT_new_null(); sk_ASN1_OBJECT_push(trust, objtmp); trustout = 1; } else if (strcmp(*argv,"-addreject") == 0) { if (--argc < 1) goto bad; if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) { BIO_printf(bio_err, "Invalid reject object value %s\n", *argv); goto bad; } if (!reject) reject = sk_ASN1_OBJECT_new_null(); sk_ASN1_OBJECT_push(reject, objtmp); trustout = 1; } else if (strcmp(*argv,"-setalias") == 0) { if (--argc < 1) goto bad; alias= *(++argv); trustout = 1; } else if (strcmp(*argv,"-certopt") == 0) { if (--argc < 1) goto bad; if (!set_cert_ex(&certflag, *(++argv))) goto bad; } else if (strcmp(*argv,"-nameopt") == 0) { if (--argc < 1) goto bad; if (!set_name_ex(&nmflag, *(++argv))) goto bad; } else if (strcmp(*argv,"-setalias") == 0) { if (--argc < 1) goto bad; alias= *(++argv); trustout = 1; } else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } else if (strcmp(*argv,"-C") == 0) C= ++num; else if (strcmp(*argv,"-email") == 0) email= ++num; else if (strcmp(*argv,"-serial") == 0) serial= ++num; else if (strcmp(*argv,"-modulus") == 0) modulus= ++num; else if (strcmp(*argv,"-pubkey") == 0) pubkey= ++num; else if (strcmp(*argv,"-x509toreq") == 0) x509req= ++num; else if (strcmp(*argv,"-text") == 0) text= ++num; else if (strcmp(*argv,"-hash") == 0) hash= ++num; else if (strcmp(*argv,"-subject") == 0) subject= ++num; else if (strcmp(*argv,"-issuer") == 0) issuer= ++num; else if (strcmp(*argv,"-fingerprint") == 0) fingerprint= ++num; else if (strcmp(*argv,"-dates") == 0) { startdate= ++num; enddate= ++num; } else if (strcmp(*argv,"-purpose") == 0) pprint= ++num; else if (strcmp(*argv,"-startdate") == 0) startdate= ++num; else if (strcmp(*argv,"-enddate") == 0) enddate= ++num; else if (strcmp(*argv,"-checkend") == 0) { if (--argc < 1) goto bad; checkoffset=atoi(*(++argv)); checkend=1; } else if (strcmp(*argv,"-noout") == 0) noout= ++num; else if (strcmp(*argv,"-trustout") == 0) trustout= 1; else if (strcmp(*argv,"-clrtrust") == 0) clrtrust= ++num; else if (strcmp(*argv,"-clrreject") == 0) clrreject= ++num; else if (strcmp(*argv,"-alias") == 0) aliasout= ++num; else if (strcmp(*argv,"-CAcreateserial") == 0) CA_createserial= ++num; else if (strcmp(*argv,"-clrext") == 0) clrext = 1; #if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */ else if (strcmp(*argv,"-crlext") == 0) { BIO_printf(bio_err,"use -clrext instead of -crlext\n"); clrext = 1; } #endif else if (strcmp(*argv,"-ocspid") == 0) ocspid= ++num; else if ((md_alg=EVP_get_digestbyname(*argv + 1))) { /* ok */ digest=md_alg; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: for (pp=x509_usage; (*pp != NULL); pp++) BIO_printf(bio_err,"%s",*pp); goto end; } e = setup_engine(bio_err, engine, 0); if (need_rand) app_RAND_load_file(NULL, bio_err, 0); ERR_load_crypto_strings(); if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if (!X509_STORE_set_default_paths(ctx)) { ERR_print_errors(bio_err); goto end; } if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) { CAkeyfile=CAfile; } else if ((CA_flag) && (CAkeyfile == NULL)) { BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n"); goto end; } if (extfile) { long errorline = -1; X509V3_CTX ctx2; extconf = NCONF_new(NULL); if (!NCONF_load(extconf, extfile,&errorline)) { if (errorline <= 0) BIO_printf(bio_err, "error loading the config file '%s'\n", extfile); else BIO_printf(bio_err, "error on line %ld of config file '%s'\n" ,errorline,extfile); goto end; } if (!extsect) { extsect = NCONF_get_string(extconf, "default", "extensions"); if (!extsect) { ERR_clear_error(); extsect = "default"; } } X509V3_set_ctx_test(&ctx2); X509V3_set_nconf(&ctx2, extconf); if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extsect); ERR_print_errors(bio_err); goto end; } } if (reqfile) { EVP_PKEY *pkey; X509_CINF *ci; BIO *in; if (!sign_flag && !CA_flag) { BIO_printf(bio_err,"We need a private key to sign with\n"); goto end; } in=BIO_new(BIO_s_file()); if (in == NULL) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT); else { if (BIO_read_filename(in,infile) <= 0) { perror(infile); BIO_free(in); goto end; } } req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL); BIO_free(in); if (req == NULL) { ERR_print_errors(bio_err); goto end; } if ( (req->req_info == NULL) || (req->req_info->pubkey == NULL) || (req->req_info->pubkey->public_key == NULL) || (req->req_info->pubkey->public_key->data == NULL)) { BIO_printf(bio_err,"The certificate request appears to corrupted\n"); BIO_printf(bio_err,"It does not contain a public key\n"); goto end; } if ((pkey=X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err,"error unpacking public key\n"); goto end; } i=X509_REQ_verify(req,pkey); EVP_PKEY_free(pkey); if (i < 0) { BIO_printf(bio_err,"Signature verification error\n"); ERR_print_errors(bio_err); goto end; } if (i == 0) { BIO_printf(bio_err,"Signature did not match the certificate request\n"); goto end; } else BIO_printf(bio_err,"Signature ok\n"); print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag); if ((x=X509_new()) == NULL) goto end; ci=x->cert_info; if (sno) { if (!X509_set_serialNumber(x, sno)) goto end; } else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end; if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; if (!X509_set_subject_name(x,req->req_info->subject)) goto end; X509_gmtime_adj(X509_get_notBefore(x),0); X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); pkey = X509_REQ_get_pubkey(req); X509_set_pubkey(x,pkey); EVP_PKEY_free(pkey); } else x=load_cert(bio_err,infile,informat,NULL,e,"Certificate"); if (x == NULL) goto end; if (CA_flag) { xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate"); if (xca == NULL) goto end; } if (!noout || text) { OBJ_create("2.99999.3", "SET.ex3","SET x509v3 extension 3"); out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } } if (alias) X509_alias_set1(x, (unsigned char *)alias, -1); if (clrtrust) X509_trust_clear(x); if (clrreject) X509_reject_clear(x); if (trust) { for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { objtmp = sk_ASN1_OBJECT_value(trust, i); X509_add1_trust_object(x, objtmp); } } if (reject) { for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { objtmp = sk_ASN1_OBJECT_value(reject, i); X509_add1_reject_object(x, objtmp); } } if (num) { for (i=1; i<=num; i++) { if (issuer == i) { print_name(STDout, "issuer= ", X509_get_issuer_name(x), nmflag); } else if (subject == i) { print_name(STDout, "subject= ", X509_get_subject_name(x), nmflag); } else if (serial == i) { BIO_printf(STDout,"serial="); i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber); BIO_printf(STDout,"\n"); } else if (email == i) { int j; STACK *emlst; emlst = X509_get1_email(x); for (j = 0; j < sk_num(emlst); j++) BIO_printf(STDout, "%s\n", sk_value(emlst, j)); X509_email_free(emlst); } else if (aliasout == i) { unsigned char *alstr; alstr = X509_alias_get0(x, NULL); if (alstr) BIO_printf(STDout,"%s\n", alstr); else BIO_puts(STDout,"<No Alias>\n"); } else if (hash == i) { BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } else if (pprint == i) { X509_PURPOSE *ptmp; int j; BIO_printf(STDout, "Certificate purposes:\n"); for (j = 0; j < X509_PURPOSE_get_count(); j++) { ptmp = X509_PURPOSE_get0(j); purpose_print(STDout, x, ptmp); } } else if (modulus == i) { EVP_PKEY *pkey; pkey=X509_get_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err,"Modulus=unavailable\n"); ERR_print_errors(bio_err); goto end; } BIO_printf(STDout,"Modulus="); #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) BN_print(STDout,pkey->pkey.rsa->n); else #endif #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) BN_print(STDout,pkey->pkey.dsa->pub_key); else #endif BIO_printf(STDout,"Wrong Algorithm type"); BIO_printf(STDout,"\n"); EVP_PKEY_free(pkey); } else if (pubkey == i) { EVP_PKEY *pkey; pkey=X509_get_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err,"Error getting public key\n"); ERR_print_errors(bio_err); goto end; } PEM_write_bio_PUBKEY(STDout, pkey); EVP_PKEY_free(pkey); } else if (C == i) { unsigned char *d; char *m; int y,z; X509_NAME_oneline(X509_get_subject_name(x), buf,sizeof buf); BIO_printf(STDout,"/* subject:%s */\n",buf); m=X509_NAME_oneline( X509_get_issuer_name(x),buf, sizeof buf); BIO_printf(STDout,"/* issuer :%s */\n",buf); z=i2d_X509(x,NULL); m=OPENSSL_malloc(z); d=(unsigned char *)m; z=i2d_X509_NAME(X509_get_subject_name(x),&d); BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { BIO_printf(STDout,"0x%02X,",d[y]); if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n"); } if (y%16 != 0) BIO_printf(STDout,"\n"); BIO_printf(STDout,"};\n"); z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d); BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { BIO_printf(STDout,"0x%02X,",d[y]); if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n"); } if (y%16 != 0) BIO_printf(STDout,"\n"); BIO_printf(STDout,"};\n"); z=i2d_X509(x,&d); BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { BIO_printf(STDout,"0x%02X,",d[y]); if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n"); } if (y%16 != 0) BIO_printf(STDout,"\n"); BIO_printf(STDout,"};\n"); OPENSSL_free(m); } else if (text == i) { X509_print_ex(out,x,nmflag, certflag); } else if (startdate == i) { BIO_puts(STDout,"notBefore="); ASN1_TIME_print(STDout,X509_get_notBefore(x)); BIO_puts(STDout,"\n"); } else if (enddate == i) { BIO_puts(STDout,"notAfter="); ASN1_TIME_print(STDout,X509_get_notAfter(x)); BIO_puts(STDout,"\n"); } else if (fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; if (!X509_digest(x,digest,md,&n)) { BIO_printf(bio_err,"out of memory\n"); goto end; } BIO_printf(STDout,"%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(digest))); for (j=0; j<(int)n; j++) { BIO_printf(STDout,"%02X%c",md[j], (j+1 == (int)n) ?'\n':':'); } } /* should be in the library */ else if ((sign_flag == i) && (x509req == 0)) { BIO_printf(bio_err,"Getting Private key\n"); if (Upkey == NULL) { Upkey=load_key(bio_err, keyfile, keyformat, 0, passin, e, "Private key"); if (Upkey == NULL) goto end; } #ifndef OPENSSL_NO_DSA if (Upkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif assert(need_rand); if (!sign(x,Upkey,days,clrext,digest, extconf, extsect)) goto end; } else if (CA_flag == i) { BIO_printf(bio_err,"Getting CA Private Key\n"); if (CAkeyfile != NULL) { CApkey=load_key(bio_err, CAkeyfile, CAkeyformat, 0, passin, e, "CA Private Key"); if (CApkey == NULL) goto end; } #ifndef OPENSSL_NO_DSA if (CApkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif assert(need_rand); if (!x509_certify(ctx,CAfile,digest,x,xca, CApkey, CAserial,CA_createserial,days, clrext, extconf, extsect, sno)) goto end; } else if (x509req == i) { EVP_PKEY *pk; BIO_printf(bio_err,"Getting request Private Key\n"); if (keyfile == NULL) { BIO_printf(bio_err,"no request key file specified\n"); goto end; } else { pk=load_key(bio_err, keyfile, FORMAT_PEM, 0, passin, e, "request key"); if (pk == NULL) goto end; } BIO_printf(bio_err,"Generating certificate request\n"); #ifndef OPENSSL_NO_DSA if (pk->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif rq=X509_to_X509_REQ(x,pk,digest); EVP_PKEY_free(pk); if (rq == NULL) { ERR_print_errors(bio_err); goto end; } if (!noout) { X509_REQ_print(out,rq); PEM_write_bio_X509_REQ(out,rq); } noout=1; } else if (ocspid == i) { X509_ocspid_print(out, x); } } } if (checkend) { time_t tnow=time(NULL); if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1) { BIO_printf(out,"Certificate will expire\n"); ret=1; } else { BIO_printf(out,"Certificate will not expire\n"); ret=0; } goto end; } if (noout) { ret=0; goto end; } if (outformat == FORMAT_ASN1) i=i2d_X509_bio(out,x); else if (outformat == FORMAT_PEM) { if (trustout) i=PEM_write_bio_X509_AUX(out,x); else i=PEM_write_bio_X509(out,x); } else if (outformat == FORMAT_NETSCAPE) { ASN1_HEADER ah; ASN1_OCTET_STRING os; os.data=(unsigned char *)NETSCAPE_CERT_HDR; os.length=strlen(NETSCAPE_CERT_HDR); ah.header= &os; ah.data=(char *)x; ah.meth=X509_asn1_meth(); /* no macro for this one yet */ i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write certificate\n"); ERR_print_errors(bio_err); goto end; } ret=0; end: if (need_rand) app_RAND_write_file(NULL, bio_err); OBJ_cleanup(); NCONF_free(extconf); BIO_free_all(out); BIO_free_all(STDout); X509_STORE_free(ctx); X509_REQ_free(req); X509_free(x); X509_free(xca); EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); X509_REQ_free(rq); ASN1_INTEGER_free(sno); sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); if (passin) OPENSSL_free(passin); apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { ENGINE *e = NULL; int ret = 1; DSA *dsa = NULL; int i, badops = 0; const EVP_CIPHER *enc = NULL; BIO *in = NULL, *out = NULL; int informat, outformat, text = 0, noout = 0; int pubin = 0, pubout = 0; char *infile, *outfile, *prog; # ifndef OPENSSL_NO_ENGINE char *engine; # endif char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus = 0; int pvk_encr = 2; apps_startup(); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; # ifndef OPENSSL_NO_ENGINE engine = NULL; # endif infile = NULL; outfile = NULL; informat = FORMAT_PEM; outformat = FORMAT_PEM; prog = argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv, "-inform") == 0) { if (--argc < 1) goto bad; informat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) { if (--argc < 1) goto bad; outformat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (strcmp(*argv, "-passin") == 0) { if (--argc < 1) goto bad; passargin = *(++argv); } else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; passargout = *(++argv); } # ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } # endif else if (strcmp(*argv, "-pvk-strong") == 0) pvk_encr = 2; else if (strcmp(*argv, "-pvk-weak") == 0) pvk_encr = 1; else if (strcmp(*argv, "-pvk-none") == 0) pvk_encr = 0; else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-modulus") == 0) modulus = 1; else if (strcmp(*argv, "-pubin") == 0) pubin = 1; else if (strcmp(*argv, "-pubout") == 0) pubout = 1; else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, " -inform arg input format - DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -passin arg input file pass phrase source\n"); BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -passout arg output file pass phrase source\n"); # ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); # endif BIO_printf(bio_err, " -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err, " -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); # ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, " -idea encrypt PEM output with cbc idea\n"); # endif # ifndef OPENSSL_NO_AES BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); # endif # ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); # endif # ifndef OPENSSL_NO_SEED BIO_printf(bio_err, " -seed encrypt PEM output with cbc seed\n"); # endif BIO_printf(bio_err, " -text print the key in text\n"); BIO_printf(bio_err, " -noout don't print key out\n"); BIO_printf(bio_err, " -modulus print the DSA public value\n"); goto end; } ERR_load_crypto_strings(); # ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); # endif if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename(in, infile) <= 0) { perror(infile); goto end; } } BIO_printf(bio_err, "read DSA key\n"); { EVP_PKEY *pkey; if (pubin) pkey = load_pubkey(bio_err, infile, informat, 1, passin, e, "Public Key"); else pkey = load_key(bio_err, infile, informat, 1, passin, e, "Private Key"); if (pkey) { dsa = EVP_PKEY_get1_DSA(pkey); EVP_PKEY_free(pkey); } } if (dsa == NULL) { BIO_printf(bio_err, "unable to load Key\n"); ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); # ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } # endif } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; } } if (text) if (!DSA_print(out, dsa, 0)) { perror(outfile); ERR_print_errors(bio_err); goto end; } if (modulus) { fprintf(stdout, "Public Key="); BN_print(out, dsa->pub_key); fprintf(stdout, "\n"); } if (noout) goto end; BIO_printf(bio_err, "writing DSA key\n"); if (outformat == FORMAT_ASN1) { if (pubin || pubout) i = i2d_DSA_PUBKEY_bio(out, dsa); else i = i2d_DSAPrivateKey_bio(out, dsa); } else if (outformat == FORMAT_PEM) { if (pubin || pubout) i = PEM_write_bio_DSA_PUBKEY(out, dsa); else i = PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout); # if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); EVP_PKEY_set1_DSA(pk, dsa); if (outformat == FORMAT_PVK) i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); else if (pubin || pubout) i = i2b_PublicKey_bio(out, pk); else i = i2b_PrivateKey_bio(out, pk); EVP_PKEY_free(pk); # endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (i <= 0) { BIO_printf(bio_err, "unable to write private key\n"); ERR_print_errors(bio_err); } else ret = 0; end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); if (passin) OPENSSL_free(passin); if (passout) OPENSSL_free(passout); apps_shutdown(); OPENSSL_EXIT(ret); }
int exp_main(int argc, char *argv[]) #endif { BN_CTX *ctx; BIO *out=NULL; int i,ret; unsigned char c; BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m; // FILE* temp; RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't * even check its return value * (which we should) */ if(errno==ENOMEM) { return 1; } ERR_load_BN_strings(); if(errno==ENOMEM) { return 1; } ctx=BN_CTX_new(); if (ctx == NULL) { if(errno==ENOMEM) { return 1; } return 1; } r_mont=BN_new(); if(r_mont==NULL&&errno==ENOMEM) { return 1; } r_mont_const=BN_new(); if(r_mont_const==NULL&&errno==ENOMEM) { return 1; } r_recp=BN_new(); if(r_recp==NULL&&errno==ENOMEM) { return 1; } r_simple=BN_new(); if(r_simple==NULL&&errno==ENOMEM) { return 1; } a=BN_new(); if(a==NULL&&errno==ENOMEM) { return 1; } b=BN_new(); if(b==NULL&&errno==ENOMEM) { return 1; } m=BN_new(); if(m==NULL&&errno==ENOMEM) { return 1; } if ( (r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL)) goto err; out=BIO_new(BIO_s_file()); if(out==NULL&&errno==ENOMEM) { return 1; } if (out == NULL) return 1; BIO_set_fp(out,stdout,BIO_NOCLOSE); if(errno==ENOMEM) { return 1; } // temp = fopen("sanjeev.txt", "w"); for (i=0; i<200; i++) { // fputc(i,temp); RAND_bytes(&c,1); if(errno==ENOMEM) { return 1; } c=(c%BN_BITS)-BN_BITS2; BN_rand(a,NUM_BITS+c,0,0); if(errno==ENOMEM) { return 1; } RAND_bytes(&c,1); if(errno==ENOMEM) { return 1; } c=(c%BN_BITS)-BN_BITS2; BN_rand(b,NUM_BITS+c,0,0); if(errno==ENOMEM) { return 1; } RAND_bytes(&c,1); if(errno==ENOMEM) { return 1; } c=(c%BN_BITS)-BN_BITS2; BN_rand(m,NUM_BITS+c,0,1); if(errno==ENOMEM) { return 1; } BN_mod(a,a,m,ctx); if(errno==ENOMEM) { return 1; } BN_mod(b,b,m,ctx); if(errno==ENOMEM) { return 1; } ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL); if (ret <= 0) { if(errno==ENOMEM) { return 1; } fprintf(stdout,"BN_mod_exp_mont() problems\n"); ERR_print_errors(out); if(errno==ENOMEM) { return 1; } return 1; } ret=BN_mod_exp_recp(r_recp,a,b,m,ctx); if (ret <= 0) { if(errno==ENOMEM) { return 1; } fprintf(stdout,"BN_mod_exp_recp() problems\n"); ERR_print_errors(out); if(errno==ENOMEM) { return 1; } return 1; } ret=BN_mod_exp_simple(r_simple,a,b,m,ctx); if (ret <= 0) { if(errno==ENOMEM) { return 1; } fprintf(stdout,"BN_mod_exp_simple() problems\n"); ERR_print_errors(out); if(errno==ENOMEM) { return 1; } return 1; } ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL); if (ret <= 0) { if(errno==ENOMEM) { return 1; } fprintf(stdout,"BN_mod_exp_mont_consttime() problems\n"); ERR_print_errors(out); if(errno==ENOMEM) { return 1; } return 1; } if (BN_cmp(r_simple, r_mont) == 0 && BN_cmp(r_simple,r_recp) == 0 && BN_cmp(r_simple,r_mont_const) == 0) { if(errno==ENOMEM) { return 1; } fprintf(stdout,"."); fflush(stdout); } else { if (BN_cmp(r_simple,r_mont) != 0) { if(errno==ENOMEM) { return 1; } fprintf(stdout,"\nsimple and mont results differ\n"); } if (BN_cmp(r_simple,r_mont) != 0) { if(errno==ENOMEM) { return 1; } fprintf(stdout,"\nsimple and mont const time results differ\n"); } if (BN_cmp(r_simple,r_recp) != 0) { if(errno==ENOMEM) { return 1; } fprintf(stdout,"\nsimple and recp results differ\n"); } fprintf(stdout,"a (%3d) = ",BN_num_bits(a)); BN_print(out,a); if(errno==ENOMEM) { return 1; } fprintf(stdout,"\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b); if(errno==ENOMEM) { return 1; } fprintf(stdout,"\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m); if(errno==ENOMEM) { return 1; } fprintf(stdout,"\nsimple ="); BN_print(out,r_simple); if(errno==ENOMEM) { return 1; } fprintf(stdout,"\nrecp ="); BN_print(out,r_recp); if(errno==ENOMEM) { return 1; } fprintf(stdout,"\nmont ="); BN_print(out,r_mont); if(errno==ENOMEM) { return 1; } fprintf(stdout,"\nmont_ct ="); BN_print(out,r_mont_const); if(errno==ENOMEM) { return 1; } fprintf(stdout,"\n"); return 1; } } BN_free(r_mont); BN_free(r_mont_const); BN_free(r_recp); BN_free(r_simple); BN_free(a); BN_free(b); BN_free(m); BN_CTX_free(ctx); ERR_remove_state(0); if(errno==ENOMEM) { return 1; } CRYPTO_mem_leaks(out); if(errno==ENOMEM) { return 1; } BIO_free(out); if(errno==ENOMEM) { return 1; } CRYPTO_cleanup_all_ex_data(); if(errno==ENOMEM) { return 1; } fprintf(stdout," done\n"); fprintf(stdout," Test case passed\n"); return 0; err: ERR_load_crypto_strings(); if(errno==ENOMEM) { return 1; } ERR_print_errors(out); if(errno==ENOMEM) { return 1; } #ifdef OPENSSL_SYS_NETWARE fprintf(stdout,"ERROR\n"); #endif return(1); }
int x509_main(int argc, char **argv) { int ret = 1; X509_REQ *req = NULL; X509 *x = NULL, *xca = NULL; ASN1_OBJECT *objtmp; STACK_OF(OPENSSL_STRING) *sigopts = NULL; EVP_PKEY *Upkey = NULL, *CApkey = NULL; ASN1_INTEGER *sno = NULL; int i, num, badops = 0; BIO *out = NULL; BIO *STDout = NULL; STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; int informat, outformat, keyformat, CAformat, CAkeyformat; char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL; char *CAkeyfile = NULL, *CAserial = NULL; char *alias = NULL; int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0, enddate = 0; int next_serial = 0; int subject_hash = 0, issuer_hash = 0, ocspid = 0; #ifndef OPENSSL_NO_MD5 int subject_hash_old = 0, issuer_hash_old = 0; #endif int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0; int ocsp_uri = 0; int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0; int C = 0; int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0; int pprint = 0; const char **pp; X509_STORE *ctx = NULL; X509_REQ *rq = NULL; int fingerprint = 0; char buf[256]; const EVP_MD *md_alg, *digest = NULL; CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int checkend = 0, checkoffset = 0; unsigned long nmflag = 0, certflag = 0; const char *errstr = NULL; if (single_execution) { if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { perror("pledge"); exit(1); } } reqfile = 0; STDout = BIO_new_fp(stdout, BIO_NOCLOSE); informat = FORMAT_PEM; outformat = FORMAT_PEM; keyformat = FORMAT_PEM; CAformat = FORMAT_PEM; CAkeyformat = FORMAT_PEM; ctx = X509_STORE_new(); if (ctx == NULL) goto end; X509_STORE_set_verify_cb(ctx, callb); argc--; argv++; num = 0; while (argc >= 1) { if (strcmp(*argv, "-inform") == 0) { if (--argc < 1) goto bad; informat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) { if (--argc < 1) goto bad; outformat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-keyform") == 0) { if (--argc < 1) goto bad; keyformat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-req") == 0) { reqfile = 1; } else if (strcmp(*argv, "-CAform") == 0) { if (--argc < 1) goto bad; CAformat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-CAkeyform") == 0) { if (--argc < 1) goto bad; CAkeyformat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-sigopt") == 0) { if (--argc < 1) goto bad; if (!sigopts) sigopts = sk_OPENSSL_STRING_new_null(); if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) goto bad; } else if (strcmp(*argv, "-days") == 0) { if (--argc < 1) goto bad; days = strtonum(*(++argv), 1, INT_MAX, &errstr); if (errstr) { BIO_printf(bio_err, "bad number of days: %s\n", errstr); goto bad; } } else if (strcmp(*argv, "-passin") == 0) { if (--argc < 1) goto bad; passargin = *(++argv); } else if (strcmp(*argv, "-extfile") == 0) { if (--argc < 1) goto bad; extfile = *(++argv); } else if (strcmp(*argv, "-extensions") == 0) { if (--argc < 1) goto bad; extsect = *(++argv); } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (strcmp(*argv, "-signkey") == 0) { if (--argc < 1) goto bad; keyfile = *(++argv); sign_flag = ++num; } else if (strcmp(*argv, "-CA") == 0) { if (--argc < 1) goto bad; CAfile = *(++argv); CA_flag = ++num; } else if (strcmp(*argv, "-CAkey") == 0) { if (--argc < 1) goto bad; CAkeyfile = *(++argv); } else if (strcmp(*argv, "-CAserial") == 0) { if (--argc < 1) goto bad; CAserial = *(++argv); } else if (strcmp(*argv, "-set_serial") == 0) { if (--argc < 1) goto bad; ASN1_INTEGER_free(sno); if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv)))) goto bad; } else if (strcmp(*argv, "-addtrust") == 0) { if (--argc < 1) goto bad; if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) { BIO_printf(bio_err, "Invalid trust object value %s\n", *argv); goto bad; } if (!trust) trust = sk_ASN1_OBJECT_new_null(); sk_ASN1_OBJECT_push(trust, objtmp); trustout = 1; } else if (strcmp(*argv, "-addreject") == 0) { if (--argc < 1) goto bad; if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) { BIO_printf(bio_err, "Invalid reject object value %s\n", *argv); goto bad; } if (!reject) reject = sk_ASN1_OBJECT_new_null(); sk_ASN1_OBJECT_push(reject, objtmp); trustout = 1; } else if (strcmp(*argv, "-setalias") == 0) { if (--argc < 1) goto bad; alias = *(++argv); trustout = 1; } else if (strcmp(*argv, "-certopt") == 0) { if (--argc < 1) goto bad; if (!set_cert_ex(&certflag, *(++argv))) goto bad; } else if (strcmp(*argv, "-nameopt") == 0) { if (--argc < 1) goto bad; if (!set_name_ex(&nmflag, *(++argv))) goto bad; } else if (strcmp(*argv, "-C") == 0) C = ++num; else if (strcmp(*argv, "-email") == 0) email = ++num; else if (strcmp(*argv, "-ocsp_uri") == 0) ocsp_uri = ++num; else if (strcmp(*argv, "-serial") == 0) serial = ++num; else if (strcmp(*argv, "-next_serial") == 0) next_serial = ++num; else if (strcmp(*argv, "-modulus") == 0) modulus = ++num; else if (strcmp(*argv, "-pubkey") == 0) pubkey = ++num; else if (strcmp(*argv, "-x509toreq") == 0) x509req = ++num; else if (strcmp(*argv, "-text") == 0) text = ++num; else if (strcmp(*argv, "-hash") == 0 || strcmp(*argv, "-subject_hash") == 0) subject_hash = ++num; #ifndef OPENSSL_NO_MD5 else if (strcmp(*argv, "-subject_hash_old") == 0) subject_hash_old = ++num; #endif else if (strcmp(*argv, "-issuer_hash") == 0) issuer_hash = ++num; #ifndef OPENSSL_NO_MD5 else if (strcmp(*argv, "-issuer_hash_old") == 0) issuer_hash_old = ++num; #endif else if (strcmp(*argv, "-subject") == 0) subject = ++num; else if (strcmp(*argv, "-issuer") == 0) issuer = ++num; else if (strcmp(*argv, "-fingerprint") == 0) fingerprint = ++num; else if (strcmp(*argv, "-dates") == 0) { startdate = ++num; enddate = ++num; } else if (strcmp(*argv, "-purpose") == 0) pprint = ++num; else if (strcmp(*argv, "-startdate") == 0) startdate = ++num; else if (strcmp(*argv, "-enddate") == 0) enddate = ++num; else if (strcmp(*argv, "-checkend") == 0) { if (--argc < 1) goto bad; checkoffset = strtonum(*(++argv), 0, INT_MAX, &errstr); if (errstr) { BIO_printf(bio_err, "checkend unusable: %s\n", errstr); goto bad; } checkend = 1; } else if (strcmp(*argv, "-noout") == 0) noout = ++num; else if (strcmp(*argv, "-trustout") == 0) trustout = 1; else if (strcmp(*argv, "-clrtrust") == 0) clrtrust = ++num; else if (strcmp(*argv, "-clrreject") == 0) clrreject = ++num; else if (strcmp(*argv, "-alias") == 0) aliasout = ++num; else if (strcmp(*argv, "-CAcreateserial") == 0) CA_createserial = ++num; else if (strcmp(*argv, "-clrext") == 0) clrext = 1; else if (strcmp(*argv, "-ocspid") == 0) ocspid = ++num; else if ((md_alg = EVP_get_digestbyname(*argv + 1))) { /* ok */ digest = md_alg; } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: for (pp = x509_usage; (*pp != NULL); pp++) BIO_printf(bio_err, "%s", *pp); goto end; } if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if (!X509_STORE_set_default_paths(ctx)) { ERR_print_errors(bio_err); goto end; } if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) { CAkeyfile = CAfile; } else if ((CA_flag) && (CAkeyfile == NULL)) { BIO_printf(bio_err, "need to specify a CAkey if using the CA command\n"); goto end; } if (extfile) { long errorline = -1; X509V3_CTX ctx2; extconf = NCONF_new(NULL); if (!NCONF_load(extconf, extfile, &errorline)) { if (errorline <= 0) BIO_printf(bio_err, "error loading the config file '%s'\n", extfile); else BIO_printf(bio_err, "error on line %ld of config file '%s'\n", errorline, extfile); goto end; } if (!extsect) { extsect = NCONF_get_string(extconf, "default", "extensions"); if (!extsect) { ERR_clear_error(); extsect = "default"; } } X509V3_set_ctx_test(&ctx2); X509V3_set_nconf(&ctx2, extconf); if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extsect); ERR_print_errors(bio_err); goto end; } } if (reqfile) { EVP_PKEY *pkey; BIO *in; if (!sign_flag && !CA_flag) { BIO_printf(bio_err, "We need a private key to sign with\n"); goto end; } in = BIO_new(BIO_s_file()); if (in == NULL) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT); else { if (BIO_read_filename(in, infile) <= 0) { perror(infile); BIO_free(in); goto end; } } req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); BIO_free(in); if (req == NULL) { ERR_print_errors(bio_err); goto end; } if ((req->req_info == NULL) || (req->req_info->pubkey == NULL) || (req->req_info->pubkey->public_key == NULL) || (req->req_info->pubkey->public_key->data == NULL)) { BIO_printf(bio_err, "The certificate request appears to corrupted\n"); BIO_printf(bio_err, "It does not contain a public key\n"); goto end; } if ((pkey = X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto end; } i = X509_REQ_verify(req, pkey); EVP_PKEY_free(pkey); if (i < 0) { BIO_printf(bio_err, "Signature verification error\n"); ERR_print_errors(bio_err); goto end; } if (i == 0) { BIO_printf(bio_err, "Signature did not match the certificate request\n"); goto end; } else BIO_printf(bio_err, "Signature ok\n"); print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag); if ((x = X509_new()) == NULL) goto end; if (sno == NULL) { sno = ASN1_INTEGER_new(); if (!sno || !rand_serial(NULL, sno)) goto end; if (!X509_set_serialNumber(x, sno)) goto end; ASN1_INTEGER_free(sno); sno = NULL; } else if (!X509_set_serialNumber(x, sno)) goto end; if (!X509_set_issuer_name(x, req->req_info->subject)) goto end; if (!X509_set_subject_name(x, req->req_info->subject)) goto end; X509_gmtime_adj(X509_get_notBefore(x), 0); X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL); pkey = X509_REQ_get_pubkey(req); X509_set_pubkey(x, pkey); EVP_PKEY_free(pkey); } else x = load_cert(bio_err, infile, informat, NULL, "Certificate"); if (x == NULL) goto end; if (CA_flag) { xca = load_cert(bio_err, CAfile, CAformat, NULL, "CA Certificate"); if (xca == NULL) goto end; } if (!noout || text || next_serial) { OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); out = BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; } } } if (alias) X509_alias_set1(x, (unsigned char *) alias, -1); if (clrtrust) X509_trust_clear(x); if (clrreject) X509_reject_clear(x); if (trust) { for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { objtmp = sk_ASN1_OBJECT_value(trust, i); X509_add1_trust_object(x, objtmp); } } if (reject) { for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { objtmp = sk_ASN1_OBJECT_value(reject, i); X509_add1_reject_object(x, objtmp); } } if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { print_name(STDout, "issuer= ", X509_get_issuer_name(x), nmflag); } else if (subject == i) { print_name(STDout, "subject= ", X509_get_subject_name(x), nmflag); } else if (serial == i) { BIO_printf(STDout, "serial="); i2a_ASN1_INTEGER(STDout, X509_get_serialNumber(x)); BIO_printf(STDout, "\n"); } else if (next_serial == i) { BIGNUM *bnser; ASN1_INTEGER *ser; ser = X509_get_serialNumber(x); bnser = ASN1_INTEGER_to_BN(ser, NULL); if (!bnser) goto end; if (!BN_add_word(bnser, 1)) goto end; ser = BN_to_ASN1_INTEGER(bnser, NULL); if (!ser) goto end; BN_free(bnser); i2a_ASN1_INTEGER(out, ser); ASN1_INTEGER_free(ser); BIO_puts(out, "\n"); } else if ((email == i) || (ocsp_uri == i)) { int j; STACK_OF(OPENSSL_STRING) *emlst; if (email == i) emlst = X509_get1_email(x); else emlst = X509_get1_ocsp(x); for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) BIO_printf(STDout, "%s\n", sk_OPENSSL_STRING_value(emlst, j)); X509_email_free(emlst); } else if (aliasout == i) { unsigned char *alstr; alstr = X509_alias_get0(x, NULL); if (alstr) BIO_printf(STDout, "%s\n", alstr); else BIO_puts(STDout, "<No Alias>\n"); } else if (subject_hash == i) { BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x)); } #ifndef OPENSSL_NO_MD5 else if (subject_hash_old == i) { BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x)); } #endif else if (issuer_hash == i) { BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash(x)); } #ifndef OPENSSL_NO_MD5 else if (issuer_hash_old == i) { BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash_old(x)); } #endif else if (pprint == i) { X509_PURPOSE *ptmp; int j; BIO_printf(STDout, "Certificate purposes:\n"); for (j = 0; j < X509_PURPOSE_get_count(); j++) { ptmp = X509_PURPOSE_get0(j); purpose_print(STDout, x, ptmp); } } else if (modulus == i) { EVP_PKEY *pkey; pkey = X509_get_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err, "Modulus=unavailable\n"); ERR_print_errors(bio_err); goto end; } BIO_printf(STDout, "Modulus="); if (pkey->type == EVP_PKEY_RSA) BN_print(STDout, pkey->pkey.rsa->n); else if (pkey->type == EVP_PKEY_DSA) BN_print(STDout, pkey->pkey.dsa->pub_key); else BIO_printf(STDout, "Wrong Algorithm type"); BIO_printf(STDout, "\n"); EVP_PKEY_free(pkey); } else if (pubkey == i) { EVP_PKEY *pkey; pkey = X509_get_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err, "Error getting public key\n"); ERR_print_errors(bio_err); goto end; } PEM_write_bio_PUBKEY(STDout, pkey); EVP_PKEY_free(pkey); } else if (C == i) { unsigned char *d; char *m; int y, z; X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf); BIO_printf(STDout, "/* subject:%s */\n", buf); m = X509_NAME_oneline( X509_get_issuer_name(x), buf, sizeof buf); BIO_printf(STDout, "/* issuer :%s */\n", buf); z = i2d_X509(x, NULL); m = malloc(z); if (m == NULL) { BIO_printf(bio_err, "out of mem\n"); goto end; } d = (unsigned char *) m; z = i2d_X509_NAME(X509_get_subject_name(x), &d); BIO_printf(STDout, "unsigned char XXX_subject_name[%d]={\n", z); d = (unsigned char *) m; for (y = 0; y < z; y++) { BIO_printf(STDout, "0x%02X,", d[y]); if ((y & 0x0f) == 0x0f) BIO_printf(STDout, "\n"); } if (y % 16 != 0) BIO_printf(STDout, "\n"); BIO_printf(STDout, "};\n"); z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d); BIO_printf(STDout, "unsigned char XXX_public_key[%d]={\n", z); d = (unsigned char *) m; for (y = 0; y < z; y++) { BIO_printf(STDout, "0x%02X,", d[y]); if ((y & 0x0f) == 0x0f) BIO_printf(STDout, "\n"); } if (y % 16 != 0) BIO_printf(STDout, "\n"); BIO_printf(STDout, "};\n"); z = i2d_X509(x, &d); BIO_printf(STDout, "unsigned char XXX_certificate[%d]={\n", z); d = (unsigned char *) m; for (y = 0; y < z; y++) { BIO_printf(STDout, "0x%02X,", d[y]); if ((y & 0x0f) == 0x0f) BIO_printf(STDout, "\n"); } if (y % 16 != 0) BIO_printf(STDout, "\n"); BIO_printf(STDout, "};\n"); free(m); } else if (text == i) { X509_print_ex(STDout, x, nmflag, certflag); } else if (startdate == i) { BIO_puts(STDout, "notBefore="); ASN1_TIME_print(STDout, X509_get_notBefore(x)); BIO_puts(STDout, "\n"); } else if (enddate == i) { BIO_puts(STDout, "notAfter="); ASN1_TIME_print(STDout, X509_get_notAfter(x)); BIO_puts(STDout, "\n"); } else if (fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; const EVP_MD *fdig = digest; if (!fdig) fdig = EVP_sha1(); if (!X509_digest(x, fdig, md, &n)) { BIO_printf(bio_err, "out of memory\n"); goto end; } BIO_printf(STDout, "%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(fdig))); for (j = 0; j < (int) n; j++) { BIO_printf(STDout, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':'); } } /* should be in the library */ else if ((sign_flag == i) && (x509req == 0)) { BIO_printf(bio_err, "Getting Private key\n"); if (Upkey == NULL) { Upkey = load_key(bio_err, keyfile, keyformat, 0, passin, "Private key"); if (Upkey == NULL) goto end; } if (!sign(x, Upkey, days, clrext, digest, extconf, extsect)) goto end; } else if (CA_flag == i) { BIO_printf(bio_err, "Getting CA Private Key\n"); if (CAkeyfile != NULL) { CApkey = load_key(bio_err, CAkeyfile, CAkeyformat, 0, passin, "CA Private Key"); if (CApkey == NULL) goto end; } if (!x509_certify(ctx, CAfile, digest, x, xca, CApkey, sigopts, CAserial, CA_createserial, days, clrext, extconf, extsect, sno)) goto end; } else if (x509req == i) { EVP_PKEY *pk; BIO_printf(bio_err, "Getting request Private Key\n"); if (keyfile == NULL) { BIO_printf(bio_err, "no request key file specified\n"); goto end; } else { pk = load_key(bio_err, keyfile, keyformat, 0, passin, "request key"); if (pk == NULL) goto end; } BIO_printf(bio_err, "Generating certificate request\n"); rq = X509_to_X509_REQ(x, pk, digest); EVP_PKEY_free(pk); if (rq == NULL) { ERR_print_errors(bio_err); goto end; } if (!noout) { X509_REQ_print(out, rq); PEM_write_bio_X509_REQ(out, rq); } noout = 1; } else if (ocspid == i) { X509_ocspid_print(out, x); } } } if (checkend) { time_t tcheck = time(NULL) + checkoffset; if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) { BIO_printf(out, "Certificate will expire\n"); ret = 1; } else { BIO_printf(out, "Certificate will not expire\n"); ret = 0; } goto end; } if (noout) { ret = 0; goto end; } if (outformat == FORMAT_ASN1) i = i2d_X509_bio(out, x); else if (outformat == FORMAT_PEM) { if (trustout) i = PEM_write_bio_X509_AUX(out, x); else i = PEM_write_bio_X509(out, x); } else if (outformat == FORMAT_NETSCAPE) { NETSCAPE_X509 nx; ASN1_OCTET_STRING hdr; hdr.data = (unsigned char *) NETSCAPE_CERT_HDR; hdr.length = strlen(NETSCAPE_CERT_HDR); nx.header = &hdr; nx.cert = x; i = ASN1_item_i2d_bio(&NETSCAPE_X509_it, out, &nx); } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write certificate\n"); ERR_print_errors(bio_err); goto end; } ret = 0; end: OBJ_cleanup(); NCONF_free(extconf); BIO_free_all(out); BIO_free_all(STDout); X509_STORE_free(ctx); X509_REQ_free(req); X509_free(x); X509_free(xca); EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); sk_OPENSSL_STRING_free(sigopts); X509_REQ_free(rq); ASN1_INTEGER_free(sno); sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); free(passin); return (ret); }
static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) { printf("in ecdh test\n"); EC_KEY *a = NULL; //EC_KEY is a structure EC_KEY *b = NULL; BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL; char buf[12]; unsigned char *abuf = NULL, *bbuf = NULL; int i, alen, blen, aout, bout, ret = 0; const EC_GROUP *group; a = EC_KEY_new_by_curve_name(nid); // creates a new key according to the curve specified //it fills in the EC_KEY structure // use function called EC_KEY *EC_KEY_new(void) //also use a function called EC_GROUP_new_by_curve_name() creates a EC_GROUP structure specified by a curve name (in form of a NID) */ // the group returned is set in the EC_KEY structure. b = EC_KEY_new_by_curve_name(nid); if (a == NULL || b == NULL) goto err; group = EC_KEY_get0_group(a); //returns the EC_GROUP structure created by the EC_KEY structure //EC_GROUP structure is present in the EC_KEY structure. if ((x_a = BN_new()) == NULL) goto err; //BN_new returns a pointer to the bignum if ((y_a = BN_new()) == NULL) goto err; if ((x_b = BN_new()) == NULL) goto err; if ((y_b = BN_new()) == NULL) goto err; BIO_puts(out, "Testing key generation with "); BIO_puts(out, text); #ifdef NOISY printf ("noisy"); BIO_puts(out,"\n"); BIO_puts(out,"\n"); BIO_puts(out,"\n"); #else BIO_flush(out); #endif //public key number one is created here if (!EC_KEY_generate_key(a)) goto err; //pass the filled EC_KEY structure and it will create a public or private ec key. //it places the key in a->priv_key a->pub_key /// PUBLIC AND PVT KEYS ARE GENERATED BY THE SCALAR MULTIPLICATION printf("\n1 ) generating keys\n"); if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } //returns the public key else { if (!EC_POINT_get_affine_coordinates_GF2m(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } //BN_print_fp(stdout, a->pub_key); printf("private key is : "); BN_print_fp(stdout, EC_KEY_get0_private_key(a)); printf("\nAffine cordinates x:"); BN_print_fp(stdout, x_a); printf("\nAffine cordinates y:"); BN_print_fp(stdout, y_a); printf( "\n2 ) generated keys , generated affine points x and y , and also determided the primse brinary case\n"); #ifdef NOISY printf("no generation"); BIO_puts(out," pri 1="); BN_print(out,a->priv_key); BIO_puts(out,"\n pub 1="); BN_print(out,x_a); BIO_puts(out,","); BN_print(out,y_a); BIO_puts(out,"\n"); #else BIO_printf(out, " ."); BIO_flush(out); #endif //public key number two is created here if (!EC_KEY_generate_key(b)) goto err; if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; // not well } else { if (!EC_POINT_get_affine_coordinates_GF2m(group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; } // printf("public key is : "); // BN_print_fp(stdout, EC_KEY_get0_private_key(b)); // for public key they will exchange the whole EC_POINT structure printf("private key is : "); BN_print_fp(stdout, EC_KEY_get0_private_key(b)); printf("\nAffine cordinates x"); BN_print_fp(stdout, x_b); printf("\nAffine cordinates y"); BN_print_fp(stdout, y_b); #ifdef NOISY BIO_puts(out," pri 2="); BN_print(out,b->priv_key); BIO_puts(out,"\n pub 2="); BN_print(out,x_b); BIO_puts(out,","); BN_print(out,y_b); BIO_puts(out,"\n"); #else BIO_printf(out, "."); BIO_flush(out); #endif alen = KDF1_SHA1_len; ///it is a static constant integer. abuf = (unsigned char *) OPENSSL_malloc(alen); aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b), a, KDF1_SHA1); //generating session key // BN_print(out, abuf); //BIO_puts(out,"\n"); #ifdef NOISY BIO_puts(out," key1 ="); for (i=0; i<aout; i++) { sprintf(buf,"%02X",abuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); #else BIO_printf(out, "."); BIO_flush(out); #endif blen = KDF1_SHA1_len; bbuf = (unsigned char *) OPENSSL_malloc(blen); bout = ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a), b, KDF1_SHA1); // BN_print(out, bbuf); // BIO_puts(out,"\n"); #ifdef NOISY BIO_puts(out," key2 ="); for (i=0; i<bout; i++) { sprintf(buf,"%02X",bbuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); #else BIO_printf(out, "."); BIO_flush(out); #endif if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { #ifndef NOISY BIO_printf(out, " failed\n\n"); BIO_printf(out, "key a:\n"); BIO_printf(out, "private key: "); BN_print(out, EC_KEY_get0_private_key(a)); BIO_printf(out, "\n"); BIO_printf(out, "public key (x,y): "); BN_print(out, x_a); BIO_printf(out, ","); BN_print(out, y_a); BIO_printf(out, "\nkey b:\n"); BIO_printf(out, "private key: "); BN_print(out, EC_KEY_get0_private_key(b)); BIO_printf(out, "\n"); BIO_printf(out, "public key (x,y): "); BN_print(out, x_b); BIO_printf(out, ","); BN_print(out, y_b); BIO_printf(out, "\n"); BIO_printf(out, "generated key a: "); for (i = 0; i < bout; i++) { sprintf(buf, "%02X", bbuf[i]); BIO_puts(out, buf); } BIO_printf(out, "\n"); BIO_printf(out, "generated key b: "); for (i = 0; i < aout; i++) { sprintf(buf, "%02X", abuf[i]); BIO_puts(out, buf); } BIO_printf(out, "\n"); #endif fprintf(stderr, "Error in ECDH routines\n"); ret = 0; } else { #ifndef NOISY BIO_printf(out, " ok\n"); #endif ret = 1; } err: ERR_print_errors_fp(stderr); if (abuf != NULL) OPENSSL_free(abuf); if (bbuf != NULL) OPENSSL_free(bbuf); if (x_a) BN_free(x_a); if (y_a) BN_free(y_a); if (x_b) BN_free(x_b); if (y_b) BN_free(y_b); if (b) EC_KEY_free(b); if (a) EC_KEY_free(a); return (ret); }
int dsa_main(int argc, char **argv) { int ret = 1; DSA *dsa = NULL; int i; BIO *in = NULL, *out = NULL; char *passin = NULL, *passout = NULL; memset(&dsa_config, 0, sizeof(dsa_config)); dsa_config.pvk_encr = 2; dsa_config.informat = FORMAT_PEM; dsa_config.outformat = FORMAT_PEM; if (options_parse(argc, argv, dsa_options, NULL, NULL) != 0) { dsa_usage(); goto end; } if (!app_passwd(bio_err, dsa_config.passargin, dsa_config.passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if (in == NULL || out == NULL) { ERR_print_errors(bio_err); goto end; } if (dsa_config.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename(in, dsa_config.infile) <= 0) { perror(dsa_config.infile); goto end; } } BIO_printf(bio_err, "read DSA key\n"); { EVP_PKEY *pkey; if (dsa_config.pubin) pkey = load_pubkey(bio_err, dsa_config.infile, dsa_config.informat, 1, passin, "Public Key"); else pkey = load_key(bio_err, dsa_config.infile, dsa_config.informat, 1, passin, "Private Key"); if (pkey) { dsa = EVP_PKEY_get1_DSA(pkey); EVP_PKEY_free(pkey); } } if (dsa == NULL) { BIO_printf(bio_err, "unable to load Key\n"); ERR_print_errors(bio_err); goto end; } if (dsa_config.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, dsa_config.outfile) <= 0) { perror(dsa_config.outfile); goto end; } } if (dsa_config.text) { if (!DSA_print(out, dsa, 0)) { perror(dsa_config.outfile); ERR_print_errors(bio_err); goto end; } } if (dsa_config.modulus) { fprintf(stdout, "Public Key="); BN_print(out, dsa->pub_key); fprintf(stdout, "\n"); } if (dsa_config.noout) goto end; BIO_printf(bio_err, "writing DSA key\n"); if (dsa_config.outformat == FORMAT_ASN1) { if (dsa_config.pubin || dsa_config.pubout) i = i2d_DSA_PUBKEY_bio(out, dsa); else i = i2d_DSAPrivateKey_bio(out, dsa); } else if (dsa_config.outformat == FORMAT_PEM) { if (dsa_config.pubin || dsa_config.pubout) i = PEM_write_bio_DSA_PUBKEY(out, dsa); else i = PEM_write_bio_DSAPrivateKey(out, dsa, dsa_config.enc, NULL, 0, NULL, passout); #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) } else if (dsa_config.outformat == FORMAT_MSBLOB || dsa_config.outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); EVP_PKEY_set1_DSA(pk, dsa); if (dsa_config.outformat == FORMAT_PVK) i = i2b_PVK_bio(out, pk, dsa_config.pvk_encr, 0, passout); else if (dsa_config.pubin || dsa_config.pubout) i = i2b_PublicKey_bio(out, pk); else i = i2b_PrivateKey_bio(out, pk); EVP_PKEY_free(pk); #endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (i <= 0) { BIO_printf(bio_err, "unable to write private key\n"); ERR_print_errors(bio_err); } else ret = 0; end: BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); free(passin); free(passout); return (ret); }
int dsa_main(int argc, char **argv) { BIO *out = NULL; DSA *dsa = NULL; ENGINE *e = NULL; const EVP_CIPHER *enc = NULL; char *infile = NULL, *outfile = NULL, *prog; char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; int i, modulus = 0, pubin = 0, pubout = 0, pvk_encr = 2, ret = 1; prog = opt_init(argc, argv, dsa_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: #ifdef OPENSSL_NO_RC4 case OPT_PVK_STRONG: case OPT_PVK_WEAK: case OPT_PVK_NONE: #endif opthelp: ret = 0; BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: opt_help(dsa_options); ret = 0; goto end; case OPT_INFORM: if (!opt_format (opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &informat)) goto opthelp; break; case OPT_IN: infile = opt_arg(); break; case OPT_OUTFORM: if (!opt_format (opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &outformat)) goto opthelp; break; case OPT_OUT: outfile = opt_arg(); break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; case OPT_PASSIN: passinarg = opt_arg(); break; case OPT_PASSOUT: passoutarg = opt_arg(); break; #ifndef OPENSSL_NO_RC4 case OPT_PVK_STRONG: pvk_encr = 2; break; case OPT_PVK_WEAK: pvk_encr = 1; break; case OPT_PVK_NONE: pvk_encr = 0; break; #endif case OPT_NOOUT: noout = 1; break; case OPT_TEXT: text = 1; break; case OPT_MODULUS: modulus = 1; break; case OPT_PUBIN: pubin = 1; break; case OPT_PUBOUT: pubout = 1; break; case OPT_CIPHER: if (!opt_cipher(opt_unknown(), &enc)) goto end; break; } } argc = opt_num_rest(); argv = opt_rest(); if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } BIO_printf(bio_err, "read DSA key\n"); { EVP_PKEY *pkey; if (pubin) pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key"); else pkey = load_key(infile, informat, 1, passin, e, "Private Key"); if (pkey) { dsa = EVP_PKEY_get1_DSA(pkey); EVP_PKEY_free(pkey); } } if (dsa == NULL) { BIO_printf(bio_err, "unable to load Key\n"); ERR_print_errors(bio_err); goto end; } out = bio_open_default(outfile, "w"); if (out == NULL) goto end; if (text) if (!DSA_print(out, dsa, 0)) { perror(outfile); ERR_print_errors(bio_err); goto end; } if (modulus) { BIO_printf(out, "Public Key="); BN_print(out, dsa->pub_key); BIO_printf(out, "\n"); } if (noout) { ret = 0; goto end; } BIO_printf(bio_err, "writing DSA key\n"); if (outformat == FORMAT_ASN1) { if (pubin || pubout) i = i2d_DSA_PUBKEY_bio(out, dsa); else i = i2d_DSAPrivateKey_bio(out, dsa); } else if (outformat == FORMAT_PEM) { if (pubin || pubout) i = PEM_write_bio_DSA_PUBKEY(out, dsa); else i = PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout); # if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); EVP_PKEY_set1_DSA(pk, dsa); if (outformat == FORMAT_PVK) i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); else if (pubin || pubout) i = i2b_PublicKey_bio(out, pk); else i = i2b_PrivateKey_bio(out, pk); EVP_PKEY_free(pk); # endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (i <= 0) { BIO_printf(bio_err, "unable to write private key\n"); ERR_print_errors(bio_err); goto end; } ret = 0; end: BIO_free_all(out); DSA_free(dsa); if (passin) OPENSSL_free(passin); if (passout) OPENSSL_free(passout); return (ret); }
int main(int argc, char *argv[]) { /** SET 5 CHALLENGE 33 **/ /** DH KEY EXCHANGE **/ // small int unsigned long a, A, b, B, s1, s2; srand(time(NULL)); dh_generate_keypair_smallint(&a, &A); dh_generate_keypair_smallint(&b, &B); s1 = dh_generate_session_key_smallint(a, B); s2 = dh_generate_session_key_smallint(b, A); printf("[s5c1] *smallint* a = %ld, A = %ld, b = %ld, B = %ld, s = %ld ?= %ld\n", a, A, b, B, s1, s2); // bigint BIGNUM *p, *g; BIGNUM *ba, *bA, *bb, *bB, *bs1, *bs2; g = BN_new(); p = BN_new(); ba = BN_new(); bA = BN_new(); bb = BN_new(); bB = BN_new(); bs1 = BN_new(); bs2 = BN_new(); unsigned char c_s1[20], c_s2[20]; unsigned int i; dh_init(p, g); dh_generate_keypair(ba, bA, g, p); dh_generate_keypair(bb, bB, g, p); dh_generate_session_key(c_s1, bs1, ba, bB, p); dh_generate_session_key(c_s2, bs2, bb, bA, p); printf("[s5c1] *bignum* s1 = '"); // BN_print_fp(stdout, &bs1); for(i=0; i<20; i++) printf("%02x", c_s1[i]); printf("'\n[s5c1] *bignum* s2 = '"); // BN_print_fp(stdout, &bs2); for(i=0; i<20; i++) printf("%02x", c_s2[i]); printf("'\n"); BN_free(ba); BN_free(bA); BN_free(bb); BN_free(bB); BN_free(bs1); BN_free(bs2); /** SET 5 CHALLENGE 34 **/ /** DH-KE FIXED KEY MITM **/ unsigned char c_p[1024]; unsigned char c_g[1024]; unsigned char c_A[1024]; unsigned char c_B[1024]; ba = BN_new(); bA = BN_new(); // M -> B: p, g, p printf("[s5c2] M -> B: p, g, p\n"); dhke_initiate(c_p, c_g, c_A, ba, bA, p, g); // M -> A: p printf("[s5c2] M -> A: p\n"); // dhke_initiate_reply(c_B, c_p, c_g, c_A, c_s2); dhke_initiate_reply(c_B, c_p, c_g, c_p, c_s2); // A -> B: cmsg, iv // dhke_initiate_finalize(c_s1, c_B, &ba, &p); dhke_initiate_finalize(c_s1, c_p, ba, p); printf("[s5c2] *bignum* s1 = '"); for(i=0; i<20; i++) printf("%02x", c_s1[i]); printf("'\n[s5c2] *bignum* s2 = '"); for(i=0; i<20; i++) printf("%02x", c_s2[i]); printf("'\n"); unsigned char *plain_in = "YELLOW SUBMARINE"; unsigned char p_out[128]; unsigned char c_out[128]; unsigned char iv[16]; unsigned int c_len, p_len; c_len = dhke_session_send(c_out, iv, plain_in, 16, c_s1); printf("[s5c2] A -> B: cmsg = '"); for(i=0; i<c_len; i++) { printf("%02x", c_out[i]); } printf("', iv\n"); // perform attack as M unsigned char m_out[128]; // M performs decryption dhke_attack_zero_session_key(m_out, c_out, c_len, iv); printf("[s5c2] M decrypts msg='%s'\n", m_out); // B performs decryption p_len = dhke_session_recv(p_out, c_out, c_len, c_s2, iv); printf("[s5c2] B recvd: msg = '%s'\n", p_out); BN_free(ba); BN_free(bA); /** SET 5 CHALLENGE 35 **/ /** DH-KE MALICIOUS G MITM **/ memset(c_g, 0, 1024); memset(c_p, 0, 1024); memset(c_A, 0, 1024); memset(c_B, 0, 1024); memset(c_out, 0, 128); memset(m_out, 0, 128); BIGNUM *bn1, *g2; ba = BN_new(); bA = BN_new(); bn1 = BN_new(); g2 = BN_new(); // prepare malicious g' // g' = 0; --> perform dhke_attack_zero_session_key() // printf("[s5c3] M sets g' = 0\n"); // BN_zero(&g2); // g' = p --> perform dhke_attack_zero_session_key() // printf("[s5c3] M sets g' = p\n"); // BN_copy(&g2, &p); // g' = p-1 printf("[s5c3] M sets and distributes g' = p-1\n"); BN_one(bn1); BN_sub(g2, p, bn1); // M -> B: p, g', A' printf("[s5c3] A -> B: A'\n"); dhke_initiate(c_p, c_g, c_A, ba, bA, p, g2); // M -> A: B' printf("[s5c3] B -> A: B'\n"); dhke_initiate_reply(c_B, c_p, c_g, c_A, c_s2); // A -> B: cmsg, iv dhke_initiate_finalize(c_s1, c_B, ba, p); c_len = dhke_session_send(c_out, iv, plain_in, 16, c_s1); printf("[s5c3] A -> B: cmsg = '"); for(i=0; i<c_len; i++) { printf("%02x", c_out[i]); } printf("', iv\n"); // M performs decryption // use for: g' = 0, g' = p // dhke_attack_zero_session_key(m_out, c_out, c_len, iv); // use for g' = p-1 dhke_attack_p_1_session_key(m_out, c_out, c_len, c_A, c_B, iv); printf("[s5c3] M decrypts msg='%s'\n", m_out); // B performs decryption p_len = dhke_session_recv(p_out, c_out, c_len, c_s2, iv); printf("[s5c3] B recvd: msg = '%s'\n", p_out); BN_free(ba); BN_free(bA); BN_free(bn1); BN_free(g2); /** SET 5 CHALLENGE 36 **/ /** SECURE REMOTE PASSWORD **/ unsigned char srp_salt[9]; unsigned char *srp_pass = "******"; // 16 unsigned char str_hash[2*SHA256_DIGEST_LENGTH+1]; unsigned char hmac_s[SHA256_DIGEST_LENGTH]; unsigned int hmac_s_len; unsigned char hmac_c[SHA256_DIGEST_LENGTH]; unsigned int hmac_c_len; BIGNUM *v, *sS, *cS; v = BN_new(); ba = BN_new(); bA = BN_new(); bb = BN_new(); bB = BN_new(); cS = BN_new(); sS = BN_new(); memset(srp_salt, 0, 9); srp_server_init(srp_salt, v, bb, bB, srp_pass, g, p); srp_client_init(ba, bA, g, p); // printf("server calc S\n"); srp_server_calc_session_key(str_hash, sS, bA, bb, bB, v, p); // printf("[s5c4] server: sha256(S) = %s\n", str_hash); // calc HMAC_SHA256(&cS, salt) hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt)); memset(str_hash, 0, 2*SHA256_DIGEST_LENGTH+1); srp_client_calc_session_key(str_hash, cS, srp_salt, srp_pass, ba, bA, bB, g, p); // printf("[s5c4] client: sha256(S) = %s\n", str_hash); // calc HMAC_SHA256(&cS, salt) hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt)); printf("[s5c4] server: HMAC(K,Salt) = "); for(i=0; i<hmac_s_len; i++) { printf("%02x", hmac_s[i]); } printf("\n"); printf("[s5c4] client: HMAC(K,Salt) = "); for(i=0; i<hmac_c_len; i++) { printf("%02x", hmac_c[i]); } printf("\n"); if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len)) printf("[s5c4] server: Client HMAC-SHA256 successfully validated!\n"); else printf("[s5c4] server: Client HMAC-SHA256 *NOT* validated!\n"); BN_free(v); BN_free(ba); BN_free(bA); BN_free(bb); BN_free(bB); BN_free(cS); BN_free(sS); /** SET 5 CHALLENGE 37 **/ /** SRP MALICIOUS A ATTACK **/ // we're skipping the networking part here and just call the simulator // functions from srp.c ba = BN_new(); bA = BN_new(); bb = BN_new(); bB = BN_new(); sS = BN_new(); cS = BN_new(); v = BN_new(); srp_server_init(srp_salt, v, bb, bB, srp_pass, g, p); srp_client_init(ba, bA, g, p); // now modify A (bA) to be 0, N, c*N // BN_zero(bA); // A = 0 BN_copy(bA, p); // A = N (doesn't matter if we use N, 2*N, c*N) // send to server and let server do its calculations srp_server_calc_session_key(str_hash, sS, bA, bb, bB, v, p); // printf("[s5c5] server: sha256(S=0) = %s\n", str_hash); // calc HMAC_SHA256(&cS, salt) hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt)); // client now authenticates with HMAC_SHA256(K=SHA256(S=0), salt) // K=SHA256(S=0) srp_generate_salted_password_hash(cS, str_hash, "", "0"); // printf("[s5c5] client: sha256(S=0) = %s\n", str_hash); // calc HMAC_SHA256(K, salt) hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt)); printf("[s5c5] server: HMAC(K,Salt) = "); for(i=0; i<hmac_s_len; i++) { printf("%02x", hmac_s[i]); } printf("\n"); printf("[s5c5] client: HMAC(K,Salt) = "); for(i=0; i<hmac_c_len; i++) { printf("%02x", hmac_c[i]); } printf("\n"); if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len)) printf("[s5c5] server: forged client HMAC-SHA256 successfully validated!\n"); else printf("[s5c5] server: forged client HMAC-SHA256 *NOT* validated!\n"); BN_free(ba); BN_free(bA); BN_free(bb); BN_free(bB); BN_free(sS); BN_free(cS); BN_free(v); /** SET 5 CHALLENGE 38 **/ /** SSRP OFFLINE DICTIONARY ATTACK **/ BIGNUM *u, *fb, *fB; u = BN_new(); v = BN_new(); ba = BN_new(); bA = BN_new(); bb = BN_new(); bB = BN_new(); cS = BN_new(); sS = BN_new(); fb = BN_new(); fB = BN_new(); memset(srp_salt, 0, 9*sizeof(unsigned char)); ssrp_server_init(srp_salt, v, bb, bB, u, srp_pass, g, p); ssrp_client_init(ba, bA, g, p); ssrp_server_calc_session_key(str_hash, sS, bA, bb, u, v, p); // printf("[s5c6] server: sha256(S=0) = %s\n", str_hash); // calc HMAC_SHA256(&cS, salt) hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt)); memset(str_hash, 0, 2*SHA256_DIGEST_LENGTH); // original settings transmitted to client // ssrp_client_calc_session_key(str_hash, cS, srp_salt, srp_pass, ba, bB, u, p); // forged settings transmitted to client: // u = 1, b = 1, B=g=2, salt="" BN_one(u); BN_one(fb); BN_copy(fB, g); ssrp_client_calc_session_key(str_hash, cS, "", srp_pass, ba, fB, u, p); // printf("[s5c6] client: sha256(S) = %s\n", str_hash); // calc HMAC_SHA256(&cS, salt) hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), "", 0); // printf("[s5c6] server: HMAC(K,Salt) = "); // for(i=0; i<hmac_s_len; i++) { // printf("%02x", hmac_s[i]); // } // printf("\n"); printf("[s5c6] client: HMAC(K,\"\") = "); for(i=0; i<hmac_c_len; i++) { printf("%02x", hmac_c[i]); } printf("\n"); // perform offline dictionary attack char pass[1024]; if(ssrp_dictionary_attack(pass, hmac_c, "dict.txt", bA, g, p)>0) printf("[s5c6] Password cracked: '%s'\n", pass); else printf("[s5c6] Password not cracked!\n"); // if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len)) // printf("[s5c6] server: Client HMAC-SHA256 successfully validated!\n"); // else // printf("[s5c6] server: Client HMAC-SHA256 *NOT* validated!\n"); dh_clear(p, g); BN_free(p); BN_free(g); BN_free(ba); BN_free(bA); BN_free(bb); BN_free(bB); BN_free(u); BN_free(v); BN_free(cS); BN_free(sS); BN_free(fb); BN_free(fB); /** SET 5 CHALLENGE 39 **/ /** RSA **/ BIO *out = NULL; out = BIO_new(BIO_s_file()); BIO_set_fp(out, stdout, BIO_NOCLOSE); egcd_test(); inv_mod_test(); // Testing RSA core functions rsa_key_t puk; rsa_key_t pik; puk.e = BN_new(); puk.n = BN_new(); pik.e = BN_new(); pik.n = BN_new(); BIGNUM *BN_plain = BN_new(); BIGNUM *BN_crypt = BN_new(); BN_hex2bn(&BN_plain, "31337"); printf("[s5c7] BN_plain = "); BN_print(out, BN_plain); rsa_generate_keypair(&puk, &pik, 128); rsa_bn_encrypt(BN_crypt, BN_plain, &puk); printf("\n[s5c7] BN_crypt = "); BN_print(out, BN_crypt); rsa_bn_decrypt(BN_plain, BN_crypt, &pik); printf("\n[s5c7] BN_plain'= "); BN_print(out, BN_plain); printf("\n"); BN_free(BN_plain); BN_free(BN_crypt); // test RSA 'wrapper' funcs unsigned char *rsa_plain_in = "Hello RSA World!"; unsigned char *rsa_crypt = NULL; unsigned int rsa_crypt_len = 0; unsigned char *rsa_plain_out = NULL; unsigned int rsa_plain_len; rsa_crypt_len = rsa_encrypt(&rsa_crypt, rsa_plain_in, 16, &puk); rsa_plain_len = rsa_decrypt(&rsa_plain_out, rsa_crypt, rsa_crypt_len, &pik); //rsa_plain_out[rsa_plain_len-1] = 0; printf("[s5c7] Encrypting '%s' using RSA...\n[s5c7] RSA crypted: '", rsa_plain_in); for(i=0; i<rsa_crypt_len; i++) { printf("%02x", rsa_crypt[i]); } printf("'\n[s5c7] RSA decrypted: '%s'\n", rsa_plain_out); free(rsa_crypt); free(rsa_plain_out); /** SET 5 CHALLENGE 40 **/ /** RSA E=3 BROADCAST ATTACK (CRT) **/ // test chinese remainder theorem impl. crt_test(); // test n-th root impl. nthroot_test(); // let's do "the real thing" rsa_broadcast_attack_test(); BN_free(puk.e); BN_free(puk.n); BN_free(pik.e); BN_free(pik.n); BIO_free(out); return 0; }
int main(int argc, char *argv[]) { BN_GENCB *_cb = NULL; DH *a = NULL; DH *b = NULL; BIGNUM *ap = NULL, *ag = NULL, *bp = NULL, *bg = NULL, *apub_key = NULL; BIGNUM *bpub_key = NULL, *priv_key = NULL; char buf[12] = {0}; unsigned char *abuf = NULL; unsigned char *bbuf = NULL; int i, alen, blen, aout, bout; int ret = 1; BIO *out = NULL; CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); RAND_seed(rnd_seed, sizeof rnd_seed); out = BIO_new(BIO_s_file()); if (out == NULL) EXIT(1); BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); _cb = BN_GENCB_new(); if (_cb == NULL) goto err; BN_GENCB_set(_cb, &cb, out); if (((a = DH_new()) == NULL) || (!DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, _cb))) goto err; if (!DH_check(a, &i)) goto err; if (i & DH_CHECK_P_NOT_PRIME) BIO_puts(out, "p value is not prime\n"); if (i & DH_CHECK_P_NOT_SAFE_PRIME) BIO_puts(out, "p value is not a safe prime\n"); if (i & DH_UNABLE_TO_CHECK_GENERATOR) BIO_puts(out, "unable to check the generator value\n"); if (i & DH_NOT_SUITABLE_GENERATOR) BIO_puts(out, "the g value is not a generator\n"); DH_get0_pqg(a, &ap, NULL, &ag); BIO_puts(out, "\np ="); BN_print(out, ap); BIO_puts(out, "\ng ="); BN_print(out, ag); BIO_puts(out, "\n"); b = DH_new(); if (b == NULL) goto err; bp = BN_dup(ap); bg = BN_dup(ag); if ((bp == NULL) || (bg == NULL) || !DH_set0_pqg(b, bp, NULL, bg)) goto err; bp = bg = NULL; /* Set a to run with normal modexp and b to use constant time */ DH_clear_flags(a, DH_FLAG_NO_EXP_CONSTTIME); DH_set_flags(b, DH_FLAG_NO_EXP_CONSTTIME); if (!DH_generate_key(a)) goto err; DH_get0_key(a, &apub_key, &priv_key); BIO_puts(out, "pri 1="); BN_print(out, priv_key); BIO_puts(out, "\npub 1="); BN_print(out, apub_key); BIO_puts(out, "\n"); if (!DH_generate_key(b)) goto err; DH_get0_key(b, &bpub_key, &priv_key); BIO_puts(out, "pri 2="); BN_print(out, priv_key); BIO_puts(out, "\npub 2="); BN_print(out, bpub_key); BIO_puts(out, "\n"); alen = DH_size(a); abuf = OPENSSL_malloc(alen); if (abuf == NULL) goto err; aout = DH_compute_key(abuf, bpub_key, a); BIO_puts(out, "key1 ="); for (i = 0; i < aout; i++) { sprintf(buf, "%02X", abuf[i]); BIO_puts(out, buf); } BIO_puts(out, "\n"); blen = DH_size(b); bbuf = OPENSSL_malloc(blen); if (bbuf == NULL) goto err; bout = DH_compute_key(bbuf, apub_key, b); BIO_puts(out, "key2 ="); for (i = 0; i < bout; i++) { sprintf(buf, "%02X", bbuf[i]); BIO_puts(out, buf); } BIO_puts(out, "\n"); if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { fprintf(stderr, "Error in DH routines\n"); ret = 1; } else ret = 0; if (!run_rfc5114_tests()) ret = 1; err: (void)BIO_flush(out); ERR_print_errors_fp(stderr); OPENSSL_free(abuf); OPENSSL_free(bbuf); DH_free(b); DH_free(a); BN_free(bp); BN_free(bg); BN_GENCB_free(_cb); BIO_free(out); #ifndef OPENSSL_NO_CRYPTO_MDEBUG if (CRYPTO_mem_leaks_fp(stderr) <= 0) ret = 1; #endif EXIT(ret); }
int main(int argc, char *argv[]) { DH *a; DH *b=NULL; char buf[12]; unsigned char *abuf=NULL,*bbuf=NULL; int i,alen,blen,aout,bout,ret=1; BIO *out; CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #ifdef OPENSSL_SYS_WIN32 CRYPTO_malloc_init(); #endif RAND_seed(rnd_seed, sizeof rnd_seed); out=BIO_new(BIO_s_file()); if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); if (a == NULL) goto err; if (!DH_check(a, &i)) goto err; if (i & DH_CHECK_P_NOT_PRIME) BIO_puts(out, "p value is not prime\n"); if (i & DH_CHECK_P_NOT_SAFE_PRIME) BIO_puts(out, "p value is not a safe prime\n"); if (i & DH_UNABLE_TO_CHECK_GENERATOR) BIO_puts(out, "unable to check the generator value\n"); if (i & DH_NOT_SUITABLE_GENERATOR) BIO_puts(out, "the g value is not a generator\n"); BIO_puts(out,"\np ="); BN_print(out,a->p); BIO_puts(out,"\ng ="); BN_print(out,a->g); BIO_puts(out,"\n"); b=DH_new(); if (b == NULL) goto err; b->p=BN_dup(a->p); b->g=BN_dup(a->g); if ((b->p == NULL) || (b->g == NULL)) goto err; if (!DH_generate_key(a)) goto err; BIO_puts(out,"pri 1="); BN_print(out,a->priv_key); BIO_puts(out,"\npub 1="); BN_print(out,a->pub_key); BIO_puts(out,"\n"); if (!DH_generate_key(b)) goto err; BIO_puts(out,"pri 2="); BN_print(out,b->priv_key); BIO_puts(out,"\npub 2="); BN_print(out,b->pub_key); BIO_puts(out,"\n"); alen=DH_size(a); abuf=(unsigned char *)OPENSSL_malloc(alen); aout=DH_compute_key(abuf,b->pub_key,a); BIO_puts(out,"key1 ="); for (i=0; i<aout; i++) { sprintf(buf,"%02X",abuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); blen=DH_size(b); bbuf=(unsigned char *)OPENSSL_malloc(blen); bout=DH_compute_key(bbuf,a->pub_key,b); BIO_puts(out,"key2 ="); for (i=0; i<bout; i++) { sprintf(buf,"%02X",bbuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0)) { fprintf(stderr,"Error in DH routines\n"); ret=1; } else ret=0; err: ERR_print_errors_fp(stderr); if (abuf != NULL) OPENSSL_free(abuf); if (bbuf != NULL) OPENSSL_free(bbuf); if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); CRYPTO_mem_leaks_fp(stderr); EXIT(ret); return(ret); }
int prime_main(int argc, char **argv) { BIGNUM *bn = NULL; int hex = 0, checks = 20, generate = 0, bits = 0, safe = 0, ret = 1; char *prog; OPTION_CHOICE o; prog = opt_init(argc, argv, prime_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: opt_help(prime_options); ret = 0; goto end; case OPT_HEX: hex = 1; break; case OPT_GENERATE: generate = 1; break; case OPT_BITS: bits = atoi(opt_arg()); break; case OPT_SAFE: safe = 1; break; case OPT_CHECKS: checks = atoi(opt_arg()); break; } } argc = opt_num_rest(); argv = opt_rest(); if (argc == 0 && !generate) { BIO_printf(bio_err, "%s: No prime specified\n", prog); goto end; } if (generate) { char *s; if (!bits) { BIO_printf(bio_err, "Specify the number of bits.\n"); goto end; } bn = BN_new(); BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL); s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn); BIO_printf(bio_out, "%s\n", s); OPENSSL_free(s); } else { for ( ; *argv; argv++) { if (hex) BN_hex2bn(&bn, argv[0]); else BN_dec2bn(&bn, argv[0]); BN_print(bio_out, bn); BIO_printf(bio_out, " (%s) %s prime\n", argv[0], BN_is_prime_ex(bn, checks, NULL, NULL) ? "is" : "is not"); } } BN_free(bn); end: return ret; }
int x509_main(int argc, char **argv) { ASN1_INTEGER *sno = NULL; ASN1_OBJECT *objtmp = NULL; BIO *out = NULL; CONF *extconf = NULL; EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL; STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; STACK_OF(OPENSSL_STRING) *sigopts = NULL; X509 *x = NULL, *xca = NULL; X509_REQ *req = NULL, *rq = NULL; X509_STORE *ctx = NULL; const EVP_MD *digest = NULL; char *CAkeyfile = NULL, *CAserial = NULL, *fkeyfile = NULL, *alias = NULL; char *checkhost = NULL, *checkemail = NULL, *checkip = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL; char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL; char buf[256], *prog; int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0; int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM; int fingerprint = 0, reqfile = 0, need_rand = 0, checkend = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0; int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0; int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0; int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0; int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0; int enddate = 0; time_t checkoffset = 0; unsigned long nmflag = 0, certflag = 0; char nmflag_set = 0; OPTION_CHOICE o; ENGINE *e = NULL; #ifndef OPENSSL_NO_MD5 int subject_hash_old = 0, issuer_hash_old = 0; #endif ctx = X509_STORE_new(); if (ctx == NULL) goto end; X509_STORE_set_verify_cb(ctx, callb); prog = opt_init(argc, argv, x509_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: opt_help(x509_options); ret = 0; goto end; case OPT_INFORM: if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat)) goto opthelp; break; case OPT_IN: infile = opt_arg(); break; case OPT_OUTFORM: if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat)) goto opthelp; break; case OPT_KEYFORM: if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat)) goto opthelp; break; case OPT_CAFORM: if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &CAformat)) goto opthelp; break; case OPT_CAKEYFORM: if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat)) goto opthelp; break; case OPT_OUT: outfile = opt_arg(); break; case OPT_REQ: reqfile = need_rand = 1; break; case OPT_SIGOPT: if (!sigopts) sigopts = sk_OPENSSL_STRING_new_null(); if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) goto opthelp; break; case OPT_DAYS: days = atoi(opt_arg()); break; case OPT_PASSIN: passinarg = opt_arg(); break; case OPT_EXTFILE: extfile = opt_arg(); break; case OPT_EXTENSIONS: extsect = opt_arg(); break; case OPT_SIGNKEY: keyfile = opt_arg(); sign_flag = ++num; need_rand = 1; break; case OPT_CA: CAfile = opt_arg(); CA_flag = ++num; need_rand = 1; break; case OPT_CAKEY: CAkeyfile = opt_arg(); break; case OPT_CASERIAL: CAserial = opt_arg(); break; case OPT_SET_SERIAL: if ((sno = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) goto opthelp; break; case OPT_FORCE_PUBKEY: fkeyfile = opt_arg(); break; case OPT_ADDTRUST: if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) { BIO_printf(bio_err, "%s: Invalid trust object value %s\n", prog, opt_arg()); goto opthelp; } if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL) goto end; sk_ASN1_OBJECT_push(trust, objtmp); objtmp = NULL; trustout = 1; break; case OPT_ADDREJECT: if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) { BIO_printf(bio_err, "%s: Invalid reject object value %s\n", prog, opt_arg()); goto opthelp; } if (reject == NULL && (reject = sk_ASN1_OBJECT_new_null()) == NULL) goto end; sk_ASN1_OBJECT_push(reject, objtmp); objtmp = NULL; trustout = 1; break; case OPT_SETALIAS: alias = opt_arg(); trustout = 1; break; case OPT_CERTOPT: if (!set_cert_ex(&certflag, opt_arg())) goto opthelp; break; case OPT_NAMEOPT: nmflag_set = 1; if (!set_name_ex(&nmflag, opt_arg())) goto opthelp; break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; case OPT_C: C = ++num; break; case OPT_EMAIL: email = ++num; break; case OPT_OCSP_URI: ocsp_uri = ++num; break; case OPT_SERIAL: serial = ++num; break; case OPT_NEXT_SERIAL: next_serial = ++num; break; case OPT_MODULUS: modulus = ++num; break; case OPT_PUBKEY: pubkey = ++num; break; case OPT_X509TOREQ: x509req = ++num; break; case OPT_TEXT: text = ++num; break; case OPT_SUBJECT: subject = ++num; break; case OPT_ISSUER: issuer = ++num; break; case OPT_FINGERPRINT: fingerprint = ++num; break; case OPT_HASH: subject_hash = ++num; break; case OPT_ISSUER_HASH: issuer_hash = ++num; break; case OPT_PURPOSE: pprint = ++num; break; case OPT_STARTDATE: startdate = ++num; break; case OPT_ENDDATE: enddate = ++num; break; case OPT_NOOUT: noout = ++num; break; case OPT_NOCERT: nocert = 1; break; case OPT_TRUSTOUT: trustout = 1; break; case OPT_CLRTRUST: clrtrust = ++num; break; case OPT_CLRREJECT: clrreject = ++num; break; case OPT_ALIAS: aliasout = ++num; break; case OPT_CACREATESERIAL: CA_createserial = ++num; break; case OPT_CLREXT: clrext = 1; break; case OPT_OCSPID: ocspid = ++num; break; case OPT_BADSIG: badsig = 1; break; #ifndef OPENSSL_NO_MD5 case OPT_SUBJECT_HASH_OLD: subject_hash_old = ++num; break; case OPT_ISSUER_HASH_OLD: issuer_hash_old = ++num; break; #else case OPT_SUBJECT_HASH_OLD: case OPT_ISSUER_HASH_OLD: break; #endif case OPT_DATES: startdate = ++num; enddate = ++num; break; case OPT_CHECKEND: checkend = 1; { intmax_t temp = 0; if (!opt_imax(opt_arg(), &temp)) goto opthelp; checkoffset = (time_t)temp; if ((intmax_t)checkoffset != temp) { BIO_printf(bio_err, "%s: checkend time out of range %s\n", prog, opt_arg()); goto opthelp; } } break; case OPT_CHECKHOST: checkhost = opt_arg(); break; case OPT_CHECKEMAIL: checkemail = opt_arg(); break; case OPT_CHECKIP: checkip = opt_arg(); break; case OPT_MD: if (!opt_md(opt_unknown(), &digest)) goto opthelp; } } argc = opt_num_rest(); argv = opt_rest(); if (argc != 0) { BIO_printf(bio_err, "%s: Unknown parameter %s\n", prog, argv[0]); goto opthelp; } if (!nmflag_set) nmflag = XN_FLAG_ONELINE; out = bio_open_default(outfile, 'w', outformat); if (out == NULL) goto end; if (need_rand) app_RAND_load_file(NULL, 0); if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if (!X509_STORE_set_default_paths(ctx)) { ERR_print_errors(bio_err); goto end; } if (fkeyfile) { fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "Forced key"); if (fkey == NULL) goto end; } if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) { CAkeyfile = CAfile; } else if ((CA_flag) && (CAkeyfile == NULL)) { BIO_printf(bio_err, "need to specify a CAkey if using the CA command\n"); goto end; } if (extfile) { X509V3_CTX ctx2; if ((extconf = app_load_config(extfile)) == NULL) goto end; if (!extsect) { extsect = NCONF_get_string(extconf, "default", "extensions"); if (!extsect) { ERR_clear_error(); extsect = "default"; } } X509V3_set_ctx_test(&ctx2); X509V3_set_nconf(&ctx2, extconf); if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extsect); ERR_print_errors(bio_err); goto end; } } if (reqfile) { EVP_PKEY *pkey; BIO *in; if (!sign_flag && !CA_flag) { BIO_printf(bio_err, "We need a private key to sign with\n"); goto end; } in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); BIO_free(in); if (req == NULL) { ERR_print_errors(bio_err); goto end; } if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto end; } i = X509_REQ_verify(req, pkey); if (i < 0) { BIO_printf(bio_err, "Signature verification error\n"); ERR_print_errors(bio_err); goto end; } if (i == 0) { BIO_printf(bio_err, "Signature did not match the certificate request\n"); goto end; } else BIO_printf(bio_err, "Signature ok\n"); print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag); if ((x = X509_new()) == NULL) goto end; if (sno == NULL) { sno = ASN1_INTEGER_new(); if (sno == NULL || !rand_serial(NULL, sno)) goto end; if (!X509_set_serialNumber(x, sno)) goto end; ASN1_INTEGER_free(sno); sno = NULL; } else if (!X509_set_serialNumber(x, sno)) goto end; if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) goto end; if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req))) goto end; X509_gmtime_adj(X509_get_notBefore(x), 0); X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL); if (fkey) X509_set_pubkey(x, fkey); else { pkey = X509_REQ_get0_pubkey(req); X509_set_pubkey(x, pkey); } } else x = load_cert(infile, informat, "Certificate"); if (x == NULL) goto end; if (CA_flag) { xca = load_cert(CAfile, CAformat, "CA Certificate"); if (xca == NULL) goto end; } if (!noout || text || next_serial) { OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); } if (alias) X509_alias_set1(x, (unsigned char *)alias, -1); if (clrtrust) X509_trust_clear(x); if (clrreject) X509_reject_clear(x); if (trust) { for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { objtmp = sk_ASN1_OBJECT_value(trust, i); X509_add1_trust_object(x, objtmp); } objtmp = NULL; } if (reject) { for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { objtmp = sk_ASN1_OBJECT_value(reject, i); X509_add1_reject_object(x, objtmp); } objtmp = NULL; } if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { print_name(out, "issuer= ", X509_get_issuer_name(x), nmflag); } else if (subject == i) { print_name(out, "subject= ", X509_get_subject_name(x), nmflag); } else if (serial == i) { BIO_printf(out, "serial="); i2a_ASN1_INTEGER(out, X509_get_serialNumber(x)); BIO_printf(out, "\n"); } else if (next_serial == i) { BIGNUM *bnser; ASN1_INTEGER *ser; ser = X509_get_serialNumber(x); bnser = ASN1_INTEGER_to_BN(ser, NULL); if (!bnser) goto end; if (!BN_add_word(bnser, 1)) goto end; ser = BN_to_ASN1_INTEGER(bnser, NULL); if (!ser) goto end; BN_free(bnser); i2a_ASN1_INTEGER(out, ser); ASN1_INTEGER_free(ser); BIO_puts(out, "\n"); } else if ((email == i) || (ocsp_uri == i)) { int j; STACK_OF(OPENSSL_STRING) *emlst; if (email == i) emlst = X509_get1_email(x); else emlst = X509_get1_ocsp(x); for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) BIO_printf(out, "%s\n", sk_OPENSSL_STRING_value(emlst, j)); X509_email_free(emlst); } else if (aliasout == i) { unsigned char *alstr; alstr = X509_alias_get0(x, NULL); if (alstr) BIO_printf(out, "%s\n", alstr); else BIO_puts(out, "<No Alias>\n"); } else if (subject_hash == i) { BIO_printf(out, "%08lx\n", X509_subject_name_hash(x)); } #ifndef OPENSSL_NO_MD5 else if (subject_hash_old == i) { BIO_printf(out, "%08lx\n", X509_subject_name_hash_old(x)); } #endif else if (issuer_hash == i) { BIO_printf(out, "%08lx\n", X509_issuer_name_hash(x)); } #ifndef OPENSSL_NO_MD5 else if (issuer_hash_old == i) { BIO_printf(out, "%08lx\n", X509_issuer_name_hash_old(x)); } #endif else if (pprint == i) { X509_PURPOSE *ptmp; int j; BIO_printf(out, "Certificate purposes:\n"); for (j = 0; j < X509_PURPOSE_get_count(); j++) { ptmp = X509_PURPOSE_get0(j); purpose_print(out, x, ptmp); } } else if (modulus == i) { EVP_PKEY *pkey; pkey = X509_get0_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err, "Modulus=unavailable\n"); ERR_print_errors(bio_err); goto end; } BIO_printf(out, "Modulus="); #ifndef OPENSSL_NO_RSA if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { BIGNUM *n; RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, NULL, NULL); BN_print(out, n); } else #endif #ifndef OPENSSL_NO_DSA if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) { BIGNUM *dsapub = NULL; DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &dsapub, NULL); BN_print(out, dsapub); } else #endif { BIO_printf(out, "Wrong Algorithm type"); } BIO_printf(out, "\n"); } else if (pubkey == i) { EVP_PKEY *pkey; pkey = X509_get0_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err, "Error getting public key\n"); ERR_print_errors(bio_err); goto end; } PEM_write_bio_PUBKEY(out, pkey); } else if (C == i) { unsigned char *d; char *m; int len; X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf); BIO_printf(out, "/*\n" " * Subject: %s\n", buf); X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf); BIO_printf(out, " * Issuer: %s\n" " */\n", buf); len = i2d_X509(x, NULL); m = app_malloc(len, "x509 name buffer"); d = (unsigned char *)m; len = i2d_X509_NAME(X509_get_subject_name(x), &d); print_array(out, "the_subject_name", len, (unsigned char *)m); d = (unsigned char *)m; len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d); print_array(out, "the_public_key", len, (unsigned char *)m); d = (unsigned char *)m; len = i2d_X509(x, &d); print_array(out, "the_certificate", len, (unsigned char *)m); OPENSSL_free(m); } else if (text == i) { X509_print_ex(out, x, nmflag, certflag); } else if (startdate == i) { BIO_puts(out, "notBefore="); ASN1_TIME_print(out, X509_get_notBefore(x)); BIO_puts(out, "\n"); } else if (enddate == i) { BIO_puts(out, "notAfter="); ASN1_TIME_print(out, X509_get_notAfter(x)); BIO_puts(out, "\n"); } else if (fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; const EVP_MD *fdig = digest; if (!fdig) fdig = EVP_sha1(); if (!X509_digest(x, fdig, md, &n)) { BIO_printf(bio_err, "out of memory\n"); goto end; } BIO_printf(out, "%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(fdig))); for (j = 0; j < (int)n; j++) { BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':'); } } /* should be in the library */ else if ((sign_flag == i) && (x509req == 0)) { BIO_printf(bio_err, "Getting Private key\n"); if (Upkey == NULL) { Upkey = load_key(keyfile, keyformat, 0, passin, e, "Private key"); if (Upkey == NULL) goto end; } assert(need_rand); if (!sign(x, Upkey, days, clrext, digest, extconf, extsect)) goto end; } else if (CA_flag == i) { BIO_printf(bio_err, "Getting CA Private Key\n"); if (CAkeyfile != NULL) { CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA Private Key"); if (CApkey == NULL) goto end; } assert(need_rand); if (!x509_certify(ctx, CAfile, digest, x, xca, CApkey, sigopts, CAserial, CA_createserial, days, clrext, extconf, extsect, sno, reqfile)) goto end; } else if (x509req == i) { EVP_PKEY *pk; BIO_printf(bio_err, "Getting request Private Key\n"); if (keyfile == NULL) { BIO_printf(bio_err, "no request key file specified\n"); goto end; } else { pk = load_key(keyfile, keyformat, 0, passin, e, "request key"); if (pk == NULL) goto end; } BIO_printf(bio_err, "Generating certificate request\n"); rq = X509_to_X509_REQ(x, pk, digest); EVP_PKEY_free(pk); if (rq == NULL) { ERR_print_errors(bio_err); goto end; } if (!noout) { X509_REQ_print(out, rq); PEM_write_bio_X509_REQ(out, rq); } noout = 1; } else if (ocspid == i) { X509_ocspid_print(out, x); } } } if (checkend) { time_t tcheck = time(NULL) + checkoffset; if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) { BIO_printf(out, "Certificate will expire\n"); ret = 1; } else { BIO_printf(out, "Certificate will not expire\n"); ret = 0; } goto end; } print_cert_checks(out, x, checkhost, checkemail, checkip); if (noout || nocert) { ret = 0; goto end; } if (badsig) { ASN1_BIT_STRING *signature; unsigned char *s; X509_get0_signature(&signature, NULL, x); s = ASN1_STRING_data(signature); s[ASN1_STRING_length(signature) - 1] ^= 0x1; } if (outformat == FORMAT_ASN1) i = i2d_X509_bio(out, x); else if (outformat == FORMAT_PEM) { if (trustout) i = PEM_write_bio_X509_AUX(out, x); else i = PEM_write_bio_X509(out, x); } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write certificate\n"); ERR_print_errors(bio_err); goto end; } ret = 0; end: if (need_rand) app_RAND_write_file(NULL); NCONF_free(extconf); BIO_free_all(out); X509_STORE_free(ctx); X509_REQ_free(req); X509_free(x); X509_free(xca); EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); EVP_PKEY_free(fkey); sk_OPENSSL_STRING_free(sigopts); X509_REQ_free(rq); ASN1_INTEGER_free(sno); sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); ASN1_OBJECT_free(objtmp); OPENSSL_free(passin); return (ret); }
int MAIN(int argc, char **argv) { int ret=1; DSA *dsa=NULL; int i,badops=0; const EVP_CIPHER *enc=NULL; BIO *in=NULL,*out=NULL; int informat,outformat,text=0,noout=0; int pubin = 0, pubout = 0; char *infile,*outfile,*prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus=0; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); infile=NULL; outfile=NULL; informat=FORMAT_PEM; outformat=FORMAT_PEM; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; passargin= *(++argv); } else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; passargout= *(++argv); } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-modulus") == 0) modulus=1; else if (strcmp(*argv,"-pubin") == 0) pubin=1; else if (strcmp(*argv,"-pubout") == 0) pubout=1; else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef NO_IDEA BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); #endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); BIO_printf(bio_err," -modulus print the DSA public value\n"); goto end; } ERR_load_crypto_strings(); if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,stdin,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) { perror(infile); goto end; } } BIO_printf(bio_err,"read DSA key\n"); if (informat == FORMAT_ASN1) { if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL); else dsa=d2i_DSAPrivateKey_bio(in,NULL); } else if (informat == FORMAT_PEM) { if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL); else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin); } else { BIO_printf(bio_err,"bad input format specified for key\n"); goto end; } if (dsa == NULL) { BIO_printf(bio_err,"unable to load Key\n"); ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } if (text) if (!DSA_print(out,dsa,0)) { perror(outfile); ERR_print_errors(bio_err); goto end; } if (modulus) { fprintf(stdout,"Public Key="); BN_print(out,dsa->pub_key); fprintf(stdout,"\n"); } if (noout) goto end; BIO_printf(bio_err,"writing DSA key\n"); if (outformat == FORMAT_ASN1) { if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa); else i=i2d_DSAPrivateKey_bio(out,dsa); } else if (outformat == FORMAT_PEM) { if(pubin || pubout) i=PEM_write_bio_DSA_PUBKEY(out,dsa); else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, NULL,0,NULL, passout); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write private key\n"); ERR_print_errors(bio_err); } else ret=0; end: if(in != NULL) BIO_free(in); if(out != NULL) BIO_free_all(out); if(dsa != NULL) DSA_free(dsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); EXIT(ret); }
int main(int argc, char *argv[]) { void *bb; BN_CTX *ctx = NULL; int nid; BIO *out; CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); const char *text = "NIST Prime-Curve P-192"; #ifdef OPENSSL_SYS_WIN32 CRYPTO_malloc_init(); #endif RAND_seed(rnd_seed, sizeof rnd_seed); out = BIO_new(BIO_s_file()); if (out == NULL) EXIT(1); BIO_set_fp(out, stdout, BIO_NOCLOSE); if ((ctx = BN_CTX_new()) == NULL) goto err; nid = NID_X9_62_prime192v1; //EC_POINT *bb; EC_KEY *a = NULL; //EC_KEY is a structure BIGNUM *x_a = NULL, *y_a = NULL; char buf[12]; //unsigned char *abuf=NULL,*bbuf=NULL; int i, alen, blen, aout, bout; const EC_GROUP *group; a = EC_KEY_new_by_curve_name(nid); if (a == NULL) goto err; group = EC_KEY_get0_group(a); if ((x_a = BN_new()) == NULL) goto err; //BN_new returns a pointer to the bignum if ((y_a = BN_new()) == NULL) goto err; BIO_puts(out, "Testing key generation with "); BIO_puts(out, text); if (!EC_KEY_generate_key(a)) goto err; printf("\n1 ) generating keys\n"); if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } //returns the public key else { if (!EC_POINT_get_affine_coordinates_GF2m(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } BIO_puts(out, " pri 1="); BN_print(out, EC_KEY_get0_private_key(a)); BIO_puts(out, "\n pub 1="); BN_print(out, x_a); BIO_puts(out, ","); BN_print(out, y_a); BIO_puts(out, "\n"); func(EC_KEY_get0_public_key(a)); err: ERR_print_errors_fp(stderr); if (x_a) BN_free(x_a); if (y_a) BN_free(y_a); if (a) EC_KEY_free(a); if (ctx) BN_CTX_free(ctx); BIO_free(out); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); CRYPTO_mem_leaks_fp(stderr); return 0; }
return NULL; #endif } int main(void) { unsigned char *abuf = NULL; //const EC_POINT *public_key; int i, alen, aout, jj = 0; int sockfd, new_fd; // listen on sock_fd, new connection on new_fd struct sockaddr_in my_addr; // my address information struct sockaddr_in their_addr; // connector's address information socklen_t sin_size; int yes = 1, numbytes; char buf[MAXDATASIZE]; /*//////////////////////////////////////////////////////////////Generating Keys/////////////////////////////////////*/ BN_CTX *ctx = NULL; int nid; BIO *out; CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); const char *text = "NIST Prime-Curve P-192"; #ifdef OPENSSL_SYS_WIN32 CRYPTO_malloc_init(); #endif RAND_seed(rnd_seed, sizeof rnd_seed); out = BIO_new(BIO_s_file()); if (out == NULL) EXIT(1); BIO_set_fp(out, stdout, BIO_NOCLOSE); if ((ctx = BN_CTX_new()) == NULL) goto err; nid = NID_X9_62_prime192v1; EC_KEY *a = NULL; //EC_KEY is a structure BIGNUM *x_a = NULL, *y_a = NULL; const BIGNUM *BIG = NULL; char *buff; //unsigned char *abuf=NULL,*bbuf=NULL; const EC_GROUP *group; a = EC_KEY_new_by_curve_name(nid); if (a == NULL) goto err; group = EC_KEY_get0_group(a); // aa=EC_POINT_new(group); if ((x_a = BN_new()) == NULL) goto err; //BN_new returns a pointer to the bignum if ((y_a = BN_new()) == NULL) goto err; // if ((BIG=BN_new()) == NULL) goto err; BIO_puts(out, "Testing key generation with "); BIO_puts(out, text); if (!EC_KEY_generate_key(a)) goto err; printf("\n1 ) generating keys\n"); if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } //returns the public key else { if (!EC_POINT_get_affine_coordinates_GF2m(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } BIO_puts(out, " pri 1="); BN_print(out, EC_KEY_get0_private_key(a)); BIO_puts(out, "\n pub 1="); BN_print(out, x_a); BIO_puts(out, ","); BN_print(out, y_a); BIO_puts(out, "\n"); /* printf("importnt work\n"); //BN_print(out,x_a); buff=BN_bn2dec(x_a); printf("%s\n",buff); BN_dec2bn(&(x_a),buff); printf("%s\n",buff); BN_print(out,x_a); */ /*//////////////////////////////////////////////////////////////////////////////////////////////////////////////////*/ if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket"); exit(1); } if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1) { perror("setsockopt"); exit(1); } my_addr.sin_family = AF_INET; // host byte order my_addr.sin_port = htons(MYPORT); // short, network byte order my_addr.sin_addr.s_addr = INADDR_ANY; // automatically fill with my IP memset(my_addr.sin_zero, '\0', sizeof my_addr.sin_zero); if (bind(sockfd, (struct sockaddr *) &my_addr, sizeof my_addr) == -1) { perror("bind"); exit(1); } if (listen(sockfd, BACKLOG) == -1) { perror("listen"); exit(1); } while (1) { // main accept() loop sin_size = sizeof their_addr; if ((new_fd = accept(sockfd, (struct sockaddr *) &their_addr, &sin_size)) == -1) { perror("accept"); continue; } printf("server: got connection from %s\n", inet_ntoa(their_addr.sin_addr)); if (send(new_fd, "Hello, world!\n", 14, 0) == -1) perror("send"); // BN_print(out,x_a); // if ((jj=send(new_fd, &aa, sizeof(BIGNUM), 0)) == -1) // perror("send"); ////////////////////////////////////////////////////////////////////////////// //printf("side %d\n",sizeof(EC_POINT*)); //aa= EC_KEY_get0_public_key(a); //printf("side %d\n",sizeof(aa)); // if ((jj=send(new_fd, &aa, sizeof(EC_POINT*), 0)) == -1) //perror("send"); //printf("\nbytes send %d\n",jj); //////////////////////////////////////////////////////////////////////////////// //x_a=(BIGNUM*)&buff; //BN_print(out,x_a); //printf("%d",sizeof(EC_POINT)); //buff=(char*)&x_a; //if (send(new_fd, &x_a, sizeof(x_a), 0) == -1) //perror("send"); //buff[10]='\0'; //BIG =EC_KEY_get0_private_key(a); //BN_print(out,BIG); /* buff=BN_bn2dec(x_a); // BN_print(out,BIG); buff=(char*)&x_a; //buff[10]='\0'; printf("%s\n",buff); x_a=(BIGNUM*)&buff; BN_dec2bn(&(y_a),buff); printf("%s",buff); */ //sprintf(buff,"%u",EC_KEY_get0_private_key(a)); //printf("send: %d\n",BIG); //printf("%s",buff); //printf("%d",strlen(buff)); // float data1; //char data2[64]; //BIG=(BIGNUM*)(buff); //BIO_puts(out,BIG); //memcpy((void*)buff, (void*)EC_KEY_get0_private_key(a), 20); //printf("%s",buff); //for (i=0; i<10; i++) //{ //printf("%c",buff[i]); //BIO_puts(out,buff); //} //if (send(new_fd,buff,strlen(buff), 0) == -1) // { // perror("send"); // } //printf("\npublic key send\n"); /* //EC_POINT *bb; if ((numbytes=recv(new_fd,(char*)&bb,500, 0)) == -1) { perror("recv"); exit(1); } printf("\npublic key received\n"); */ /* if ((numbytes=recv(new_fd, buf, MAXDATASIZE-1, 0)) == -1) { perror("recv"); exit(1); } */ // buf[numbytes] = '\0'; /* printf("Received: %d",numbytes); printf("working\n"); alen=KDF1_SHA1_len; ///it is a static constant integer. printf("working\n"); abuf=(unsigned char *)OPENSSL_malloc(alen); printf("working\n"); if(abuf==NULL || bb==NULL || a==NULL) printf("i hate you error\n"); aout=ECDH_compute_key(abuf,alen,bb,a,KDF1_SHA1); //generating session key printf("working\n"); // BN_print(out, abuf); //BIO_puts(out,"\n"); BIO_puts(out," key1 ="); for (i=0; i<aout; i++) { sprintf(buf,"%02X",abuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); */ close(new_fd); exit(0); close(new_fd); // parent doesn't need this } err: ERR_print_errors_fp(stderr); if (x_a) BN_free(x_a); if (y_a) BN_free(y_a); if (a) EC_KEY_free(a); if (ctx) BN_CTX_free(ctx); BIO_free(out); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0);
int rsa_main(int argc, char **argv) { ENGINE *e = NULL; BIO *out = NULL; RSA *rsa = NULL; const EVP_CIPHER *enc = NULL; char *infile = NULL, *outfile = NULL, *prog; char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; int i; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0; int noout = 0, modulus = 0, pubin = 0, pubout = 0, pvk_encr = 2, ret = 1; OPTION_CHOICE o; prog = opt_init(argc, argv, rsa_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: #ifdef OPENSSL_NO_RC4 case OPT_PVK_STRONG: case OPT_PVK_WEAK: case OPT_PVK_NONE: #endif opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: opt_help(rsa_options); ret = 0; goto end; case OPT_INFORM: if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat)) goto opthelp; break; case OPT_IN: infile = opt_arg(); break; case OPT_OUTFORM: if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat)) goto opthelp; break; case OPT_OUT: outfile = opt_arg(); break; case OPT_PASSIN: passinarg = opt_arg(); break; case OPT_PASSOUT: passoutarg = opt_arg(); break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; case OPT_PUBIN: pubin = 1; break; case OPT_PUBOUT: pubout = 1; break; case OPT_RSAPUBKEY_IN: pubin = 2; break; case OPT_RSAPUBKEY_OUT: pubout = 2; break; #ifndef OPENSSL_NO_RC4 case OPT_PVK_STRONG: pvk_encr = 2; break; case OPT_PVK_WEAK: pvk_encr = 1; break; case OPT_PVK_NONE: pvk_encr = 0; break; #endif case OPT_NOOUT: noout = 1; break; case OPT_TEXT: text = 1; break; case OPT_MODULUS: modulus = 1; break; case OPT_CHECK: check = 1; break; case OPT_CIPHER: if (!opt_cipher(opt_unknown(), &enc)) goto opthelp; break; } } argc = opt_num_rest(); argv = opt_rest(); if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } if (check && pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; } { EVP_PKEY *pkey; if (pubin) { int tmpformat = -1; if (pubin == 2) { if (informat == FORMAT_PEM) tmpformat = FORMAT_PEMRSA; else if (informat == FORMAT_ASN1) tmpformat = FORMAT_ASN1RSA; } else tmpformat = informat; pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key"); } else pkey = load_key(infile, informat, 1, passin, e, "Private Key"); if (pkey != NULL) rsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); } if (rsa == NULL) { ERR_print_errors(bio_err); goto end; } out = bio_open_default(outfile, "w"); if (out == NULL) goto end; if (text) if (!RSA_print(out, rsa, 0)) { perror(outfile); ERR_print_errors(bio_err); goto end; } if (modulus) { BIO_printf(out, "Modulus="); BN_print(out, rsa->n); BIO_printf(out, "\n"); } if (check) { int r = RSA_check_key(rsa); if (r == 1) BIO_printf(out, "RSA key ok\n"); else if (r == 0) { unsigned long err; while ((err = ERR_peek_error()) != 0 && ERR_GET_LIB(err) == ERR_LIB_RSA && ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) { BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); ERR_get_error(); /* remove e from error stack */ } } /* should happen only if r == -1 */ if (r == -1 || ERR_peek_error() != 0) { ERR_print_errors(bio_err); goto end; } } if (noout) { ret = 0; goto end; } BIO_printf(bio_err, "writing RSA key\n"); if (outformat == FORMAT_ASN1) { if (pubout || pubin) { if (pubout == 2) i = i2d_RSAPublicKey_bio(out, rsa); else i = i2d_RSA_PUBKEY_bio(out, rsa); } else i = i2d_RSAPrivateKey_bio(out, rsa); } # ifndef OPENSSL_NO_RC4 else if (outformat == FORMAT_NETSCAPE) { unsigned char *p, *pp; int size; i = 1; size = i2d_RSA_NET(rsa, NULL, NULL, 0); if ((p = OPENSSL_malloc(size)) == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } pp = p; i2d_RSA_NET(rsa, &p, NULL, 0); BIO_write(out, (char *)pp, size); OPENSSL_free(pp); } # endif else if (outformat == FORMAT_PEM) { if (pubout || pubin) { if (pubout == 2) i = PEM_write_bio_RSAPublicKey(out, rsa); else i = PEM_write_bio_RSA_PUBKEY(out, rsa); } else i = PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, NULL, passout); # if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); EVP_PKEY_set1_RSA(pk, rsa); if (outformat == FORMAT_PVK) i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); else if (pubin || pubout) i = i2b_PublicKey_bio(out, pk); else i = i2b_PrivateKey_bio(out, pk); EVP_PKEY_free(pk); # endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (i <= 0) { BIO_printf(bio_err, "unable to write key\n"); ERR_print_errors(bio_err); } else ret = 0; end: BIO_free_all(out); RSA_free(rsa); if (passin) OPENSSL_free(passin); if (passout) OPENSSL_free(passout); return (ret); }
static int authenticate_webid_user(request_rec *request) { int r = 0; authn_webid_config_rec *conf = ap_get_module_config(request->per_dir_config, &authn_webid_module); if (!conf->authoritative) r = DECLINED; else r = HTTP_UNAUTHORIZED; /* Check for AuthType WebID */ const char *current_auth = ap_auth_type(request); if (!current_auth || strcasecmp(current_auth, "WebID") != 0) { return DECLINED; } request->ap_auth_type = "WebID"; /* Check for WebID cached in SSL session */ const char *subjAltName = NULL; { void *data = NULL; if (apr_pool_userdata_get(&data, UD_WEBID_KEY, request->connection->pool) == APR_SUCCESS && data != NULL) { subjAltName = data; ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, request, "WebID: using cached URI <%s>", subjAltName); if (strlen(subjAltName)) { request->user = (char *)subjAltName; r = OK; } return r; } } #if AP_MODULE_MAGIC_AT_LEAST(20060101,0) apr_array_header_t *subjAltName_list = ssl_ext_list(request->pool, request->connection, 1, "2.5.29.17"); #else subjAltName = ssl_ext_lookup(request->pool, request->connection, 1, "2.5.29.17"); #endif /* Load X509 Public Key + Exponent */ char *pkey_n = NULL; char *pkey_e = NULL; unsigned int pkey_e_i = 0; #if AP_MODULE_MAGIC_AT_LEAST(20060101,0) if (subjAltName_list != NULL) { #else if (subjAltName != NULL) { #endif char *c_cert = NULL; BIO *bio_cert = NULL; X509 *x509 = NULL; EVP_PKEY *pkey = NULL; RSA *rsa = NULL; BIO *bio = NULL; BUF_MEM *bptr = NULL; if (NULL != (c_cert = ssl_var_lookup(request->pool, request->server, request->connection, request, "SSL_CLIENT_CERT")) && NULL != (bio_cert = BIO_new_mem_buf(c_cert, strlen(c_cert))) && NULL != (x509 = PEM_read_bio_X509(bio_cert, NULL, NULL, NULL)) && NULL != (pkey = X509_get_pubkey(x509)) && NULL != (rsa = EVP_PKEY_get1_RSA(pkey))) { // public key modulus bio = BIO_new(BIO_s_mem()); BN_print(bio, rsa->n); BIO_get_mem_ptr(bio, &bptr); pkey_n = apr_pstrndup(request->pool, bptr->data, bptr->length); BIO_free(bio); // public key exponent bio = BIO_new(BIO_s_mem()); BN_print(bio, rsa->e); BIO_get_mem_ptr(bio, &bptr); pkey_e = apr_pstrndup(request->pool, bptr->data, bptr->length); pkey_e_i = apr_strtoi64(pkey_e, NULL, 16); BIO_free(bio); } else { ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, request, "WebID: invalid client SSL certificate"); } if (rsa) RSA_free(rsa); if (pkey) EVP_PKEY_free(pkey); if (x509) X509_free(x509); if (bio_cert) BIO_free(bio_cert); } if (pkey_n != NULL && pkey_e != NULL) { #if AP_MODULE_MAGIC_AT_LEAST(20060101,0) const char *san; char *tok; int i; for (i = 0; i < subjAltName_list->nelts; i++) { san = APR_ARRAY_IDX(subjAltName_list, i, const char*); while ((tok = get_list_item(request->pool, &san)) != NULL) { if (strncmp(tok, "URI:", 4) == 0) { if (validate_webid(request, tok+4, pkey_n, pkey_e_i) == OK) { subjAltName = tok+4; r = OK; break; } } } } #else ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, request, "WebID: subjectAltName = %s", subjAltName); ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, request, "WebID: client pkey.n = %s", pkey_n); ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, request, "WebID: client pkey.e = %d (%s)", pkey_e_i, pkey_e); const char *san = subjAltName; char *tok; while ((tok = get_list_item(request->pool, &san)) != NULL) { if (strncmp(tok, "URI:", 4) == 0) { if (validate_webid(request, tok+4, pkey_n, pkey_e_i) == OK) { subjAltName = tok+4; r = OK; break; } } } #endif } if (r == OK) { ap_log_rerror(APLOG_MARK, APLOG_INFO | APLOG_TOCLIENT, 0, request, "WebID: authentication (%sauthoritative) succeeded for <%s> pubkey: \"%s\", URI: <%s>", conf->authoritative?"":"non-", subjAltName, pkey_n, request->uri); request->user = apr_psprintf(request->connection->pool, "%s", subjAltName); } else { ap_log_rerror(APLOG_MARK, (conf->authoritative?APLOG_WARNING:APLOG_INFO) | APLOG_TOCLIENT, 0, request, "WebID: authentication (%sauthoritative) failed for <%s> pubkey: \"%s\", URI: <%s>", conf->authoritative?"":"non-", subjAltName, pkey_n, request->uri); subjAltName = ""; } ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, request, "WebID: setting cached URI <%s>", subjAltName); apr_pool_userdata_set(apr_pstrdup(request->connection->pool, subjAltName), UD_WEBID_KEY, NULL, request->connection->pool); return r; } static void import_ssl_func() { ssl_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); #if AP_MODULE_MAGIC_AT_LEAST(20060101,0) ssl_ext_list = APR_RETRIEVE_OPTIONAL_FN(ssl_ext_list); #else ssl_ext_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_ext_lookup); #endif }
int MAIN (int argc, char **argv) { DH *dh = NULL; int i, badops = 0, text = 0; BIO *in = NULL, *out = NULL; int informat, outformat, check = 0, noout = 0, C = 0, ret = 1; char *infile, *outfile, *prog; #ifndef OPENSSL_NO_ENGINE char *engine; #endif apps_startup (); if (bio_err == NULL) if ((bio_err = BIO_new (BIO_s_file ())) != NULL) BIO_set_fp (bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config (bio_err, NULL)) goto end; #ifndef OPENSSL_NO_ENGINE engine = NULL; #endif infile = NULL; outfile = NULL; informat = FORMAT_PEM; outformat = FORMAT_PEM; prog = argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp (*argv, "-inform") == 0) { if (--argc < 1) goto bad; informat = str2fmt (*(++argv)); } else if (strcmp (*argv, "-outform") == 0) { if (--argc < 1) goto bad; outformat = str2fmt (*(++argv)); } else if (strcmp (*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (strcmp (*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp (*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } #endif else if (strcmp (*argv, "-check") == 0) check = 1; else if (strcmp (*argv, "-text") == 0) text = 1; else if (strcmp (*argv, "-C") == 0) C = 1; else if (strcmp (*argv, "-noout") == 0) noout = 1; else { BIO_printf (bio_err, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: BIO_printf (bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf (bio_err, "where options are\n"); BIO_printf (bio_err, " -inform arg input format - one of DER PEM\n"); BIO_printf (bio_err, " -outform arg output format - one of DER PEM\n"); BIO_printf (bio_err, " -in arg input file\n"); BIO_printf (bio_err, " -out arg output file\n"); BIO_printf (bio_err, " -check check the DH parameters\n"); BIO_printf (bio_err, " -text print a text form of the DH parameters\n"); BIO_printf (bio_err, " -C Output C code\n"); BIO_printf (bio_err, " -noout no output\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, " -engine e use engine e, possibly a hardware device.\n"); #endif goto end; } ERR_load_crypto_strings (); #ifndef OPENSSL_NO_ENGINE setup_engine (bio_err, engine, 0); #endif in = BIO_new (BIO_s_file ()); out = BIO_new (BIO_s_file ()); if ((in == NULL) || (out == NULL)) { ERR_print_errors (bio_err); goto end; } if (infile == NULL) BIO_set_fp (in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename (in, infile) <= 0) { perror (infile); goto end; } } if (outfile == NULL) { BIO_set_fp (out, stdout, BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new (BIO_f_linebuffer ()); out = BIO_push (tmpbio, out); } #endif } else { if (BIO_write_filename (out, outfile) <= 0) { perror (outfile); goto end; } } if (informat == FORMAT_ASN1) dh = d2i_DHparams_bio (in, NULL); else if (informat == FORMAT_PEM) dh = PEM_read_bio_DHparams (in, NULL, NULL, NULL); else { BIO_printf (bio_err, "bad input format specified\n"); goto end; } if (dh == NULL) { BIO_printf (bio_err, "unable to load DH parameters\n"); ERR_print_errors (bio_err); goto end; } if (text) { DHparams_print (out, dh); #ifdef undef printf ("p="); BN_print (stdout, dh->p); printf ("\ng="); BN_print (stdout, dh->g); printf ("\n"); if (dh->length != 0) printf ("recommended private length=%ld\n", dh->length); #endif } if (check) { if (!DH_check (dh, &i)) { ERR_print_errors (bio_err); goto end; } if (i & DH_CHECK_P_NOT_PRIME) printf ("p value is not prime\n"); if (i & DH_CHECK_P_NOT_SAFE_PRIME) printf ("p value is not a safe prime\n"); if (i & DH_UNABLE_TO_CHECK_GENERATOR) printf ("unable to check the generator value\n"); if (i & DH_NOT_SUITABLE_GENERATOR) printf ("the g value is not a generator\n"); if (i == 0) printf ("DH parameters appear to be ok.\n"); } if (C) { unsigned char *data; int len, l, bits; len = BN_num_bytes (dh->p); bits = BN_num_bits (dh->p); data = (unsigned char *) OPENSSL_malloc (len); if (data == NULL) { perror ("OPENSSL_malloc"); goto end; } l = BN_bn2bin (dh->p, data); printf ("static unsigned char dh%d_p[]={", bits); for (i = 0; i < l; i++) { if ((i % 12) == 0) printf ("\n\t"); printf ("0x%02X,", data[i]); } printf ("\n\t};\n"); l = BN_bn2bin (dh->g, data); printf ("static unsigned char dh%d_g[]={", bits); for (i = 0; i < l; i++) { if ((i % 12) == 0) printf ("\n\t"); printf ("0x%02X,", data[i]); } printf ("\n\t};\n\n"); printf ("DH *get_dh%d()\n\t{\n", bits); printf ("\tDH *dh;\n\n"); printf ("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); printf ("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", bits, bits); printf ("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", bits, bits); printf ("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); printf ("\t\treturn(NULL);\n"); printf ("\treturn(dh);\n\t}\n"); OPENSSL_free (data); } if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_DHparams_bio (out, dh); else if (outformat == FORMAT_PEM) i = PEM_write_bio_DHparams (out, dh); else { BIO_printf (bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf (bio_err, "unable to write DH parameters\n"); ERR_print_errors (bio_err); goto end; } } ret = 0; end: if (in != NULL) BIO_free (in); if (out != NULL) BIO_free_all (out); if (dh != NULL) DH_free (dh); apps_shutdown (); OPENSSL_EXIT (ret); }
int main(int argc, char *argv[]) { BN_CTX *ctx; BIO *out=NULL; int i,ret; unsigned char c; BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m; RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't * even check its return value * (which we should) */ ERR_load_BN_strings(); ctx=BN_CTX_new(); if (ctx == NULL) EXIT(1); r_mont=BN_new(); r_mont_const=BN_new(); r_recp=BN_new(); r_simple=BN_new(); a=BN_new(); b=BN_new(); m=BN_new(); if ( (r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL)) goto err; out=BIO_new(BIO_s_file()); if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); for (i=0; i<200; i++) { RAND_bytes(&c,1); c=(c%BN_BITS)-BN_BITS2; BN_rand(a,NUM_BITS+c,0,0); RAND_bytes(&c,1); c=(c%BN_BITS)-BN_BITS2; BN_rand(b,NUM_BITS+c,0,0); RAND_bytes(&c,1); c=(c%BN_BITS)-BN_BITS2; BN_rand(m,NUM_BITS+c,0,1); BN_mod(a,a,m,ctx); BN_mod(b,b,m,ctx); ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL); if (ret <= 0) { printf("BN_mod_exp_mont() problems\n"); ERR_print_errors(out); EXIT(1); } ret=BN_mod_exp_recp(r_recp,a,b,m,ctx); if (ret <= 0) { printf("BN_mod_exp_recp() problems\n"); ERR_print_errors(out); EXIT(1); } ret=BN_mod_exp_simple(r_simple,a,b,m,ctx); if (ret <= 0) { printf("BN_mod_exp_simple() problems\n"); ERR_print_errors(out); EXIT(1); } ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL); if (ret <= 0) { printf("BN_mod_exp_mont_consttime() problems\n"); ERR_print_errors(out); EXIT(1); } if (BN_cmp(r_simple, r_mont) == 0 && BN_cmp(r_simple,r_recp) == 0 && BN_cmp(r_simple,r_mont_const) == 0) { printf("."); fflush(stdout); } else { if (BN_cmp(r_simple,r_mont) != 0) printf("\nsimple and mont results differ\n"); if (BN_cmp(r_simple,r_mont) != 0) printf("\nsimple and mont const time results differ\n"); if (BN_cmp(r_simple,r_recp) != 0) printf("\nsimple and recp results differ\n"); printf("a (%3d) = ",BN_num_bits(a)); BN_print(out,a); printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b); printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m); printf("\nsimple ="); BN_print(out,r_simple); printf("\nrecp ="); BN_print(out,r_recp); printf("\nmont ="); BN_print(out,r_mont); printf("\nmont_ct ="); BN_print(out,r_mont_const); printf("\n"); EXIT(1); } } BN_free(r_mont); BN_free(r_mont_const); BN_free(r_recp); BN_free(r_simple); BN_free(a); BN_free(b); BN_free(m); BN_CTX_free(ctx); ERR_remove_state(0); CRYPTO_mem_leaks(out); BIO_free(out); printf(" done\n"); EXIT(0); err: ERR_load_crypto_strings(); ERR_print_errors(out); #ifdef OPENSSL_SYS_NETWARE printf("ERROR\n"); #endif EXIT(1); return(1); }
static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) { EC_KEY *a=NULL; EC_KEY *b=NULL; BIGNUM *x_a=NULL, *y_a=NULL, *x_b=NULL, *y_b=NULL; char buf[12]; unsigned char *abuf=NULL,*bbuf=NULL; int i,alen,blen,aout,bout,ret=0; const EC_GROUP *group; a = EC_KEY_new_by_curve_name(nid); b = EC_KEY_new_by_curve_name(nid); if (a == NULL || b == NULL) goto err; group = EC_KEY_get0_group(a); if ((x_a=BN_new()) == NULL) goto err; if ((y_a=BN_new()) == NULL) goto err; if ((x_b=BN_new()) == NULL) goto err; if ((y_b=BN_new()) == NULL) goto err; BIO_puts(out,"Testing key generation with "); BIO_puts(out,text); #ifdef NOISY BIO_puts(out,"\n"); #else (void)BIO_flush(out); #endif if (!EC_KEY_generate_key(a)) goto err; if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } else { if (!EC_POINT_get_affine_coordinates_GF2m(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } #ifdef NOISY BIO_puts(out," pri 1="); BN_print(out,a->priv_key); BIO_puts(out,"\n pub 1="); BN_print(out,x_a); BIO_puts(out,","); BN_print(out,y_a); BIO_puts(out,"\n"); #else BIO_printf(out," ."); (void)BIO_flush(out); #endif if (!EC_KEY_generate_key(b)) goto err; if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; } else { if (!EC_POINT_get_affine_coordinates_GF2m(group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; } #ifdef NOISY BIO_puts(out," pri 2="); BN_print(out,b->priv_key); BIO_puts(out,"\n pub 2="); BN_print(out,x_b); BIO_puts(out,","); BN_print(out,y_b); BIO_puts(out,"\n"); #else BIO_printf(out,"."); (void)BIO_flush(out); #endif alen=KDF1_SHA1_len; abuf=(unsigned char *)OPENSSL_malloc(alen); aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1); #ifdef NOISY BIO_puts(out," key1 ="); for (i=0; i<aout; i++) { TINYCLR_SSL_SPRINTF(buf,"%02X",abuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); #else BIO_printf(out,"."); (void)BIO_flush(out); #endif blen=KDF1_SHA1_len; bbuf=(unsigned char *)OPENSSL_malloc(blen); bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1); #ifdef NOISY BIO_puts(out," key2 ="); for (i=0; i<bout; i++) { TINYCLR_SSL_SPRINTF(buf,"%02X",bbuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); #else BIO_printf(out,"."); (void)BIO_flush(out); #endif if ((aout < 4) || (bout != aout) || (TINYCLR_SSL_MEMCMP(abuf,bbuf,aout) != 0)) { #ifndef NOISY BIO_printf(out, " failed\n\n"); BIO_printf(out, "key a:\n"); BIO_printf(out, "private key: "); BN_print(out, EC_KEY_get0_private_key(a)); BIO_printf(out, "\n"); BIO_printf(out, "public key (x,y): "); BN_print(out, x_a); BIO_printf(out, ","); BN_print(out, y_a); BIO_printf(out, "\nkey b:\n"); BIO_printf(out, "private key: "); BN_print(out, EC_KEY_get0_private_key(b)); BIO_printf(out, "\n"); BIO_printf(out, "public key (x,y): "); BN_print(out, x_b); BIO_printf(out, ","); BN_print(out, y_b); BIO_printf(out, "\n"); BIO_printf(out, "generated key a: "); for (i=0; i<bout; i++) { TINYCLR_SSL_SPRINTF(buf, "%02X", bbuf[i]); BIO_puts(out, buf); } BIO_printf(out, "\n"); BIO_printf(out, "generated key b: "); for (i=0; i<aout; i++) { TINYCLR_SSL_SPRINTF(buf, "%02X", abuf[i]); BIO_puts(out,buf); } BIO_printf(out, "\n"); #endif TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"Error in ECDH routines\n"); ret=0; } else { #ifndef NOISY BIO_printf(out, " ok\n"); #endif ret=1; } err: ERR_print_errors_fp(OPENSSL_TYPE__FILE_STDERR); if (abuf != NULL) OPENSSL_free(abuf); if (bbuf != NULL) OPENSSL_free(bbuf); if (x_a) BN_free(x_a); if (y_a) BN_free(y_a); if (x_b) BN_free(x_b); if (y_b) BN_free(y_b); if (b) EC_KEY_free(b); if (a) EC_KEY_free(a); return(ret); }
int MAIN(int argc, char **argv) { ENGINE *e = NULL; int ret=1; RSA *rsa=NULL; int i,badops=0, sgckey=0; const EVP_CIPHER *enc=NULL; BIO *out=NULL; int informat,outformat,text=0,check=0,noout=0; int pubin = 0, pubout = 0; char *infile,*outfile,*prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif int modulus=0; int pvk_encr = 2; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; infile=NULL; outfile=NULL; informat=FORMAT_PEM; outformat=FORMAT_PEM; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-passin") == 0) { if (--argc < 1) goto bad; passargin= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-passout") == 0) { if (--argc < 1) goto bad; passargout= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (TINYCLR_SSL_STRCMP(*argv,"-sgckey") == 0) sgckey=1; else if (TINYCLR_SSL_STRCMP(*argv,"-pubin") == 0) pubin=1; else if (TINYCLR_SSL_STRCMP(*argv,"-pubout") == 0) pubout=1; else if (TINYCLR_SSL_STRCMP(*argv,"-RSAPublicKey_in") == 0) pubin = 2; else if (TINYCLR_SSL_STRCMP(*argv,"-RSAPublicKey_out") == 0) pubout = 2; else if (TINYCLR_SSL_STRCMP(*argv,"-pvk-strong") == 0) pvk_encr=2; else if (TINYCLR_SSL_STRCMP(*argv,"-pvk-weak") == 0) pvk_encr=1; else if (TINYCLR_SSL_STRCMP(*argv,"-pvk-none") == 0) pvk_encr=0; else if (TINYCLR_SSL_STRCMP(*argv,"-noout") == 0) noout=1; else if (TINYCLR_SSL_STRCMP(*argv,"-text") == 0) text=1; else if (TINYCLR_SSL_STRCMP(*argv,"-modulus") == 0) modulus=1; else if (TINYCLR_SSL_STRCMP(*argv,"-check") == 0) check=1; else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -sgckey Use IIS SGC key format\n"); BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); #endif #ifndef OPENSSL_NO_SEED BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); #endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); BIO_printf(bio_err," -modulus print the RSA key modulus\n"); BIO_printf(bio_err," -check verify key consistency\n"); BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err," -pubout output a public key\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif goto end; } ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } if(check && pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; } out=BIO_new(BIO_s_file()); { EVP_PKEY *pkey; if (pubin) { int tmpformat=-1; if (pubin == 2) { if (informat == FORMAT_PEM) tmpformat = FORMAT_PEMRSA; else if (informat == FORMAT_ASN1) tmpformat = FORMAT_ASN1RSA; } else if (informat == FORMAT_NETSCAPE && sgckey) tmpformat = FORMAT_IISSGC; else tmpformat = informat; pkey = load_pubkey(bio_err, infile, tmpformat, 1, passin, e, "Public Key"); } else pkey = load_key(bio_err, infile, (informat == FORMAT_NETSCAPE && sgckey ? FORMAT_IISSGC : informat), 1, passin, e, "Private Key"); if (pkey != NULL) rsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); } if (rsa == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { TINYCLR_SSL_PERROR(outfile); goto end; } } if (text) if (!RSA_print(out,rsa,0)) { TINYCLR_SSL_PERROR(outfile); ERR_print_errors(bio_err); goto end; } if (modulus) { BIO_printf(out,"Modulus="); BN_print(out,rsa->n); BIO_printf(out,"\n"); } if (check) { int r = RSA_check_key(rsa); if (r == 1) BIO_printf(out,"RSA key ok\n"); else if (r == 0) { unsigned long err; while ((err = ERR_peek_error()) != 0 && ERR_GET_LIB(err) == ERR_LIB_RSA && ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) { BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); ERR_get_error(); /* remove e from error stack */ } } if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ { ERR_print_errors(bio_err); goto end; } } if (noout) { ret = 0; goto end; } BIO_printf(bio_err,"writing RSA key\n"); if (outformat == FORMAT_ASN1) { if(pubout || pubin) { if (pubout == 2) i=i2d_RSAPublicKey_bio(out,rsa); else i=i2d_RSA_PUBKEY_bio(out,rsa); } else i=i2d_RSAPrivateKey_bio(out,rsa); } #ifndef OPENSSL_NO_RC4 else if (outformat == FORMAT_NETSCAPE) { unsigned char *p,*pp; int size; i=1; size=i2d_RSA_NET(rsa,NULL,NULL, sgckey); if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL) { BIO_printf(bio_err,"Memory allocation failure\n"); goto end; } pp=p; i2d_RSA_NET(rsa,&p,NULL, sgckey); BIO_write(out,(char *)pp,size); OPENSSL_free(pp); } #endif else if (outformat == FORMAT_PEM) { if(pubout || pubin) { if (pubout == 2) i=PEM_write_bio_RSAPublicKey(out,rsa); else i=PEM_write_bio_RSA_PUBKEY(out,rsa); } else i=PEM_write_bio_RSAPrivateKey(out,rsa, enc,NULL,0,NULL,passout); #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); EVP_PKEY_set1_RSA(pk, rsa); if (outformat == FORMAT_PVK) i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); else if (pubin || pubout) i = i2b_PublicKey_bio(out, pk); else i = i2b_PrivateKey_bio(out, pk); EVP_PKEY_free(pk); #endif } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (i <= 0) { BIO_printf(bio_err,"unable to write key\n"); ERR_print_errors(bio_err); } else ret=0; end: if(out != NULL) BIO_free_all(out); if(rsa != NULL) RSA_free(rsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); apps_shutdown(); OPENSSL_EXIT(ret); }
int prime_main(int argc, char **argv) { BIGNUM *bn = NULL; char *prime = NULL; BIO *bio_out; char *s; int ret = 1; memset(&prime_config, 0, sizeof(prime_config)); /* Default iterations for Miller-Rabin probabilistic primality test. */ prime_config.checks = 20; if (options_parse(argc, argv, prime_options, &prime, NULL) != 0) { prime_usage(); return (1); } if (prime == NULL && prime_config.generate == 0) { BIO_printf(bio_err, "No prime specified.\n"); prime_usage(); return (1); } if ((bio_out = BIO_new(BIO_s_file())) == NULL) { ERR_print_errors(bio_err); return (1); } BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); if (prime_config.generate != 0) { if (prime_config.bits == 0) { BIO_printf(bio_err, "Specify the number of bits.\n"); goto end; } bn = BN_new(); if (!bn) { BIO_printf(bio_err, "Out of memory.\n"); goto end; } if (!BN_generate_prime_ex(bn, prime_config.bits, prime_config.safe, NULL, NULL, NULL)) { BIO_printf(bio_err, "Prime generation error.\n"); goto end; } s = prime_config.hex ? BN_bn2hex(bn) : BN_bn2dec(bn); if (s == NULL) { BIO_printf(bio_err, "Out of memory.\n"); goto end; } BIO_printf(bio_out, "%s\n", s); free(s); } else { if (prime_config.hex) { if (!BN_hex2bn(&bn, prime)) { BIO_printf(bio_err, "%s is an invalid hex " "value.\n", prime); goto end; } } else { if (!BN_dec2bn(&bn, prime)) { BIO_printf(bio_err, "%s is an invalid decimal " "value.\n", prime); goto end; } } BN_print(bio_out, bn); BIO_printf(bio_out, " is %sprime\n", BN_is_prime_ex(bn, prime_config.checks, NULL, NULL) ? "" : "not "); } ret = 0; end: BN_free(bn); BIO_free_all(bio_out); return (ret); }
int MAIN(int argc, char **argv) { int hex=0; int checks=20; int generate=0; int bits=0; int safe=0; BIGNUM *bn=NULL; BIO *bio_out; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); --argc; ++argv; while (argc >= 1 && **argv == '-') { if(!strcmp(*argv,"-hex")) hex=1; else if(!strcmp(*argv,"-generate")) generate=1; else if(!strcmp(*argv,"-bits")) if(--argc < 1) goto bad; else bits=atoi(*++argv); else if(!strcmp(*argv,"-safe")) safe=1; else if(!strcmp(*argv,"-checks")) if(--argc < 1) goto bad; else checks=atoi(*++argv); else { BIO_printf(bio_err,"Unknown option '%s'\n",*argv); goto bad; } --argc; ++argv; } if (argv[0] == NULL && !generate) { BIO_printf(bio_err,"No prime specified\n"); goto bad; } if ((bio_out=BIO_new(BIO_s_file())) != NULL) { BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); bio_out = BIO_push(tmpbio, bio_out); } #endif } if(generate) { char *s; if(!bits) { BIO_printf(bio_err,"Specifiy the number of bits.\n"); return 1; } bn=BN_new(); BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL); s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn); BIO_printf(bio_out,"%s\n",s); OPENSSL_free(s); } else { if(hex) BN_hex2bn(&bn,argv[0]); else BN_dec2bn(&bn,argv[0]); BN_print(bio_out,bn); BIO_printf(bio_out," is %sprime\n", BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); } BN_free(bn); BIO_free_all(bio_out); return 0; bad: BIO_printf(bio_err,"options are\n"); BIO_printf(bio_err,"%-14s hex\n","-hex"); BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>"); return 1; }
int main(int argc, char *argv[]) { BN_GENCB _cb; DH *a; DH *b = NULL; char buf[12]; unsigned char *abuf = NULL, *bbuf = NULL; int i, alen, blen, aout, bout, ret = 1; BIO *out; CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); # ifdef OPENSSL_SYS_WIN32 CRYPTO_malloc_init(); # endif RAND_seed(rnd_seed, sizeof rnd_seed); out = BIO_new(BIO_s_file()); if (out == NULL) EXIT(1); BIO_set_fp(out, stdout, BIO_NOCLOSE); BN_GENCB_set(&_cb, &cb, out); if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, &_cb)) goto err; if (!DH_check(a, &i)) goto err; if (i & DH_CHECK_P_NOT_PRIME) BIO_puts(out, "p value is not prime\n"); if (i & DH_CHECK_P_NOT_SAFE_PRIME) BIO_puts(out, "p value is not a safe prime\n"); if (i & DH_UNABLE_TO_CHECK_GENERATOR) BIO_puts(out, "unable to check the generator value\n"); if (i & DH_NOT_SUITABLE_GENERATOR) BIO_puts(out, "the g value is not a generator\n"); BIO_puts(out, "\np ="); BN_print(out, a->p); BIO_puts(out, "\ng ="); BN_print(out, a->g); BIO_puts(out, "\n"); b = DH_new(); if (b == NULL) goto err; b->p = BN_dup(a->p); b->g = BN_dup(a->g); if ((b->p == NULL) || (b->g == NULL)) goto err; /* Set a to run with normal modexp and b to use constant time */ a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; b->flags |= DH_FLAG_NO_EXP_CONSTTIME; if (!DH_generate_key(a)) goto err; BIO_puts(out, "pri 1="); BN_print(out, a->priv_key); BIO_puts(out, "\npub 1="); BN_print(out, a->pub_key); BIO_puts(out, "\n"); if (!DH_generate_key(b)) goto err; BIO_puts(out, "pri 2="); BN_print(out, b->priv_key); BIO_puts(out, "\npub 2="); BN_print(out, b->pub_key); BIO_puts(out, "\n"); alen = DH_size(a); abuf = (unsigned char *)OPENSSL_malloc(alen); aout = DH_compute_key(abuf, b->pub_key, a); BIO_puts(out, "key1 ="); for (i = 0; i < aout; i++) { snprintf(buf, sizeof(buf), "%02X",abuf[i]); BIO_puts(out, buf); } BIO_puts(out, "\n"); blen = DH_size(b); bbuf = (unsigned char *)OPENSSL_malloc(blen); bout = DH_compute_key(bbuf, a->pub_key, b); BIO_puts(out, "key2 ="); for (i = 0; i < bout; i++) { snprintf(buf, sizeof(buf), "%02X",bbuf[i]); BIO_puts(out, buf); } BIO_puts(out, "\n"); if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { fprintf(stderr, "Error in DH routines\n"); ret = 1; } else ret = 0; err: ERR_print_errors_fp(stderr); if (abuf != NULL) OPENSSL_free(abuf); if (bbuf != NULL) OPENSSL_free(bbuf); if (b != NULL) DH_free(b); if (a != NULL) DH_free(a); BIO_free(out); # ifdef OPENSSL_SYS_NETWARE if (ret) printf("ERROR: %d\n", ret); # endif EXIT(ret); return (ret); }
int rsa_main(int argc, char **argv) { int ret = 1; RSA *rsa = NULL; int i; BIO *out = NULL; char *passin = NULL, *passout = NULL; if (single_execution) { if (pledge("stdio rpath wpath cpath tty", NULL) == -1) { perror("pledge"); exit(1); } } memset(&rsa_config, 0, sizeof(rsa_config)); rsa_config.pvk_encr = 2; rsa_config.informat = FORMAT_PEM; rsa_config.outformat = FORMAT_PEM; if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) { rsa_usage(); goto end; } if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } if (rsa_config.check && rsa_config.pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; } out = BIO_new(BIO_s_file()); { EVP_PKEY *pkey; if (rsa_config.pubin) { int tmpformat = -1; if (rsa_config.pubin == 2) { if (rsa_config.informat == FORMAT_PEM) tmpformat = FORMAT_PEMRSA; else if (rsa_config.informat == FORMAT_ASN1) tmpformat = FORMAT_ASN1RSA; } else if (rsa_config.informat == FORMAT_NETSCAPE && rsa_config.sgckey) tmpformat = FORMAT_IISSGC; else tmpformat = rsa_config.informat; pkey = load_pubkey(bio_err, rsa_config.infile, tmpformat, 1, passin, "Public Key"); } else pkey = load_key(bio_err, rsa_config.infile, (rsa_config.informat == FORMAT_NETSCAPE && rsa_config.sgckey ? FORMAT_IISSGC : rsa_config.informat), 1, passin, "Private Key"); if (pkey != NULL) rsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); } if (rsa == NULL) { ERR_print_errors(bio_err); goto end; } if (rsa_config.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, rsa_config.outfile) <= 0) { perror(rsa_config.outfile); goto end; } } if (rsa_config.text) if (!RSA_print(out, rsa, 0)) { perror(rsa_config.outfile); ERR_print_errors(bio_err); goto end; } if (rsa_config.modulus) { BIO_printf(out, "Modulus="); BN_print(out, rsa->n); BIO_printf(out, "\n"); } if (rsa_config.check) { int r = RSA_check_key(rsa); if (r == 1) BIO_printf(out, "RSA key ok\n"); else if (r == 0) { unsigned long err; while ((err = ERR_peek_error()) != 0 && ERR_GET_LIB(err) == ERR_LIB_RSA && ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) { BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); ERR_get_error(); /* remove e from error * stack */ } } if (r == -1 || ERR_peek_error() != 0) { /* should happen only if * r == -1 */ ERR_print_errors(bio_err); goto end; } } if (rsa_config.noout) { ret = 0; goto end; } BIO_printf(bio_err, "writing RSA key\n"); if (rsa_config.outformat == FORMAT_ASN1) { if (rsa_config.pubout || rsa_config.pubin) { if (rsa_config.pubout == 2) i = i2d_RSAPublicKey_bio(out, rsa); else i = i2d_RSA_PUBKEY_bio(out, rsa); } else i = i2d_RSAPrivateKey_bio(out, rsa); } #ifndef OPENSSL_NO_RC4 else if (rsa_config.outformat == FORMAT_NETSCAPE) { unsigned char *p, *pp; int size; i = 1; size = i2d_RSA_NET(rsa, NULL, NULL, rsa_config.sgckey); if ((p = malloc(size)) == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } pp = p; i2d_RSA_NET(rsa, &p, NULL, rsa_config.sgckey); BIO_write(out, (char *) pp, size); free(pp); } #endif else if (rsa_config.outformat == FORMAT_PEM) { if (rsa_config.pubout || rsa_config.pubin) { if (rsa_config.pubout == 2) i = PEM_write_bio_RSAPublicKey(out, rsa); else i = PEM_write_bio_RSA_PUBKEY(out, rsa); } else i = PEM_write_bio_RSAPrivateKey(out, rsa, rsa_config.enc, NULL, 0, NULL, passout); #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) } else if (rsa_config.outformat == FORMAT_MSBLOB || rsa_config.outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); EVP_PKEY_set1_RSA(pk, rsa); if (rsa_config.outformat == FORMAT_PVK) i = i2b_PVK_bio(out, pk, rsa_config.pvk_encr, 0, passout); else if (rsa_config.pubin || rsa_config.pubout) i = i2b_PublicKey_bio(out, pk); else i = i2b_PrivateKey_bio(out, pk); EVP_PKEY_free(pk); #endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (i <= 0) { BIO_printf(bio_err, "unable to write key\n"); ERR_print_errors(bio_err); } else ret = 0; end: BIO_free_all(out); RSA_free(rsa); free(passin); free(passout); return (ret); }