int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
{
EVP_PKEY *pkey;
ASN1_IA5STRING *chal;
int i, n;
char *s;
BIO_printf(out, "Netscape SPKI:\n");
i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
BIO_printf(out," Public Key Algorithm: %s\n",
(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
pkey = X509_PUBKEY_get(spki->spkac->pubkey);
if(!pkey) BIO_printf(out, " Unable to load public key\n");
else {
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
BIO_printf(out," RSA Public Key: (%d bit)\n",
BN_num_bits(pkey->pkey.rsa->n));
RSA_print(out,pkey->pkey.rsa,2);
}
else
#endif
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
{
BIO_printf(out," DSA Public Key:\n");
DSA_print(out,pkey->pkey.dsa,2);
}
else
#endif
#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC)
{
BIO_printf(out, " EC Public Key:\n");
EC_KEY_print(out, pkey->pkey.ec,2);
}
else
#endif
BIO_printf(out," Unknown Public Key:\n");
EVP_PKEY_free(pkey);
}
chal = spki->spkac->challenge;
if(chal->length)
BIO_printf(out, " Challenge String: %s\n", chal->data);
i=OBJ_obj2nid(spki->sig_algor->algorithm);
BIO_printf(out," Signature Algorithm: %s",
(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
n=spki->signature->length;
s=(char *)spki->signature->data;
for (i=0; i<n; i++)
{
if ((i%18) == 0) BIO_write(out,"\n ",7);
BIO_printf(out,"%02x%s",(unsigned char)s[i],
((i+1) == n)?"":":");
}
BIO_write(out,"\n",1);
return 1;
}
main ()
{
int i;
BIGNUM *n;
BN_CTX *ctx;
unsigned char seed_buf[20];
DSA *dsa;
int counter, h;
BIO *bio_err = NULL;
if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
memcpy (seed_buf, seed, 20);
dsa = DSA_generate_parameters (1024, seed, 20, &counter, &h, cb, bio_err);
if (dsa == NULL)
DSA_print (bio_err, dsa, 0);
}
int DSA_print_fp(FILE *fp, const DSA *x, int off)
{
BIO *b;
int ret;
if ((b = BIO_new(BIO_s_file())) == NULL) {
DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
return 0;
}
BIO_set_fp(b, fp, BIO_NOCLOSE);
ret = DSA_print(b, x, off);
BIO_free(b);
return ret;
}
main()
{
int i;
BIGNUM *n;
BN_CTX *ctx;
unsigned char seed_buf[20];
DSA *dsa;
int counter,h;
BIO *bio_err=NULL;
if (bio_err == NULL)
bio_err=BIO_new_fp(OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE);
TINYCLR_SSL_MEMCPY(seed_buf,seed,20);
dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
if (dsa == NULL)
DSA_print(bio_err,dsa,0);
}
int ssl_test_dsa(int argc, char **argv)
{
BN_GENCB cb;
DSA *dsa=NULL;
int counter,ret=0,i,j;
unsigned char buf[256];
unsigned long h;
unsigned char sig[256];
unsigned int siglen;
#ifndef OPENSSL_SYS_WINDOWS
bio_err = BIO_new(BIO_s_mem());
if (bio_err == NULL) return(1);
#else
if (bio_err == NULL)
bio_err=BIO_new_fp(OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE);
#endif
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
RAND_seed(rnd_seed, sizeof rnd_seed);
TINYCLR_SSL_PRINTF("test generation of DSA parameters\n");
BN_GENCB_set(&cb, dsa_cb, bio_err);
if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
seed, 20, &counter, &h, &cb))
goto end;
TINYCLR_SSL_PRINTF("seed\n");
for (i=0; i<20; i+=4)
{
TINYCLR_SSL_PRINTF("%02X%02X%02X%02X ",
seed[i],seed[i+1],seed[i+2],seed[i+3]);
}
TINYCLR_SSL_PRINTF("\ncounter=%d h=%ld\n",counter,h);
DSA_print(bio_err,dsa,0);
if (counter != 105)
{
TINYCLR_SSL_PRINTF("counter should be 105\n");
goto end;
}
if (h != 2)
{
TINYCLR_SSL_PRINTF("h should be 2\n");
goto end;
}
i=BN_bn2bin(dsa->q,buf);
j=sizeof(out_q);
if ((i != j) || (TINYCLR_SSL_MEMCMP(buf,out_q,i) != 0))
{
TINYCLR_SSL_PRINTF("q value is wrong\n");
goto end;
}
i=BN_bn2bin(dsa->p,buf);
j=sizeof(out_p);
if ((i != j) || (TINYCLR_SSL_MEMCMP(buf,out_p,i) != 0))
{
TINYCLR_SSL_PRINTF("p value is wrong\n");
goto end;
}
i=BN_bn2bin(dsa->g,buf);
j=sizeof(out_g);
if ((i != j) || (TINYCLR_SSL_MEMCMP(buf,out_g,i) != 0))
{
TINYCLR_SSL_PRINTF("g value is wrong\n");
goto end;
}
dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret=1;
dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret=1;
end:
if (!ret)
ERR_print_errors(bio_err);
if (dsa != NULL) DSA_free(dsa);
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
ERR_free_strings();
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL)
{
BIO_free(bio_err);
bio_err = NULL;
}
#ifdef OPENSSL_SYS_NETWARE
if (!ret) TINYCLR_SSL_PRINTF("ERROR\n");
#endif
return(0);
}
int main(int argc, char **argv)
{
BN_GENCB *cb;
DSA *dsa = NULL;
int counter, ret = 0, i, j;
unsigned char buf[256];
unsigned long h;
unsigned char sig[256];
unsigned int siglen;
BIGNUM *p = NULL, *q = NULL, *g = NULL;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
RAND_seed(rnd_seed, sizeof rnd_seed);
BIO_printf(bio_err, "test generation of DSA parameters\n");
cb = BN_GENCB_new();
if (!cb)
goto end;
BN_GENCB_set(cb, dsa_cb, bio_err);
if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
seed, 20,
&counter,
&h, cb))
goto end;
BIO_printf(bio_err, "seed\n");
for (i = 0; i < 20; i += 4) {
BIO_printf(bio_err, "%02X%02X%02X%02X ",
seed[i], seed[i + 1], seed[i + 2], seed[i + 3]);
}
BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h);
DSA_print(bio_err, dsa, 0);
if (counter != 105) {
BIO_printf(bio_err, "counter should be 105\n");
goto end;
}
if (h != 2) {
BIO_printf(bio_err, "h should be 2\n");
goto end;
}
DSA_get0_pqg(dsa, &p, &q, &g);
i = BN_bn2bin(q, buf);
j = sizeof(out_q);
if ((i != j) || (memcmp(buf, out_q, i) != 0)) {
BIO_printf(bio_err, "q value is wrong\n");
goto end;
}
i = BN_bn2bin(p, buf);
j = sizeof(out_p);
if ((i != j) || (memcmp(buf, out_p, i) != 0)) {
BIO_printf(bio_err, "p value is wrong\n");
goto end;
}
i = BN_bn2bin(g, buf);
j = sizeof(out_g);
if ((i != j) || (memcmp(buf, out_g, i) != 0)) {
BIO_printf(bio_err, "g value is wrong\n");
goto end;
}
DSA_set_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME);
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret = 1;
DSA_clear_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME);
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret = 1;
end:
if (!ret)
ERR_print_errors(bio_err);
DSA_free(dsa);
BN_GENCB_free(cb);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (CRYPTO_mem_leaks(bio_err) <= 0)
ret = 0;
#endif
BIO_free(bio_err);
bio_err = NULL;
EXIT(!ret);
}
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
const EVP_CIPHER *enc=NULL;
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
#ifndef OPENSSL_NO_ENGINE
char *engine;
#endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
int pvk_encr = 2;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
#ifndef OPENSSL_NO_ENGINE
engine=NULL;
#endif
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (TINYCLR_SSL_STRCMP(*argv,"-pvk-strong") == 0)
pvk_encr=2;
else if (TINYCLR_SSL_STRCMP(*argv,"-pvk-weak") == 0)
pvk_encr=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-pvk-none") == 0)
pvk_encr=0;
else if (TINYCLR_SSL_STRCMP(*argv,"-noout") == 0)
noout=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-text") == 0)
text=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-modulus") == 0)
modulus=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-pubin") == 0)
pubin=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-pubout") == 0)
pubout=1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
#endif
#ifndef OPENSSL_NO_SEED
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
#endif
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the DSA public value\n");
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
TINYCLR_SSL_PERROR(infile);
goto end;
}
}
BIO_printf(bio_err,"read DSA key\n");
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1,
passin, e, "Public Key");
else
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "Private Key");
if (pkey)
{
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
}
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
TINYCLR_SSL_PERROR(outfile);
goto end;
}
}
if (text)
if (!DSA_print(out,dsa,0))
{
TINYCLR_SSL_PERROR(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (modulus)
{
TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDOUT,"Public Key=");
BN_print(out,dsa->pub_key);
TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDOUT,"\n");
}
if (noout) goto end;
BIO_printf(bio_err,"writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
else i=i2d_DSAPrivateKey_bio(out,dsa);
} else if (outformat == FORMAT_PEM) {
if(pubin || pubout)
i=PEM_write_bio_DSA_PUBKEY(out,dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
NULL,0,NULL, passout);
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
else if (pubin || pubout)
i = i2b_PublicKey_bio(out, pk);
else
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
#endif
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (i <= 0)
{
BIO_printf(bio_err,"unable to write private key\n");
ERR_print_errors(bio_err);
}
else
ret=0;
end:
if(in != NULL) BIO_free(in);
if(out != NULL) BIO_free_all(out);
if(dsa != NULL) DSA_free(dsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
{
unsigned long l;
int i;
const char *neg;
X509_REQ_INFO *ri;
EVP_PKEY *pkey;
STACK_OF(X509_ATTRIBUTE) *sk;
STACK_OF(X509_EXTENSION) *exts;
char mlch = ' ';
int nmindent = 0;
if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mlch = '\n';
nmindent = 12;
}
if(nmflags == X509_FLAG_COMPAT)
nmindent = 16;
ri=x->req_info;
if(!(cflag & X509_FLAG_NO_HEADER))
{
if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
if (BIO_write(bp," Data:\n",10) <= 0) goto err;
}
if(!(cflag & X509_FLAG_NO_VERSION))
{
neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
l=0;
for (i=0; i<ri->version->length; i++)
{ l<<=8; l+=ri->version->data[i]; }
if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
l) <= 0)
goto err;
}
if(!(cflag & X509_FLAG_NO_SUBJECT))
{
if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
if (BIO_write(bp,"\n",1) <= 0) goto err;
}
if(!(cflag & X509_FLAG_NO_PUBKEY))
{
if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
goto err;
if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
goto err;
if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
goto err;
if (BIO_puts(bp, "\n") <= 0)
goto err;
pkey=X509_REQ_get_pubkey(x);
if (pkey == NULL)
{
BIO_printf(bp,"%12sUnable to load Public Key\n","");
ERR_print_errors(bp);
}
else
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
BN_num_bits(pkey->pkey.rsa->n));
RSA_print(bp,pkey->pkey.rsa,16);
}
else
#endif
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
{
BIO_printf(bp,"%12sDSA Public Key:\n","");
DSA_print(bp,pkey->pkey.dsa,16);
}
else
#endif
#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC)
{
BIO_printf(bp, "%12sEC Public Key: \n","");
EC_KEY_print(bp, pkey->pkey.ec, 16);
}
else
#endif
BIO_printf(bp,"%12sUnknown Public Key:\n","");
EVP_PKEY_free(pkey);
}
if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
{
/* may not be */
if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
goto err;
sk=x->req_info->attributes;
if (sk_X509_ATTRIBUTE_num(sk) == 0)
{
if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
goto err;
}
else
{
for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
{
ASN1_TYPE *at;
X509_ATTRIBUTE *a;
ASN1_BIT_STRING *bs=NULL;
ASN1_TYPE *t;
int j,type=0,count=1,ii=0;
a=sk_X509_ATTRIBUTE_value(sk,i);
if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
continue;
if(BIO_printf(bp,"%12s","") <= 0)
goto err;
if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
{
if (a->single)
{
t=a->value.single;
type=t->type;
bs=t->value.bit_string;
}
else
{
ii=0;
count=sk_ASN1_TYPE_num(a->value.set);
get_next:
at=sk_ASN1_TYPE_value(a->value.set,ii);
type=at->type;
bs=at->value.asn1_string;
}
}
for (j=25-j; j>0; j--)
if (BIO_write(bp," ",1) != 1) goto err;
if (BIO_puts(bp,":") <= 0) goto err;
if ( (type == V_ASN1_PRINTABLESTRING) ||
(type == V_ASN1_T61STRING) ||
(type == V_ASN1_IA5STRING))
{
if (BIO_write(bp,(char *)bs->data,bs->length)
!= bs->length)
goto err;
BIO_puts(bp,"\n");
}
else
{
BIO_puts(bp,"unable to print attribute\n");
}
if (++ii < count) goto get_next;
}
}
}
if(!(cflag & X509_FLAG_NO_EXTENSIONS))
{
exts = X509_REQ_get_extensions(x);
if(exts)
{
BIO_printf(bp,"%8sRequested Extensions:\n","");
for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
{
ASN1_OBJECT *obj;
X509_EXTENSION *ex;
int j;
ex=sk_X509_EXTENSION_value(exts, i);
if (BIO_printf(bp,"%12s","") <= 0) goto err;
obj=X509_EXTENSION_get_object(ex);
i2a_ASN1_OBJECT(bp,obj);
j=X509_EXTENSION_get_critical(ex);
if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
goto err;
if(!X509V3_EXT_print(bp, ex, cflag, 16))
{
BIO_printf(bp, "%16s", "");
M_ASN1_OCTET_STRING_print(bp,ex->value);
}
if (BIO_write(bp,"\n",1) <= 0) goto err;
}
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
}
if(!(cflag & X509_FLAG_NO_SIGDUMP))
{
if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
}
return(1);
err:
X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB);
return(0);
}
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
const EVP_CIPHER *enc=NULL;
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
#ifndef OPENSSL_NO_ENGINE
char *engine;
#endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
#ifndef OPENSSL_NO_ENGINE
engine=NULL;
#endif
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-modulus") == 0)
modulus=1;
else if (strcmp(*argv,"-pubin") == 0)
pubin=1;
else if (strcmp(*argv,"-pubout") == 0)
pubout=1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the DSA public value\n");
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
BIO_printf(bio_err,"read DSA key\n");
if (informat == FORMAT_ASN1) {
if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
else dsa=d2i_DSAPrivateKey_bio(in,NULL);
} else if (informat == FORMAT_PEM) {
if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
} else
{
BIO_printf(bio_err,"bad input format specified for key\n");
goto end;
}
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (text)
if (!DSA_print(out,dsa,0))
{
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (modulus)
{
fprintf(stdout,"Public Key=");
BN_print(out,dsa->pub_key);
fprintf(stdout,"\n");
}
if (noout) goto end;
BIO_printf(bio_err,"writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
else i=i2d_DSAPrivateKey_bio(out,dsa);
} else if (outformat == FORMAT_PEM) {
if(pubin || pubout)
i=PEM_write_bio_DSA_PUBKEY(out,dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
NULL,0,NULL, passout);
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write private key\n");
ERR_print_errors(bio_err);
}
else
ret=0;
end:
if(in != NULL) BIO_free(in);
if(out != NULL) BIO_free_all(out);
if(dsa != NULL) DSA_free(dsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int main(int argc, char **argv)
{
DSA *dsa=NULL;
int counter,ret=0,i,j;
unsigned char buf[256];
unsigned long h;
unsigned char sig[256];
unsigned int siglen;
ERR_load_crypto_strings();
RAND_seed(rnd_seed, sizeof rnd_seed);
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
BIO_printf(bio_err,"test generation of DSA parameters\n");
dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
BIO_printf(bio_err,"seed\n");
for (i=0; i<20; i+=4)
{
BIO_printf(bio_err,"%02X%02X%02X%02X ",
seed[i],seed[i+1],seed[i+2],seed[i+3]);
}
BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
if (dsa == NULL) goto end;
DSA_print(bio_err,dsa,0);
if (counter != 105)
{
BIO_printf(bio_err,"counter should be 105\n");
goto end;
}
if (h != 2)
{
BIO_printf(bio_err,"h should be 2\n");
goto end;
}
i=BN_bn2bin(dsa->q,buf);
j=sizeof(out_q);
if ((i != j) || (memcmp(buf,out_q,i) != 0))
{
BIO_printf(bio_err,"q value is wrong\n");
goto end;
}
i=BN_bn2bin(dsa->p,buf);
j=sizeof(out_p);
if ((i != j) || (memcmp(buf,out_p,i) != 0))
{
BIO_printf(bio_err,"p value is wrong\n");
goto end;
}
i=BN_bn2bin(dsa->g,buf);
j=sizeof(out_g);
if ((i != j) || (memcmp(buf,out_g,i) != 0))
{
BIO_printf(bio_err,"g value is wrong\n");
goto end;
}
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret=1;
end:
if (!ret)
ERR_print_errors(bio_err);
if (dsa != NULL) DSA_free(dsa);
ERR_remove_state(0);
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL)
{
BIO_free(bio_err);
bio_err = NULL;
}
exit(!ret);
return(0);
}
inline void dsa_key::print(bio::bio_ptr bio, int offset) const
{
error::throw_error_if_not(DSA_print(bio.raw(), ptr().get(), offset) != 0);
}
int
dsa_main(int argc, char **argv)
{
int ret = 1;
DSA *dsa = NULL;
int i;
BIO *in = NULL, *out = NULL;
char *passin = NULL, *passout = NULL;
memset(&dsa_config, 0, sizeof(dsa_config));
dsa_config.pvk_encr = 2;
dsa_config.informat = FORMAT_PEM;
dsa_config.outformat = FORMAT_PEM;
if (options_parse(argc, argv, dsa_options, NULL, NULL) != 0) {
dsa_usage();
goto end;
}
if (!app_passwd(bio_err, dsa_config.passargin, dsa_config.passargout,
&passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if (in == NULL || out == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (dsa_config.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, dsa_config.infile) <= 0) {
perror(dsa_config.infile);
goto end;
}
}
BIO_printf(bio_err, "read DSA key\n");
{
EVP_PKEY *pkey;
if (dsa_config.pubin)
pkey = load_pubkey(bio_err, dsa_config.infile,
dsa_config.informat, 1, passin, "Public Key");
else
pkey = load_key(bio_err, dsa_config.infile,
dsa_config.informat, 1, passin, "Private Key");
if (pkey) {
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (dsa_config.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
if (BIO_write_filename(out, dsa_config.outfile) <= 0) {
perror(dsa_config.outfile);
goto end;
}
}
if (dsa_config.text) {
if (!DSA_print(out, dsa, 0)) {
perror(dsa_config.outfile);
ERR_print_errors(bio_err);
goto end;
}
}
if (dsa_config.modulus) {
fprintf(stdout, "Public Key=");
BN_print(out, dsa->pub_key);
fprintf(stdout, "\n");
}
if (dsa_config.noout)
goto end;
BIO_printf(bio_err, "writing DSA key\n");
if (dsa_config.outformat == FORMAT_ASN1) {
if (dsa_config.pubin || dsa_config.pubout)
i = i2d_DSA_PUBKEY_bio(out, dsa);
else
i = i2d_DSAPrivateKey_bio(out, dsa);
} else if (dsa_config.outformat == FORMAT_PEM) {
if (dsa_config.pubin || dsa_config.pubout)
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
else
i = PEM_write_bio_DSAPrivateKey(out, dsa, dsa_config.enc,
NULL, 0, NULL, passout);
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
} else if (dsa_config.outformat == FORMAT_MSBLOB ||
dsa_config.outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
EVP_PKEY_set1_DSA(pk, dsa);
if (dsa_config.outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, dsa_config.pvk_encr, 0,
passout);
else if (dsa_config.pubin || dsa_config.pubout)
i = i2b_PublicKey_bio(out, pk);
else
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
#endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (i <= 0) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
} else
ret = 0;
end:
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
free(passin);
free(passout);
return (ret);
}
void anubis_dump_server_certificate(SSL *ssl) {
X509 *x509Cert = SSL_get_peer_certificate(ssl);
char buffer[1024];
BIO *bio = NULL;
char *buf = NULL;
if(!x509Cert) {
anubis_ssl_perror("SSL_get_peer_certificate()");
return;
}
bio = BIO_new(BIO_s_mem());
if(!bio) {
anubis_ssl_perror("BIO_new()");
X509_free(x509Cert);
return;
}//end if
BIO_reset(bio);
if(!PEM_write_bio_X509(bio, x509Cert)) {
anubis_ssl_perror("PEM_write_bio_X509()");
BIO_free(bio);
X509_free(x509Cert);
return;
}
BIO_get_mem_data(bio, &buf);
anubis_out("Server certificate:\n%s", buf);
// Cert Version
long version = 0;
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_VERSION)) {
version = X509_get_version(x509Cert);
fprintf(out_stream, "Version: %ld\n", version);
}//end if
// Cert Serial No. - Code adapted from OpenSSL's crypto/asn1/t_x509.c
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SERIAL)) {
ASN1_INTEGER *bs;
long l;
int i;
const char *neg;
bs = X509_get_serialNumber(x509Cert);
if (bs->length <= 4) {
l = ASN1_INTEGER_get(bs);
if (l < 0) {
l= -l;
neg = "-";
}
else
neg = "";
fprintf(out_stream, "Serial Number: %lu (%#lx)\n", l, l);
}
else {
neg = (bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
fprintf(out_stream, "Serial Number: %s", neg);
for (i = 0; i < bs->length; i++) {
fprintf(out_stream, "%02x%c", bs->data[i], (i+1 == bs->length)?'\n':':');
}
}
}
// Signature Algo...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SIGNAME)) {
i2a_ASN1_OBJECT(bio, x509Cert->cert_info->signature->algorithm);
BIO_get_mem_data(bio, &buf);
fprintf(out_stream, "Signature Algorithm:\n%s\n", buf);
}
// SSL Certificate Issuer...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_ISSUER)) {
X509_NAME_oneline(X509_get_issuer_name(x509Cert), buffer, sizeof(buffer) - 1);
fprintf(out_stream, "Issuer: %s\n", buffer);
}
// Validity...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_VALIDITY)) {
BIO_reset(bio);
ASN1_TIME_print(bio, X509_get_notBefore(x509Cert));
BIO_get_mem_data(bio, &buf);
fprintf(out_stream, "Not Valid Before: %s\n", buf);
BIO_reset(bio);
ASN1_TIME_print(bio, X509_get_notAfter(x509Cert));
BIO_get_mem_data(bio, &buf);
fprintf(out_stream, "Not Valid After: %s\n", buf);
}
// SSL Certificate Subject...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SUBJECT)) {
X509_NAME_oneline(X509_get_subject_name(x509Cert), buffer, sizeof(buffer) - 1);
fprintf(out_stream, "Subject: %s\n", buffer);
}
// Public Key Algo...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_PUBKEY)) {
BIO_reset(bio);
i2a_ASN1_OBJECT(bio, x509Cert->cert_info->key->algor->algorithm);
BIO_get_mem_data(bio, &buf);
fprintf(out_stream, "Public Key Algorithm: %s\n", buf);
// Public Key...
EVP_PKEY *publicKey = NULL;
publicKey = X509_get_pubkey(x509Cert);
if (publicKey == NULL) {
anubis_err("Public Key Could not load\n");
}
else {
BIO_reset(bio);
char *publicKeyType = NULL;
int publicKeyLength = -1;
switch (publicKey->type) {
case EVP_PKEY_RSA:
publicKeyType = "RSA";
if (publicKey->pkey.rsa) {
publicKeyLength = BN_num_bits(publicKey->pkey.rsa->n);
RSA_print(bio, publicKey->pkey.rsa, 0);
BIO_get_mem_data(bio, &buf);
}
break;
case EVP_PKEY_DSA:
publicKeyType = "DSA";
if (publicKey->pkey.dsa) {
DSA_print(bio, publicKey->pkey.dsa, 0);
BIO_get_mem_data(bio, &buf);
}
break;
case EVP_PKEY_EC:
publicKeyType = "EC";
if (publicKey->pkey.ec) {
EC_KEY_print(bio, publicKey->pkey.ec, 0);
BIO_get_mem_data(bio, &buf);
}
break;
default:
publicKeyType = "Unknown";
break;
}
EVP_PKEY_free(publicKey);
fprintf(out_stream, "%d Public Key: ", publicKeyLength);
if(!strcasecmp(publicKeyType, "RSA")) {
fprintf(out_stream, "(%d bits)", publicKeyLength);
}
fprintf(out_stream, "\n");
fprintf(out_stream, "%s\n", buf);
}
}
// X509 v3...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_EXTENSIONS) && sk_X509_EXTENSION_num(x509Cert->cert_info->extensions) > 0) {
X509_EXTENSION *extension = NULL;
ASN1_OBJECT *asn1Object = NULL;
int tempInt2 = 0;
BIO_reset(bio);
for (int tempInt = 0; tempInt < sk_X509_EXTENSION_num(x509Cert->cert_info->extensions); tempInt++) {
// Get Extension...
extension = sk_X509_EXTENSION_value(x509Cert->cert_info->extensions, tempInt);
asn1Object = X509_EXTENSION_get_object(extension);
i2a_ASN1_OBJECT(bio, asn1Object);
tempInt2 = X509_EXTENSION_get_critical(extension);
BIO_printf(bio, ": %s\n", tempInt2 ? "critical" : "");
// Print Extension value...
if (!X509V3_EXT_print(bio, extension, X509_FLAG_COMPAT, 8)) {
M_ASN1_OCTET_STRING_print(bio, extension->value);
}
BIO_printf(bio, "\n");
}//end for
BIO_get_mem_data(bio, &buf);
fprintf(out_stream, "x509v3 Extensions: %s\n", buf);
}//end if x509v3
/*
long verifyError = 0;
// Verify Certificate...
verifyError = SSL_get_verify_result(ssl);
const char *verifyCertificate = "";
if (verifyError == X509_V_OK)
verifyCertificate = "Certificate passed verification";
else
verifyCertificate = X509_verify_cert_error_string(verifyError);
fprintf(out_stream, "Validation: %s\n", verifyCertificate);
*/
BIO_free(bio);
X509_free(x509Cert);
fflush(out_stream);
}//end anubis_dump_server_certificate
int main(int argc, char **argv)
{
BN_GENCB *cb;
DSA *dsa = NULL;
int counter, ret = 0, i, j;
unsigned char buf[256];
unsigned long h;
unsigned char sig[256];
unsigned int siglen;
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
RAND_seed(rnd_seed, sizeof rnd_seed);
BIO_printf(bio_err, "test generation of DSA parameters\n");
cb = BN_GENCB_new();
if (!cb)
goto end;
BN_GENCB_set(cb, dsa_cb, bio_err);
if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
seed, 20,
&counter,
&h, cb))
goto end;
BIO_printf(bio_err, "seed\n");
for (i = 0; i < 20; i += 4) {
BIO_printf(bio_err, "%02X%02X%02X%02X ",
seed[i], seed[i + 1], seed[i + 2], seed[i + 3]);
}
BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h);
DSA_print(bio_err, dsa, 0);
if (counter != 105) {
BIO_printf(bio_err, "counter should be 105\n");
goto end;
}
if (h != 2) {
BIO_printf(bio_err, "h should be 2\n");
goto end;
}
i = BN_bn2bin(dsa->q, buf);
j = sizeof(out_q);
if ((i != j) || (memcmp(buf, out_q, i) != 0)) {
BIO_printf(bio_err, "q value is wrong\n");
goto end;
}
i = BN_bn2bin(dsa->p, buf);
j = sizeof(out_p);
if ((i != j) || (memcmp(buf, out_p, i) != 0)) {
BIO_printf(bio_err, "p value is wrong\n");
goto end;
}
i = BN_bn2bin(dsa->g, buf);
j = sizeof(out_g);
if ((i != j) || (memcmp(buf, out_g, i) != 0)) {
BIO_printf(bio_err, "g value is wrong\n");
goto end;
}
dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret = 1;
dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret = 1;
end:
if (!ret)
ERR_print_errors(bio_err);
DSA_free(dsa);
BN_GENCB_free(cb);
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
ERR_free_strings();
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
CRYPTO_mem_leaks(bio_err);
#endif
BIO_free(bio_err);
bio_err = NULL;
# ifdef OPENSSL_SYS_NETWARE
if (!ret)
printf("ERROR\n");
# endif
EXIT(!ret);
}
int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
{
long l;
int ret=0,i;
char *m=NULL,mlch = ' ';
int nmindent = 0;
X509_CINF *ci;
ASN1_INTEGER *bs;
EVP_PKEY *pkey=NULL;
const char *neg;
ASN1_STRING *str=NULL;
if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mlch = '\n';
nmindent = 12;
}
if(nmflags == X509_FLAG_COMPAT)
nmindent = 16;
ci=x->cert_info;
if(!(cflag & X509_FLAG_NO_HEADER))
{
if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
if (BIO_write(bp," Data:\n",10) <= 0) goto err;
}
if(!(cflag & X509_FLAG_NO_VERSION))
{
l=X509_get_version(x);
if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
}
if(!(cflag & X509_FLAG_NO_SERIAL))
{
if (BIO_write(bp," Serial Number:",22) <= 0) goto err;
bs=X509_get_serialNumber(x);
if (bs->length <= 4)
{
l=ASN1_INTEGER_get(bs);
if (l < 0)
{
l= -l;
neg="-";
}
else
neg="";
if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
goto err;
}
else
{
neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
for (i=0; i<bs->length; i++)
{
if (BIO_printf(bp,"%02x%c",bs->data[i],
((i+1 == bs->length)?'\n':':')) <= 0)
goto err;
}
}
}
if(!(cflag & X509_FLAG_NO_SIGNAME))
{
if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0)
goto err;
if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
goto err;
if (BIO_puts(bp, "\n") <= 0)
goto err;
}
if(!(cflag & X509_FLAG_NO_ISSUER))
{
if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err;
if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
if (BIO_write(bp,"\n",1) <= 0) goto err;
}
if(!(cflag & X509_FLAG_NO_VALIDITY))
{
if (BIO_write(bp," Validity\n",17) <= 0) goto err;
if (BIO_write(bp," Not Before: ",24) <= 0) goto err;
if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err;
if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
if (BIO_write(bp,"\n",1) <= 0) goto err;
}
if(!(cflag & X509_FLAG_NO_SUBJECT))
{
if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
if (BIO_write(bp,"\n",1) <= 0) goto err;
}
if(!(cflag & X509_FLAG_NO_PUBKEY))
{
if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
goto err;
if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
goto err;
if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
goto err;
if (BIO_puts(bp, "\n") <= 0)
goto err;
pkey=X509_get_pubkey(x);
if (pkey == NULL)
{
BIO_printf(bp,"%12sUnable to load Public Key\n","");
ERR_print_errors(bp);
}
else
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
BN_num_bits(pkey->pkey.rsa->n));
RSA_print(bp,pkey->pkey.rsa,16);
}
else
#endif
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
{
BIO_printf(bp,"%12sDSA Public Key:\n","");
DSA_print(bp,pkey->pkey.dsa,16);
}
else
#endif
#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC)
{
BIO_printf(bp, "%12sEC Public Key:\n","");
EC_KEY_print(bp, pkey->pkey.ec, 16);
}
else
#endif
BIO_printf(bp,"%12sUnknown Public Key:\n","");
EVP_PKEY_free(pkey);
}
if (!(cflag & X509_FLAG_NO_EXTENSIONS))
X509V3_extensions_print(bp, "X509v3 extensions",
ci->extensions, cflag, 8);
if(!(cflag & X509_FLAG_NO_SIGDUMP))
{
if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
}
if(!(cflag & X509_FLAG_NO_AUX))
{
if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
}
ret=1;
err:
if (str != NULL) ASN1_STRING_free(str);
if (m != NULL) OPENSSL_free(m);
return(ret);
}
int dsa_main(int argc, char **argv)
{
BIO *out = NULL;
DSA *dsa = NULL;
ENGINE *e = NULL;
const EVP_CIPHER *enc = NULL;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int i, modulus = 0, pubin = 0, pubout = 0, pvk_encr = 2, ret = 1;
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
#ifdef OPENSSL_NO_RC4
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
#endif
opthelp:
ret = 0;
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dsa_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format
(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format
(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
#ifndef OPENSSL_NO_RC4
case OPT_PVK_STRONG:
pvk_encr = 2;
break;
case OPT_PVK_WEAK:
pvk_encr = 1;
break;
case OPT_PVK_NONE:
pvk_encr = 0;
break;
#endif
case OPT_NOOUT:
noout = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_MODULUS:
modulus = 1;
break;
case OPT_PUBIN:
pubin = 1;
break;
case OPT_PUBOUT:
pubout = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
BIO_printf(bio_err, "read DSA key\n");
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey) {
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
if (text)
if (!DSA_print(out, dsa, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (modulus) {
BIO_printf(out, "Public Key=");
BN_print(out, dsa->pub_key);
BIO_printf(out, "\n");
}
if (noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if (pubin || pubout)
i = i2d_DSA_PUBKEY_bio(out, dsa);
else
i = i2d_DSAPrivateKey_bio(out, dsa);
} else if (outformat == FORMAT_PEM) {
if (pubin || pubout)
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
else
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
NULL, 0, NULL, passout);
# if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
else if (pubin || pubout)
i = i2b_PublicKey_bio(out, pk);
else
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
# endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (i <= 0) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
end:
BIO_free_all(out);
DSA_free(dsa);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
return (ret);
}
