int MAIN(int argc, char **argv)
{
unsigned long nmflag = 0;
X509_CRL *x = NULL;
char *CAfile = NULL, *CApath = NULL;
int ret = 1, i, num, badops = 0, badsig = 0;
BIO *out = NULL;
int informat, outformat, keyformat;
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
0, text = 0;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
int fingerprint = 0, crlnumber = 0;
const char **pp;
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
X509_LOOKUP *lookup = NULL;
X509_OBJECT xobj;
EVP_PKEY *pkey;
int do_ver = 0;
const EVP_MD *md_alg, *digest = EVP_sha1();
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
if (bio_out == NULL)
if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
#endif
}
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
keyformat = FORMAT_PEM;
argc--;
argv++;
num = 0;
while (argc >= 1) {
#ifdef undef
if (sgx_strcmp(*argv, "-p") == 0) {
if (--argc < 1)
goto bad;
if (!args_from_file(++argv, Nargc, Nargv)) {
goto end;
}
*/}
#endif
if (sgx_strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (sgx_strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (sgx_strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (sgx_strcmp(*argv, "-gendelta") == 0) {
if (--argc < 1)
goto bad;
crldiff = *(++argv);
} else if (sgx_strcmp(*argv, "-key") == 0) {
if (--argc < 1)
goto bad;
keyfile = *(++argv);
} else if (sgx_strcmp(*argv, "-keyform") == 0) {
if (--argc < 1)
goto bad;
keyformat = str2fmt(*(++argv));
} else if (sgx_strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (sgx_strcmp(*argv, "-CApath") == 0) {
if (--argc < 1)
goto bad;
CApath = *(++argv);
do_ver = 1;
} else if (sgx_strcmp(*argv, "-CAfile") == 0) {
if (--argc < 1)
goto bad;
CAfile = *(++argv);
do_ver = 1;
} else if (sgx_strcmp(*argv, "-verify") == 0)
do_ver = 1;
else if (sgx_strcmp(*argv, "-text") == 0)
text = 1;
else if (sgx_strcmp(*argv, "-hash") == 0)
hash = ++num;
#ifndef OPENSSL_NO_MD5
else if (sgx_strcmp(*argv, "-hash_old") == 0)
hash_old = ++num;
#endif
else if (sgx_strcmp(*argv, "-nameopt") == 0) {
if (--argc < 1)
goto bad;
if (!set_name_ex(&nmflag, *(++argv)))
goto bad;
} else if (sgx_strcmp(*argv, "-issuer") == 0)
issuer = ++num;
else if (sgx_strcmp(*argv, "-lastupdate") == 0)
lastupdate = ++num;
else if (sgx_strcmp(*argv, "-nextupdate") == 0)
nextupdate = ++num;
else if (sgx_strcmp(*argv, "-noout") == 0)
noout = ++num;
else if (sgx_strcmp(*argv, "-fingerprint") == 0)
fingerprint = ++num;
else if (sgx_strcmp(*argv, "-crlnumber") == 0)
crlnumber = ++num;
else if (sgx_strcmp(*argv, "-badsig") == 0)
badsig = 1;
else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
/* ok */
digest = md_alg;
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
for (pp = crl_usage; (*pp != NULL); pp++)
BIO_printf(bio_err, "%s", *pp);
goto end;
}
ERR_load_crypto_strings();
x = load_crl(infile, informat);
if (x == NULL) {
goto end;
}
if (do_ver) {
store = X509_STORE_new();
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto end;
if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM))
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
if (lookup == NULL)
goto end;
if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM))
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
ERR_clear_error();
if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
BIO_printf(bio_err, "Error initialising X509 store\n");
goto end;
}
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
X509_CRL_get_issuer(x), &xobj);
if (i <= 0) {
BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
goto end;
}
pkey = X509_get_pubkey(xobj.data.x509);
X509_OBJECT_free_contents(&xobj);
if (!pkey) {
BIO_printf(bio_err, "Error getting CRL issuer public key\n");
goto end;
}
i = X509_CRL_verify(x, pkey);
EVP_PKEY_free(pkey);
if (i < 0)
goto end;
if (i == 0)
BIO_printf(bio_err, "verify failure\n");
else
BIO_printf(bio_err, "verify OK\n");
}
if (crldiff) {
X509_CRL *newcrl, *delta;
if (!keyfile) {
BIO_puts(bio_err, "Missing CRL signing key\n");
goto end;
}
newcrl = load_crl(crldiff, informat);
if (!newcrl)
goto end;
pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL,
"CRL signing key");
if (!pkey) {
X509_CRL_free(newcrl);
goto end;
}
delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
X509_CRL_free(newcrl);
EVP_PKEY_free(pkey);
if (delta) {
X509_CRL_free(x);
x = delta;
} else {
BIO_puts(bio_err, "Error creating delta CRL\n");
goto end;
}
}
if (num) {
for (i = 1; i <= num; i++) {
if (issuer == i) {
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
nmflag);
}
if (crlnumber == i) {
ASN1_INTEGER *crlnum;
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
BIO_printf(bio_out, "crlNumber=");
if (crlnum) {
i2a_ASN1_INTEGER(bio_out, crlnum);
ASN1_INTEGER_free(crlnum);
} else
BIO_puts(bio_out, "<NONE>");
BIO_printf(bio_out, "\n");
}
if (hash == i) {
BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
#ifndef OPENSSL_NO_MD5
if (hash_old == i) {
BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash_old(X509_CRL_get_issuer(x)));
}
#endif
if (lastupdate == i) {
BIO_printf(bio_out, "lastUpdate=");
ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x));
BIO_printf(bio_out, "\n");
}
if (nextupdate == i) {
BIO_printf(bio_out, "nextUpdate=");
if (X509_CRL_get_nextUpdate(x))
ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x));
else
BIO_printf(bio_out, "NONE");
BIO_printf(bio_out, "\n");
}
if (fingerprint == i) {
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
if (!X509_CRL_digest(x, digest, md, &n)) {
BIO_printf(bio_err, "out of memory\n");
goto end;
}
BIO_printf(bio_out, "%s Fingerprint=",
OBJ_nid2sn(EVP_MD_type(digest)));
for (j = 0; j < (int)n; j++) {
BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
? '\n' : ':');
}
}
}
}
out = BIO_new(BIO_s_file());
if (out == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
if (text)
X509_CRL_print(out, x);
if (noout) {
ret = 0;
goto end;
}
if (badsig)
x->signature->data[x->signature->length - 1] ^= 0x1;
if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_CRL_bio(out, x);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_X509_CRL(out, x);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write CRL\n");
goto end;
}
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
BIO_free_all(bio_out);
bio_out = NULL;
X509_CRL_free(x);
if (store) {
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
apps_shutdown();
OPENSSL_EXIT(ret);
}
int MAIN (int argc, char **argv)
{
ENGINE *e = NULL;
int ret = 1;
X509_REQ *req = NULL;
X509 *x = NULL, *xca = NULL;
ASN1_OBJECT *objtmp;
STACK_OF (OPENSSL_STRING) * sigopts = NULL;
EVP_PKEY *Upkey = NULL, *CApkey = NULL;
ASN1_INTEGER *sno = NULL;
int i, num, badops = 0;
BIO *out = NULL;
BIO *STDout = NULL;
STACK_OF (ASN1_OBJECT) * trust = NULL, *reject = NULL;
int informat, outformat, keyformat, CAformat, CAkeyformat;
char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
char *CAkeyfile = NULL, *CAserial = NULL;
char *alias = NULL;
int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0, enddate = 0;
int next_serial = 0;
int subject_hash = 0, issuer_hash = 0, ocspid = 0;
#ifndef OPENSSL_NO_MD5
int subject_hash_old = 0, issuer_hash_old = 0;
#endif
int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0;
int ocsp_uri = 0;
int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0;
int C = 0;
int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0;
int pprint = 0;
const char **pp;
X509_STORE *ctx = NULL;
X509_REQ *rq = NULL;
int fingerprint = 0;
char buf[256];
const EVP_MD *md_alg, *digest = NULL;
CONF *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend = 0, checkoffset = 0;
unsigned long nmflag = 0, certflag = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
reqfile = 0;
apps_startup ();
if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!load_config (bio_err, NULL))
goto end;
STDout = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new (BIO_f_linebuffer ());
STDout = BIO_push (tmpbio, STDout);
}
#endif
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
keyformat = FORMAT_PEM;
CAformat = FORMAT_PEM;
CAkeyformat = FORMAT_PEM;
ctx = X509_STORE_new ();
if (ctx == NULL)
goto end;
X509_STORE_set_verify_cb (ctx, callb);
argc--;
argv++;
num = 0;
while (argc >= 1)
{
if (strcmp (*argv, "-inform") == 0)
{
if (--argc < 1)
goto bad;
informat = str2fmt (*(++argv));
}
else if (strcmp (*argv, "-outform") == 0)
{
if (--argc < 1)
goto bad;
outformat = str2fmt (*(++argv));
}
else if (strcmp (*argv, "-keyform") == 0)
{
if (--argc < 1)
goto bad;
keyformat = str2fmt (*(++argv));
}
else if (strcmp (*argv, "-req") == 0)
{
reqfile = 1;
need_rand = 1;
}
else if (strcmp (*argv, "-CAform") == 0)
{
if (--argc < 1)
goto bad;
CAformat = str2fmt (*(++argv));
}
else if (strcmp (*argv, "-CAkeyform") == 0)
{
if (--argc < 1)
goto bad;
CAkeyformat = str2fmt (*(++argv));
}
else if (strcmp (*argv, "-sigopt") == 0)
{
if (--argc < 1)
goto bad;
if (!sigopts)
sigopts = sk_OPENSSL_STRING_new_null ();
if (!sigopts || !sk_OPENSSL_STRING_push (sigopts, *(++argv)))
goto bad;
}
else if (strcmp (*argv, "-days") == 0)
{
if (--argc < 1)
goto bad;
days = atoi (*(++argv));
if (days == 0)
{
BIO_printf (bio_err, "bad number of days\n");
goto bad;
}
}
else if (strcmp (*argv, "-passin") == 0)
{
if (--argc < 1)
goto bad;
passargin = *(++argv);
}
else if (strcmp (*argv, "-extfile") == 0)
{
if (--argc < 1)
goto bad;
extfile = *(++argv);
}
else if (strcmp (*argv, "-extensions") == 0)
{
if (--argc < 1)
goto bad;
extsect = *(++argv);
}
else if (strcmp (*argv, "-in") == 0)
{
if (--argc < 1)
goto bad;
infile = *(++argv);
}
else if (strcmp (*argv, "-out") == 0)
{
if (--argc < 1)
goto bad;
outfile = *(++argv);
}
else if (strcmp (*argv, "-signkey") == 0)
{
if (--argc < 1)
goto bad;
keyfile = *(++argv);
sign_flag = ++num;
need_rand = 1;
}
else if (strcmp (*argv, "-CA") == 0)
{
if (--argc < 1)
goto bad;
CAfile = *(++argv);
CA_flag = ++num;
need_rand = 1;
}
else if (strcmp (*argv, "-CAkey") == 0)
{
if (--argc < 1)
goto bad;
CAkeyfile = *(++argv);
}
else if (strcmp (*argv, "-CAserial") == 0)
{
if (--argc < 1)
goto bad;
CAserial = *(++argv);
}
else if (strcmp (*argv, "-set_serial") == 0)
{
if (--argc < 1)
goto bad;
if (!(sno = s2i_ASN1_INTEGER (NULL, *(++argv))))
goto bad;
}
else if (strcmp (*argv, "-addtrust") == 0)
{
if (--argc < 1)
goto bad;
if (!(objtmp = OBJ_txt2obj (*(++argv), 0)))
{
BIO_printf (bio_err, "Invalid trust object value %s\n", *argv);
goto bad;
}
if (!trust)
trust = sk_ASN1_OBJECT_new_null ();
sk_ASN1_OBJECT_push (trust, objtmp);
trustout = 1;
}
else if (strcmp (*argv, "-addreject") == 0)
{
if (--argc < 1)
goto bad;
if (!(objtmp = OBJ_txt2obj (*(++argv), 0)))
{
BIO_printf (bio_err, "Invalid reject object value %s\n", *argv);
goto bad;
}
if (!reject)
reject = sk_ASN1_OBJECT_new_null ();
sk_ASN1_OBJECT_push (reject, objtmp);
trustout = 1;
}
else if (strcmp (*argv, "-setalias") == 0)
{
if (--argc < 1)
goto bad;
alias = *(++argv);
trustout = 1;
}
else if (strcmp (*argv, "-certopt") == 0)
{
if (--argc < 1)
goto bad;
if (!set_cert_ex (&certflag, *(++argv)))
goto bad;
}
else if (strcmp (*argv, "-nameopt") == 0)
{
if (--argc < 1)
goto bad;
if (!set_name_ex (&nmflag, *(++argv)))
goto bad;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp (*argv, "-engine") == 0)
{
if (--argc < 1)
goto bad;
engine = *(++argv);
}
#endif
else if (strcmp (*argv, "-C") == 0)
C = ++num;
else if (strcmp (*argv, "-email") == 0)
email = ++num;
else if (strcmp (*argv, "-ocsp_uri") == 0)
ocsp_uri = ++num;
else if (strcmp (*argv, "-serial") == 0)
serial = ++num;
else if (strcmp (*argv, "-next_serial") == 0)
next_serial = ++num;
else if (strcmp (*argv, "-modulus") == 0)
modulus = ++num;
else if (strcmp (*argv, "-pubkey") == 0)
pubkey = ++num;
else if (strcmp (*argv, "-x509toreq") == 0)
x509req = ++num;
else if (strcmp (*argv, "-text") == 0)
text = ++num;
else if (strcmp (*argv, "-hash") == 0 || strcmp (*argv, "-subject_hash") == 0)
subject_hash = ++num;
#ifndef OPENSSL_NO_MD5
else if (strcmp (*argv, "-subject_hash_old") == 0)
subject_hash_old = ++num;
#endif
else if (strcmp (*argv, "-issuer_hash") == 0)
issuer_hash = ++num;
#ifndef OPENSSL_NO_MD5
else if (strcmp (*argv, "-issuer_hash_old") == 0)
issuer_hash_old = ++num;
#endif
else if (strcmp (*argv, "-subject") == 0)
subject = ++num;
else if (strcmp (*argv, "-issuer") == 0)
issuer = ++num;
else if (strcmp (*argv, "-fingerprint") == 0)
fingerprint = ++num;
else if (strcmp (*argv, "-dates") == 0)
{
startdate = ++num;
enddate = ++num;
}
else if (strcmp (*argv, "-purpose") == 0)
pprint = ++num;
else if (strcmp (*argv, "-startdate") == 0)
startdate = ++num;
else if (strcmp (*argv, "-enddate") == 0)
enddate = ++num;
else if (strcmp (*argv, "-checkend") == 0)
{
if (--argc < 1)
goto bad;
checkoffset = atoi (*(++argv));
checkend = 1;
}
else if (strcmp (*argv, "-noout") == 0)
noout = ++num;
else if (strcmp (*argv, "-trustout") == 0)
trustout = 1;
else if (strcmp (*argv, "-clrtrust") == 0)
clrtrust = ++num;
else if (strcmp (*argv, "-clrreject") == 0)
clrreject = ++num;
else if (strcmp (*argv, "-alias") == 0)
aliasout = ++num;
else if (strcmp (*argv, "-CAcreateserial") == 0)
CA_createserial = ++num;
else if (strcmp (*argv, "-clrext") == 0)
clrext = 1;
#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
else if (strcmp (*argv, "-crlext") == 0)
{
BIO_printf (bio_err, "use -clrext instead of -crlext\n");
clrext = 1;
}
#endif
else if (strcmp (*argv, "-ocspid") == 0)
ocspid = ++num;
else if ((md_alg = EVP_get_digestbyname (*argv + 1)))
{
/* ok */
digest = md_alg;
}
else
{
BIO_printf (bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
for (pp = x509_usage; (*pp != NULL); pp++)
BIO_printf (bio_err, "%s", *pp);
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine (bio_err, engine, 0);
#endif
if (need_rand)
app_RAND_load_file (NULL, bio_err, 0);
ERR_load_crypto_strings ();
if (!app_passwd (bio_err, passargin, NULL, &passin, NULL))
{
BIO_printf (bio_err, "Error getting password\n");
goto end;
}
if (!X509_STORE_set_default_paths (ctx))
{
ERR_print_errors (bio_err);
goto end;
}
if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
{
CAkeyfile = CAfile;
}
else if ((CA_flag) && (CAkeyfile == NULL))
{
BIO_printf (bio_err, "need to specify a CAkey if using the CA command\n");
goto end;
}
if (extfile)
{
long errorline = -1;
X509V3_CTX ctx2;
extconf = NCONF_new (NULL);
if (!NCONF_load (extconf, extfile, &errorline))
{
if (errorline <= 0)
BIO_printf (bio_err, "error loading the config file '%s'\n", extfile);
else
BIO_printf (bio_err, "error on line %ld of config file '%s'\n", errorline, extfile);
goto end;
}
if (!extsect)
{
extsect = NCONF_get_string (extconf, "default", "extensions");
if (!extsect)
{
ERR_clear_error ();
extsect = "default";
}
}
X509V3_set_ctx_test (&ctx2);
X509V3_set_nconf (&ctx2, extconf);
if (!X509V3_EXT_add_nconf (extconf, &ctx2, extsect, NULL))
{
BIO_printf (bio_err, "Error Loading extension section %s\n", extsect);
ERR_print_errors (bio_err);
goto end;
}
}
if (reqfile)
{
EVP_PKEY *pkey;
BIO *in;
if (!sign_flag && !CA_flag)
{
BIO_printf (bio_err, "We need a private key to sign with\n");
goto end;
}
in = BIO_new (BIO_s_file ());
if (in == NULL)
{
ERR_print_errors (bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp (in, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
else
{
if (BIO_read_filename (in, infile) <= 0)
{
perror (infile);
BIO_free (in);
goto end;
}
}
req = PEM_read_bio_X509_REQ (in, NULL, NULL, NULL);
BIO_free (in);
if (req == NULL)
{
ERR_print_errors (bio_err);
goto end;
}
if ((req->req_info == NULL) ||
(req->req_info->pubkey == NULL) ||
(req->req_info->pubkey->public_key == NULL) || (req->req_info->pubkey->public_key->data == NULL))
{
BIO_printf (bio_err, "The certificate request appears to corrupted\n");
BIO_printf (bio_err, "It does not contain a public key\n");
goto end;
}
if ((pkey = X509_REQ_get_pubkey (req)) == NULL)
{
BIO_printf (bio_err, "error unpacking public key\n");
goto end;
}
i = X509_REQ_verify (req, pkey);
EVP_PKEY_free (pkey);
if (i < 0)
{
BIO_printf (bio_err, "Signature verification error\n");
ERR_print_errors (bio_err);
goto end;
}
if (i == 0)
{
BIO_printf (bio_err, "Signature did not match the certificate request\n");
goto end;
}
else
BIO_printf (bio_err, "Signature ok\n");
print_name (bio_err, "subject=", X509_REQ_get_subject_name (req), nmflag);
if ((x = X509_new ()) == NULL)
goto end;
if (sno == NULL)
{
sno = ASN1_INTEGER_new ();
if (!sno || !rand_serial (NULL, sno))
goto end;
if (!X509_set_serialNumber (x, sno))
goto end;
ASN1_INTEGER_free (sno);
sno = NULL;
}
else if (!X509_set_serialNumber (x, sno))
goto end;
if (!X509_set_issuer_name (x, req->req_info->subject))
goto end;
if (!X509_set_subject_name (x, req->req_info->subject))
goto end;
X509_gmtime_adj (X509_get_notBefore (x), 0);
X509_time_adj_ex (X509_get_notAfter (x), days, 0, NULL);
pkey = X509_REQ_get_pubkey (req);
X509_set_pubkey (x, pkey);
EVP_PKEY_free (pkey);
}
else
x = load_cert (bio_err, infile, informat, NULL, e, "Certificate");
if (x == NULL)
goto end;
if (CA_flag)
{
xca = load_cert (bio_err, CAfile, CAformat, NULL, e, "CA Certificate");
if (xca == NULL)
goto end;
}
if (!noout || text || next_serial)
{
OBJ_create ("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
out = BIO_new (BIO_s_file ());
if (out == NULL)
{
ERR_print_errors (bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp (out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new (BIO_f_linebuffer ());
out = BIO_push (tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename (out, outfile) <= 0)
{
perror (outfile);
goto end;
}
}
}
if (alias)
X509_alias_set1 (x, (unsigned char *) alias, -1);
if (clrtrust)
X509_trust_clear (x);
if (clrreject)
X509_reject_clear (x);
if (trust)
{
for (i = 0; i < sk_ASN1_OBJECT_num (trust); i++)
{
objtmp = sk_ASN1_OBJECT_value (trust, i);
X509_add1_trust_object (x, objtmp);
}
}
if (reject)
{
for (i = 0; i < sk_ASN1_OBJECT_num (reject); i++)
{
objtmp = sk_ASN1_OBJECT_value (reject, i);
X509_add1_reject_object (x, objtmp);
}
}
if (num)
{
for (i = 1; i <= num; i++)
{
if (issuer == i)
{
print_name (STDout, "issuer= ", X509_get_issuer_name (x), nmflag);
}
else if (subject == i)
{
print_name (STDout, "subject= ", X509_get_subject_name (x), nmflag);
}
else if (serial == i)
{
BIO_printf (STDout, "serial=");
i2a_ASN1_INTEGER (STDout, X509_get_serialNumber (x));
BIO_printf (STDout, "\n");
}
else if (next_serial == i)
{
BIGNUM *bnser;
ASN1_INTEGER *ser;
ser = X509_get_serialNumber (x);
bnser = ASN1_INTEGER_to_BN (ser, NULL);
if (!bnser)
goto end;
if (!BN_add_word (bnser, 1))
goto end;
ser = BN_to_ASN1_INTEGER (bnser, NULL);
if (!ser)
goto end;
BN_free (bnser);
i2a_ASN1_INTEGER (out, ser);
ASN1_INTEGER_free (ser);
BIO_puts (out, "\n");
}
else if ((email == i) || (ocsp_uri == i))
{
int j;
STACK_OF (OPENSSL_STRING) * emlst;
if (email == i)
emlst = X509_get1_email (x);
else
emlst = X509_get1_ocsp (x);
for (j = 0; j < sk_OPENSSL_STRING_num (emlst); j++)
BIO_printf (STDout, "%s\n", sk_OPENSSL_STRING_value (emlst, j));
X509_email_free (emlst);
}
else if (aliasout == i)
{
unsigned char *alstr;
alstr = X509_alias_get0 (x, NULL);
if (alstr)
BIO_printf (STDout, "%s\n", alstr);
else
BIO_puts (STDout, "<No Alias>\n");
}
else if (subject_hash == i)
{
BIO_printf (STDout, "%08lx\n", X509_subject_name_hash (x));
}
#ifndef OPENSSL_NO_MD5
else if (subject_hash_old == i)
{
BIO_printf (STDout, "%08lx\n", X509_subject_name_hash_old (x));
}
#endif
else if (issuer_hash == i)
{
BIO_printf (STDout, "%08lx\n", X509_issuer_name_hash (x));
}
#ifndef OPENSSL_NO_MD5
else if (issuer_hash_old == i)
{
BIO_printf (STDout, "%08lx\n", X509_issuer_name_hash_old (x));
}
#endif
else if (pprint == i)
{
X509_PURPOSE *ptmp;
int j;
BIO_printf (STDout, "Certificate purposes:\n");
for (j = 0; j < X509_PURPOSE_get_count (); j++)
{
ptmp = X509_PURPOSE_get0 (j);
purpose_print (STDout, x, ptmp);
}
}
else if (modulus == i)
{
EVP_PKEY *pkey;
pkey = X509_get_pubkey (x);
if (pkey == NULL)
{
BIO_printf (bio_err, "Modulus=unavailable\n");
ERR_print_errors (bio_err);
goto end;
}
BIO_printf (STDout, "Modulus=");
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
BN_print (STDout, pkey->pkey.rsa->n);
else
#endif
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
BN_print (STDout, pkey->pkey.dsa->pub_key);
else
#endif
BIO_printf (STDout, "Wrong Algorithm type");
BIO_printf (STDout, "\n");
EVP_PKEY_free (pkey);
}
else if (pubkey == i)
{
EVP_PKEY *pkey;
pkey = X509_get_pubkey (x);
if (pkey == NULL)
{
BIO_printf (bio_err, "Error getting public key\n");
ERR_print_errors (bio_err);
goto end;
}
PEM_write_bio_PUBKEY (STDout, pkey);
EVP_PKEY_free (pkey);
}
else if (C == i)
{
unsigned char *d;
char *m;
int y, z;
X509_NAME_oneline (X509_get_subject_name (x), buf, sizeof buf);
BIO_printf (STDout, "/* subject:%s */\n", buf);
m = X509_NAME_oneline (X509_get_issuer_name (x), buf, sizeof buf);
BIO_printf (STDout, "/* issuer :%s */\n", buf);
z = i2d_X509 (x, NULL);
m = OPENSSL_malloc (z);
d = (unsigned char *) m;
z = i2d_X509_NAME (X509_get_subject_name (x), &d);
BIO_printf (STDout, "unsigned char XXX_subject_name[%d]={\n", z);
d = (unsigned char *) m;
for (y = 0; y < z; y++)
{
BIO_printf (STDout, "0x%02X,", d[y]);
if ((y & 0x0f) == 0x0f)
BIO_printf (STDout, "\n");
}
if (y % 16 != 0)
BIO_printf (STDout, "\n");
BIO_printf (STDout, "};\n");
z = i2d_X509_PUBKEY (X509_get_X509_PUBKEY (x), &d);
BIO_printf (STDout, "unsigned char XXX_public_key[%d]={\n", z);
d = (unsigned char *) m;
for (y = 0; y < z; y++)
{
BIO_printf (STDout, "0x%02X,", d[y]);
if ((y & 0x0f) == 0x0f)
BIO_printf (STDout, "\n");
}
if (y % 16 != 0)
BIO_printf (STDout, "\n");
BIO_printf (STDout, "};\n");
z = i2d_X509 (x, &d);
BIO_printf (STDout, "unsigned char XXX_certificate[%d]={\n", z);
d = (unsigned char *) m;
for (y = 0; y < z; y++)
{
BIO_printf (STDout, "0x%02X,", d[y]);
if ((y & 0x0f) == 0x0f)
BIO_printf (STDout, "\n");
}
if (y % 16 != 0)
BIO_printf (STDout, "\n");
BIO_printf (STDout, "};\n");
OPENSSL_free (m);
}
else if (text == i)
{
X509_print_ex (STDout, x, nmflag, certflag);
}
else if (startdate == i)
{
BIO_puts (STDout, "notBefore=");
ASN1_TIME_print (STDout, X509_get_notBefore (x));
BIO_puts (STDout, "\n");
}
else if (enddate == i)
{
BIO_puts (STDout, "notAfter=");
ASN1_TIME_print (STDout, X509_get_notAfter (x));
BIO_puts (STDout, "\n");
}
else if (fingerprint == i)
{
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
const EVP_MD *fdig = digest;
if (!fdig)
fdig = EVP_sha1 ();
if (!X509_digest (x, fdig, md, &n))
{
BIO_printf (bio_err, "out of memory\n");
goto end;
}
BIO_printf (STDout, "%s Fingerprint=", OBJ_nid2sn (EVP_MD_type (fdig)));
for (j = 0; j < (int) n; j++)
{
BIO_printf (STDout, "%02X%c", md[j], (j + 1 == (int) n) ? '\n' : ':');
}
}
/* should be in the library */
else if ((sign_flag == i) && (x509req == 0))
{
BIO_printf (bio_err, "Getting Private key\n");
if (Upkey == NULL)
{
Upkey = load_key (bio_err, keyfile, keyformat, 0, passin, e, "Private key");
if (Upkey == NULL)
goto end;
}
assert (need_rand);
if (!sign (x, Upkey, days, clrext, digest, extconf, extsect))
goto end;
}
else if (CA_flag == i)
{
BIO_printf (bio_err, "Getting CA Private Key\n");
if (CAkeyfile != NULL)
{
CApkey = load_key (bio_err, CAkeyfile, CAkeyformat, 0, passin, e, "CA Private Key");
if (CApkey == NULL)
goto end;
}
assert (need_rand);
if (!x509_certify (ctx, CAfile, digest, x, xca,
CApkey, sigopts, CAserial, CA_createserial, days, clrext, extconf, extsect, sno))
goto end;
}
else if (x509req == i)
{
EVP_PKEY *pk;
BIO_printf (bio_err, "Getting request Private Key\n");
if (keyfile == NULL)
{
BIO_printf (bio_err, "no request key file specified\n");
goto end;
}
else
{
pk = load_key (bio_err, keyfile, keyformat, 0, passin, e, "request key");
if (pk == NULL)
goto end;
}
BIO_printf (bio_err, "Generating certificate request\n");
rq = X509_to_X509_REQ (x, pk, digest);
EVP_PKEY_free (pk);
if (rq == NULL)
{
ERR_print_errors (bio_err);
goto end;
}
if (!noout)
{
X509_REQ_print (out, rq);
PEM_write_bio_X509_REQ (out, rq);
}
noout = 1;
}
else if (ocspid == i)
{
X509_ocspid_print (out, x);
}
}
}
if (checkend)
{
time_t tcheck = time (NULL) + checkoffset;
if (X509_cmp_time (X509_get_notAfter (x), &tcheck) < 0)
{
BIO_printf (out, "Certificate will expire\n");
ret = 1;
}
else
{
BIO_printf (out, "Certificate will not expire\n");
ret = 0;
}
goto end;
}
if (noout)
{
ret = 0;
goto end;
}
if (outformat == FORMAT_ASN1)
i = i2d_X509_bio (out, x);
else if (outformat == FORMAT_PEM)
{
if (trustout)
i = PEM_write_bio_X509_AUX (out, x);
else
i = PEM_write_bio_X509 (out, x);
}
else if (outformat == FORMAT_NETSCAPE)
{
NETSCAPE_X509 nx;
ASN1_OCTET_STRING hdr;
hdr.data = (unsigned char *) NETSCAPE_CERT_HDR;
hdr.length = strlen (NETSCAPE_CERT_HDR);
nx.header = &hdr;
nx.cert = x;
i = ASN1_item_i2d_bio (ASN1_ITEM_rptr (NETSCAPE_X509), out, &nx);
}
else
{
BIO_printf (bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf (bio_err, "unable to write certificate\n");
ERR_print_errors (bio_err);
goto end;
}
ret = 0;
end:
if (need_rand)
app_RAND_write_file (NULL, bio_err);
OBJ_cleanup ();
NCONF_free (extconf);
BIO_free_all (out);
BIO_free_all (STDout);
X509_STORE_free (ctx);
X509_REQ_free (req);
X509_free (x);
X509_free (xca);
EVP_PKEY_free (Upkey);
EVP_PKEY_free (CApkey);
if (sigopts)
sk_OPENSSL_STRING_free (sigopts);
X509_REQ_free (rq);
ASN1_INTEGER_free (sno);
sk_ASN1_OBJECT_pop_free (trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free (reject, ASN1_OBJECT_free);
if (passin)
OPENSSL_free (passin);
apps_shutdown ();
OPENSSL_EXIT (ret);
}
int MAIN(int argc, char **argv)
{
int ret = 1;
EC_KEY *eckey = NULL;
const EC_GROUP *group;
int i, badops = 0;
const EVP_CIPHER *enc = NULL;
BIO *in = NULL, *out = NULL;
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0;
char *infile, *outfile, *prog, *engine;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int new_form = 0;
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
int new_asn1_flag = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
engine = NULL;
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
passargin = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
} else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
} else if (strcmp(*argv, "-noout") == 0)
noout = 1;
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-conv_form") == 0) {
if (--argc < 1)
goto bad;
++argv;
new_form = 1;
if (strcmp(*argv, "compressed") == 0)
form = POINT_CONVERSION_COMPRESSED;
else if (strcmp(*argv, "uncompressed") == 0)
form = POINT_CONVERSION_UNCOMPRESSED;
else if (strcmp(*argv, "hybrid") == 0)
form = POINT_CONVERSION_HYBRID;
else
goto bad;
} else if (strcmp(*argv, "-param_enc") == 0) {
if (--argc < 1)
goto bad;
++argv;
new_asn1_flag = 1;
if (strcmp(*argv, "named_curve") == 0)
asn1_flag = OPENSSL_EC_NAMED_CURVE;
else if (strcmp(*argv, "explicit") == 0)
asn1_flag = 0;
else
goto bad;
} else if (strcmp(*argv, "-param_out") == 0)
param_out = 1;
else if (strcmp(*argv, "-pubin") == 0)
pubin = 1;
else if (strcmp(*argv, "-pubout") == 0)
pubout = 1;
else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - "
"DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - "
"DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -passin arg input file pass "
"phrase source\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err, " -passout arg output file pass "
"phrase source\n");
BIO_printf(bio_err, " -engine e use engine e, "
"possibly a hardware device.\n");
BIO_printf(bio_err, " -des encrypt PEM output, "
"instead of 'des' every other \n"
" cipher "
"supported by OpenSSL can be used\n");
BIO_printf(bio_err, " -text print the key\n");
BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -param_out print the elliptic "
"curve parameters\n");
BIO_printf(bio_err, " -conv_form arg specifies the "
"point conversion form \n");
BIO_printf(bio_err, " possible values:"
" compressed\n");
BIO_printf(bio_err, " "
" uncompressed (default)\n");
BIO_printf(bio_err, " " " hybrid\n");
BIO_printf(bio_err, " -param_enc arg specifies the way"
" the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der " "encoding\n");
BIO_printf(bio_err, " possible values:"
" named_curve (default)\n");
BIO_printf(bio_err, " "
"explicit\n");
goto end;
}
ERR_load_crypto_strings();
# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
BIO_printf(bio_err, "read EC key\n");
if (informat == FORMAT_ASN1) {
if (pubin)
eckey = d2i_EC_PUBKEY_bio(in, NULL);
else
eckey = d2i_ECPrivateKey_bio(in, NULL);
} else if (informat == FORMAT_PEM) {
if (pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
else
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
} else {
BIO_printf(bio_err, "bad input format specified for key\n");
goto end;
}
if (eckey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
group = EC_KEY_get0_group(eckey);
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (new_asn1_flag)
EC_KEY_set_asn1_flag(eckey, asn1_flag);
if (text)
if (!EC_KEY_print(out, eckey, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing EC key\n");
if (outformat == FORMAT_ASN1) {
if (param_out)
i = i2d_ECPKParameters_bio(out, group);
else if (pubin || pubout)
i = i2d_EC_PUBKEY_bio(out, eckey);
else
i = i2d_ECPrivateKey_bio(out, eckey);
} else if (outformat == FORMAT_PEM) {
if (param_out)
i = PEM_write_bio_ECPKParameters(out, group);
else if (pubin || pubout)
i = PEM_write_bio_EC_PUBKEY(out, eckey);
else
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
NULL, 0, NULL, passout);
} else {
BIO_printf(bio_err, "bad output format specified for " "outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
} else
ret = 0;
end:
if (in)
BIO_free(in);
if (out)
BIO_free_all(out);
if (eckey)
EC_KEY_free(eckey);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int MAIN(int argc, char **argv)
{
BN_GENCB cb;
# ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
# endif
int ret = 1;
int i, num = DEFBITS;
long l;
const EVP_CIPHER *enc = NULL;
unsigned long f4 = RSA_F4;
char *outfile = NULL;
char *passargout = NULL, *passout = NULL;
# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
# endif
char *inrand = NULL;
BIO *out = NULL;
BIGNUM *bn = BN_new();
RSA *rsa = NULL;
if (!bn)
goto err;
apps_startup();
BN_GENCB_set(&cb, genrsa_cb, bio_err);
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
if ((out = BIO_new(BIO_s_file())) == NULL) {
BIO_printf(bio_err, "unable to create BIO for output\n");
goto err;
}
argv++;
argc--;
for (;;) {
if (argc <= 0)
break;
if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-3") == 0)
f4 = 3;
else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0)
f4 = RSA_F4;
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
inrand = *(++argv);
}
# ifndef OPENSSL_NO_DES
else if (strcmp(*argv, "-des") == 0)
enc = EVP_des_cbc();
else if (strcmp(*argv, "-des3") == 0)
enc = EVP_des_ede3_cbc();
# endif
# ifndef OPENSSL_NO_IDEA
else if (strcmp(*argv, "-idea") == 0)
enc = EVP_idea_cbc();
# endif
# ifndef OPENSSL_NO_SEED
else if (strcmp(*argv, "-seed") == 0)
enc = EVP_seed_cbc();
# endif
# ifndef OPENSSL_NO_AES
else if (strcmp(*argv, "-aes128") == 0)
enc = EVP_aes_128_cbc();
else if (strcmp(*argv, "-aes192") == 0)
enc = EVP_aes_192_cbc();
else if (strcmp(*argv, "-aes256") == 0)
enc = EVP_aes_256_cbc();
# endif
# ifndef OPENSSL_NO_CAMELLIA
else if (strcmp(*argv, "-camellia128") == 0)
enc = EVP_camellia_128_cbc();
else if (strcmp(*argv, "-camellia192") == 0)
enc = EVP_camellia_192_cbc();
else if (strcmp(*argv, "-camellia256") == 0)
enc = EVP_camellia_256_cbc();
# endif
else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
} else
break;
argv++;
argc--;
}
if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
bad:
BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n");
BIO_printf(bio_err,
" -des encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err,
" -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
# ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,
" -idea encrypt the generated key with IDEA in cbc mode\n");
# endif
# ifndef OPENSSL_NO_SEED
BIO_printf(bio_err, " -seed\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc seed\n");
# endif
# ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif
# ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif
BIO_printf(bio_err, " -out file output the key to 'file\n");
BIO_printf(bio_err,
" -passout arg output file pass phrase source\n");
BIO_printf(bio_err,
" -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err, " -3 use 3 for the E value\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
LIST_SEPARATOR_CHAR);
BIO_printf(bio_err,
" load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto err;
}
ERR_load_crypto_strings();
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
# endif
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto err;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
num);
# ifdef OPENSSL_NO_ENGINE
rsa = RSA_new();
# else
rsa = RSA_new_method(e);
# endif
if (!rsa)
goto err;
if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
app_RAND_write_file(NULL, bio_err);
/*
* We need to do the following for when the base number size is < long,
* esp windows 3.1 :-(.
*/
l = 0L;
for (i = 0; i < rsa->e->top; i++) {
# ifndef SIXTY_FOUR_BIT
l <<= BN_BITS4;
l <<= BN_BITS4;
# endif
l += rsa->e->d[i];
}
BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l);
{
PW_CB_DATA cb_data;
cb_data.password = passout;
cb_data.prompt_info = outfile;
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
(pem_password_cb *)password_callback,
&cb_data))
goto err;
}
ret = 0;
err:
if (bn)
BN_free(bn);
if (rsa)
RSA_free(rsa);
if (out)
BIO_free_all(out);
if (passout)
OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int MAIN(int argc, char **argv)
{
EC_GROUP *group = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int new_form = 0;
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
int new_asn1_flag = 0;
char *curve_name = NULL, *inrand = NULL;
int list_curves = 0, no_seed = 0, check = 0,
badops = 0, text = 0, i, need_rand = 0, genkey = 0;
char *infile = NULL, *outfile = NULL, *prog;
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
char *engine = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
unsigned char *buffer = NULL;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-text") == 0)
text = 1;
else if (TINYCLR_SSL_STRCMP(*argv,"-C") == 0)
C = 1;
else if (TINYCLR_SSL_STRCMP(*argv,"-check") == 0)
check = 1;
else if (TINYCLR_SSL_STRCMP (*argv, "-name") == 0)
{
if (--argc < 1)
goto bad;
curve_name = *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv, "-list_curves") == 0)
list_curves = 1;
else if (TINYCLR_SSL_STRCMP(*argv, "-conv_form") == 0)
{
if (--argc < 1)
goto bad;
++argv;
new_form = 1;
if (TINYCLR_SSL_STRCMP(*argv, "compressed") == 0)
form = POINT_CONVERSION_COMPRESSED;
else if (TINYCLR_SSL_STRCMP(*argv, "uncompressed") == 0)
form = POINT_CONVERSION_UNCOMPRESSED;
else if (TINYCLR_SSL_STRCMP(*argv, "hybrid") == 0)
form = POINT_CONVERSION_HYBRID;
else
goto bad;
}
else if (TINYCLR_SSL_STRCMP(*argv, "-param_enc") == 0)
{
if (--argc < 1)
goto bad;
++argv;
new_asn1_flag = 1;
if (TINYCLR_SSL_STRCMP(*argv, "named_curve") == 0)
asn1_flag = OPENSSL_EC_NAMED_CURVE;
else if (TINYCLR_SSL_STRCMP(*argv, "explicit") == 0)
asn1_flag = 0;
else
goto bad;
}
else if (TINYCLR_SSL_STRCMP(*argv, "-no_seed") == 0)
no_seed = 1;
else if (TINYCLR_SSL_STRCMP(*argv, "-noout") == 0)
noout=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-genkey") == 0)
{
genkey=1;
need_rand=1;
}
else if (TINYCLR_SSL_STRCMP(*argv, "-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
need_rand=1;
}
else if(TINYCLR_SSL_STRCMP(*argv, "-engine") == 0)
{
if (--argc < 1) goto bad;
engine = *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - "
"default PEM (DER or PEM)\n");
BIO_printf(bio_err, " -outform arg output format - "
"default PEM\n");
BIO_printf(bio_err, " -in arg input file - "
"default OPENSSL_TYPE__FILE_STDIN\n");
BIO_printf(bio_err, " -out arg output file - "
"default OPENSSL_TYPE__FILE_STDOUT\n");
BIO_printf(bio_err, " -noout do not print the "
"ec parameter\n");
BIO_printf(bio_err, " -text print the ec "
"parameters in text form\n");
BIO_printf(bio_err, " -check validate the ec "
"parameters\n");
BIO_printf(bio_err, " -C print a 'C' "
"function creating the parameters\n");
BIO_printf(bio_err, " -name arg use the "
"ec parameters with 'short name' name\n");
BIO_printf(bio_err, " -list_curves prints a list of "
"all currently available curve 'short names'\n");
BIO_printf(bio_err, " -conv_form arg specifies the "
"point conversion form \n");
BIO_printf(bio_err, " possible values:"
" compressed\n");
BIO_printf(bio_err, " "
" uncompressed (default)\n");
BIO_printf(bio_err, " "
" hybrid\n");
BIO_printf(bio_err, " -param_enc arg specifies the way"
" the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der "
"encoding\n");
BIO_printf(bio_err, " possible values:"
" named_curve (default)\n");
BIO_printf(bio_err, " "
" explicit\n");
BIO_printf(bio_err, " -no_seed if 'explicit'"
" parameters are choosen do not"
" use the seed\n");
BIO_printf(bio_err, " -genkey generate ec"
" key\n");
BIO_printf(bio_err, " -rand file files to use for"
" random number input\n");
BIO_printf(bio_err, " -engine e use engine e, "
"possibly a hardware device\n");
goto end;
}
ERR_load_crypto_strings();
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
TINYCLR_SSL_PERROR(infile);
goto end;
}
}
if (outfile == NULL)
{
BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
TINYCLR_SSL_PERROR(outfile);
goto end;
}
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (list_curves)
{
EC_builtin_curve *curves = NULL;
size_t crv_len = 0;
size_t n = 0;
crv_len = EC_get_builtin_curves(NULL, 0);
curves = (EC_builtin_curve*)OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));
if (curves == NULL)
goto end;
if (!EC_get_builtin_curves(curves, crv_len))
{
OPENSSL_free(curves);
goto end;
}
for (n = 0; n < crv_len; n++)
{
const char *comment;
const char *sname;
comment = curves[n].comment;
sname = OBJ_nid2sn(curves[n].nid);
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
sname = "";
BIO_printf(out, " %-10s: ", sname);
BIO_printf(out, "%s\n", comment);
}
OPENSSL_free(curves);
ret = 0;
goto end;
}
if (curve_name != NULL)
{
int nid;
/* workaround for the SECG curve names secp192r1
* and secp256r1 (which are the same as the curves
* prime192v1 and prime256v1 defined in X9.62)
*/
if (!TINYCLR_SSL_STRCMP(curve_name, "secp192r1"))
{
BIO_printf(bio_err, "using curve name prime192v1 "
"instead of secp192r1\n");
nid = NID_X9_62_prime192v1;
}
else if (!TINYCLR_SSL_STRCMP(curve_name, "secp256r1"))
{
BIO_printf(bio_err, "using curve name prime256v1 "
"instead of secp256r1\n");
nid = NID_X9_62_prime256v1;
}
else
nid = OBJ_sn2nid(curve_name);
if (nid == 0)
{
BIO_printf(bio_err, "unknown curve name (%s)\n",
curve_name);
goto end;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL)
{
BIO_printf(bio_err, "unable to create curve (%s)\n",
curve_name);
goto end;
}
EC_GROUP_set_asn1_flag(group, asn1_flag);
EC_GROUP_set_point_conversion_form(group, form);
}
else if (informat == FORMAT_ASN1)
{
group = d2i_ECPKParameters_bio(in, NULL);
}
else if (informat == FORMAT_PEM)
{
group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
}
else
{
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
if (group == NULL)
{
BIO_printf(bio_err,
"unable to load elliptic curve parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (new_form)
EC_GROUP_set_point_conversion_form(group, form);
if (new_asn1_flag)
EC_GROUP_set_asn1_flag(group, asn1_flag);
if (no_seed)
{
EC_GROUP_set_seed(group, NULL, 0);
}
if (text)
{
if (!ECPKParameters_print(out, group, 0))
goto end;
}
if (check)
{
if (group == NULL)
BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL))
{
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
}
else
BIO_printf(bio_err, "ok\n");
}
if (C)
{
size_t buf_len = 0, tmp_len = 0;
const EC_POINT *point;
int is_prime, len = 0;
const EC_METHOD *meth = EC_GROUP_method_of(group);
if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
(ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
(ec_order = BN_new()) == NULL ||
(ec_cofactor = BN_new()) == NULL )
{
TINYCLR_SSL_PERROR("OPENSSL_malloc");
goto end;
}
is_prime = (EC_METHOD_get_field_type(meth) ==
NID_X9_62_prime_field);
if (is_prime)
{
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
ec_b, NULL))
goto end;
}
else
{
/* TODO */
goto end;
}
if ((point = EC_GROUP_get0_generator(group)) == NULL)
goto end;
if (!EC_POINT_point2bn(group, point,
EC_GROUP_get_point_conversion_form(group), ec_gen,
NULL))
goto end;
if (!EC_GROUP_get_order(group, ec_order, NULL))
goto end;
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
goto end;
if (!ec_p || !ec_a || !ec_b || !ec_gen ||
!ec_order || !ec_cofactor)
goto end;
len = BN_num_bits(ec_order);
if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
buf_len = tmp_len;
buffer = (unsigned char *)OPENSSL_malloc(buf_len);
if (buffer == NULL)
{
TINYCLR_SSL_PERROR("OPENSSL_malloc");
goto end;
}
ecparam_print_var(out, ec_p, "ec_p", len, buffer);
ecparam_print_var(out, ec_a, "ec_a", len, buffer);
ecparam_print_var(out, ec_b, "ec_b", len, buffer);
ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
ecparam_print_var(out, ec_order, "ec_order", len, buffer);
ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
buffer);
BIO_printf(out, "\n\n");
BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
BIO_printf(out, "\tint ok=0;\n");
BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
BIO_printf(out, "\tEC_POINT *point = NULL;\n");
BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
"*tmp_3 = NULL;\n\n");
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
if (is_prime)
{
BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
"\n\t\tgoto err;\n\n");
}
else
{
/* TODO */
goto end;
}
BIO_printf(out, "\t/* build generator */\n");
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
"sizeof(ec_gen_%d), tmp_1)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
"NULL, NULL);\n");
BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
"sizeof(ec_order_%d), tmp_2)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
"sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
" tmp_2, tmp_3))\n\t\tgoto err;\n");
BIO_printf(out, "\n\tok=1;\n");
BIO_printf(out, "err:\n");
BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
BIO_printf(out, "\tif (!ok)\n");
BIO_printf(out, "\t\t{\n");
BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
BIO_printf(out, "\t\tgroup = NULL;\n");
BIO_printf(out, "\t\t}\n");
BIO_printf(out, "\treturn(group);\n\t}\n");
}
if (!noout)
{
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_ECPKParameters(out, group);
else
{
BIO_printf(bio_err,"bad output format specified for"
" outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err, "unable to write elliptic "
"curve parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (need_rand)
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
if (genkey)
{
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
goto end;
TINYCLR_SSL_ASSERT(need_rand);
if (EC_KEY_set_group(eckey, group) == 0)
goto end;
if (!EC_KEY_generate_key(eckey))
{
EC_KEY_free(eckey);
goto end;
}
if (outformat == FORMAT_ASN1)
i = i2d_ECPrivateKey_bio(out, eckey);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
NULL, 0, NULL, NULL);
else
{
BIO_printf(bio_err, "bad output format specified "
"for outfile\n");
EC_KEY_free(eckey);
goto end;
}
EC_KEY_free(eckey);
}
if (need_rand)
app_RAND_write_file(NULL, bio_err);
ret=0;
end:
if (ec_p)
BN_free(ec_p);
if (ec_a)
BN_free(ec_a);
if (ec_b)
BN_free(ec_b);
if (ec_gen)
BN_free(ec_gen);
if (ec_order)
BN_free(ec_order);
if (ec_cofactor)
BN_free(ec_cofactor);
if (buffer)
OPENSSL_free(buffer);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (group != NULL)
EC_GROUP_free(group);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
DH *dh=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
#ifndef OPENSSL_NO_ENGINE
char *engine;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
#ifndef OPENSSL_NO_ENGINE
engine=NULL;
#endif
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (TINYCLR_SSL_STRCMP(*argv,"-check") == 0)
check=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-text") == 0)
text=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-C") == 0)
C=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-noout") == 0)
noout=1;
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -check check the DH parameters\n");
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
TINYCLR_SSL_PERROR(infile);
goto end;
}
}
if (outfile == NULL)
{
BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
TINYCLR_SSL_PERROR(outfile);
goto end;
}
}
if (informat == FORMAT_ASN1)
dh=d2i_DHparams_bio(in,NULL);
else if (informat == FORMAT_PEM)
dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
else
{
BIO_printf(bio_err,"bad input format specified\n");
goto end;
}
if (dh == NULL)
{
BIO_printf(bio_err,"unable to load DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (text)
{
DHparams_print(out,dh);
#ifdef undef
TINYCLR_SSL_PRINTF("p=");
BN_print(OPENSSL_TYPE__FILE_STDOUT,dh->p);
TINYCLR_SSL_PRINTF("\ng=");
BN_print(OPENSSL_TYPE__FILE_STDOUT,dh->g);
TINYCLR_SSL_PRINTF("\n");
if (dh->length != 0)
TINYCLR_SSL_PRINTF("recommended private length=%ld\n",dh->length);
#endif
}
if (check)
{
if (!DH_check(dh,&i))
{
ERR_print_errors(bio_err);
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
TINYCLR_SSL_PRINTF("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
TINYCLR_SSL_PRINTF("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
TINYCLR_SSL_PRINTF("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
TINYCLR_SSL_PRINTF("the g value is not a generator\n");
if (i == 0)
TINYCLR_SSL_PRINTF("DH parameters appear to be ok.\n");
}
if (C)
{
unsigned char *data;
int len,l,bits;
len=BN_num_bytes(dh->p);
bits=BN_num_bits(dh->p);
data=(unsigned char *)OPENSSL_malloc(len);
if (data == NULL)
{
TINYCLR_SSL_PERROR("OPENSSL_malloc");
goto end;
}
l=BN_bn2bin(dh->p,data);
TINYCLR_SSL_PRINTF("static unsigned char dh%d_p[]={",bits);
for (i=0; i<l; i++)
{
if ((i%12) == 0) TINYCLR_SSL_PRINTF("\n\t");
TINYCLR_SSL_PRINTF("0x%02X,",data[i]);
}
TINYCLR_SSL_PRINTF("\n\t};\n");
l=BN_bn2bin(dh->g,data);
TINYCLR_SSL_PRINTF("static unsigned char dh%d_g[]={",bits);
for (i=0; i<l; i++)
{
if ((i%12) == 0) TINYCLR_SSL_PRINTF("\n\t");
TINYCLR_SSL_PRINTF("0x%02X,",data[i]);
}
TINYCLR_SSL_PRINTF("\n\t};\n\n");
TINYCLR_SSL_PRINTF("DH *get_dh%d()\n\t{\n",bits);
TINYCLR_SSL_PRINTF("\tDH *dh;\n\n");
TINYCLR_SSL_PRINTF("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
TINYCLR_SSL_PRINTF("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
bits,bits);
TINYCLR_SSL_PRINTF("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
bits,bits);
TINYCLR_SSL_PRINTF("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
TINYCLR_SSL_PRINTF("\t\treturn(NULL);\n");
TINYCLR_SSL_PRINTF("\treturn(dh);\n\t}\n");
OPENSSL_free(data);
}
if (!noout)
{
if (outformat == FORMAT_ASN1)
i=i2d_DHparams_bio(out,dh);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DHparams(out,dh);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int MAIN(int argc, char **argv)
{
DH *dh=NULL;
int i,badops=0,text=0;
#ifndef OPENSSL_NO_DSA
int dsaparam=0;
#endif
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
char *inrand=NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
int num = 0, g = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
#ifndef OPENSSL_NO_DSA
else if (strcmp(*argv,"-dsaparam") == 0)
dsaparam=1;
#endif
else if (strcmp(*argv,"-C") == 0)
C=1;
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-2") == 0)
g=2;
else if (strcmp(*argv,"-5") == 0)
g=5;
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
goto bad;
argv++;
argc--;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
#ifndef OPENSSL_NO_DSA
BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n");
#endif
BIO_printf(bio_err," -check check the DH parameters\n");
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -noout no output\n");
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if (g && !num)
num = DEFBITS;
#ifndef OPENSSL_NO_DSA
if (dsaparam)
{
if (g)
{
BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
goto end;
}
}
else
#endif
{
/* DH parameters */
if (num && !g)
g = 2;
}
if(num) {
BN_GENCB cb;
BN_GENCB_set(&cb, dh_cb, bio_err);
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
#ifndef OPENSSL_NO_DSA
if (dsaparam)
{
DSA *dsa = DSA_new();
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
if(!dsa || !DSA_generate_parameters_ex(dsa, num,
NULL, 0, NULL, NULL, &cb))
{
if(dsa) DSA_free(dsa);
ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
}
else
#endif
{
dh = DH_new();
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
BIO_printf(bio_err,"This is going to take a long time\n");
if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
{
ERR_print_errors(bio_err);
goto end;
}
}
app_RAND_write_file(NULL, bio_err);
} else {
in=BIO_new(BIO_s_file());
if (in == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (informat != FORMAT_ASN1 && informat != FORMAT_PEM)
{
BIO_printf(bio_err,"bad input format specified\n");
goto end;
}
#ifndef OPENSSL_NO_DSA
if (dsaparam)
{
DSA *dsa;
if (informat == FORMAT_ASN1)
dsa=d2i_DSAparams_bio(in,NULL);
else /* informat == FORMAT_PEM */
dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
}
else
#endif
{
if (informat == FORMAT_ASN1)
dh=d2i_DHparams_bio(in,NULL);
else /* informat == FORMAT_PEM */
dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
if (dh == NULL)
{
BIO_printf(bio_err,"unable to load DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
/* dh != NULL */
}
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (text)
{
DHparams_print(out,dh);
}
if (check)
{
if (!DH_check(dh,&i))
{
ERR_print_errors(bio_err);
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
printf("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
printf("the g value is not a generator\n");
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
if (C)
{
unsigned char *data;
int len,l,bits;
len=BN_num_bytes(dh->p);
bits=BN_num_bits(dh->p);
data=(unsigned char *)OPENSSL_malloc(len);
if (data == NULL)
{
perror("OPENSSL_malloc");
goto end;
}
printf("#ifndef HEADER_DH_H\n"
"#include <openssl/dh.h>\n"
"#endif\n");
printf("DH *get_dh%d()\n\t{\n",bits);
l=BN_bn2bin(dh->p,data);
printf("\tstatic unsigned char dh%d_p[]={",bits);
for (i=0; i<l; i++)
{
if ((i%12) == 0) printf("\n\t\t");
printf("0x%02X,",data[i]);
}
printf("\n\t\t};\n");
l=BN_bn2bin(dh->g,data);
printf("\tstatic unsigned char dh%d_g[]={",bits);
for (i=0; i<l; i++)
{
if ((i%12) == 0) printf("\n\t\t");
printf("0x%02X,",data[i]);
}
printf("\n\t\t};\n");
printf("\tDH *dh;\n\n");
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
bits,bits);
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
bits,bits);
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
printf("\t\t{ DH_free(dh); return(NULL); }\n");
if (dh->length)
printf("\tdh->length = %ld;\n", dh->length);
printf("\treturn(dh);\n\t}\n");
OPENSSL_free(data);
}
if (!noout)
{
if (outformat == FORMAT_ASN1)
i=i2d_DHparams_bio(out,dh);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DHparams(out,dh);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int main(int argc, char *argv[])
{
BN_CTX *ctx;
BIO *out;
char *outfile=NULL;
results = 0;
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-results") == 0)
results=1;
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) break;
outfile= *(++argv);
}
argc--;
argv++;
}
ctx=BN_CTX_new();
if (ctx == NULL) EXIT(1);
out=BIO_new(BIO_s_file());
if (out == NULL) EXIT(1);
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
}
else
{
if (!BIO_write_filename(out,outfile))
{
perror(outfile);
EXIT(1);
}
}
if (!results)
BIO_puts(out,"obase=16\nibase=16\n");
message(out,"BN_add");
if (!test_add(out)) goto err;
BIO_flush(out);
message(out,"BN_sub");
if (!test_sub(out)) goto err;
BIO_flush(out);
message(out,"BN_lshift1");
if (!test_lshift1(out)) goto err;
BIO_flush(out);
message(out,"BN_lshift (fixed)");
if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
goto err;
BIO_flush(out);
message(out,"BN_lshift");
if (!test_lshift(out,ctx,NULL)) goto err;
BIO_flush(out);
message(out,"BN_rshift1");
if (!test_rshift1(out)) goto err;
BIO_flush(out);
message(out,"BN_rshift");
if (!test_rshift(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_sqr");
if (!test_sqr(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mul");
if (!test_mul(out)) goto err;
BIO_flush(out);
message(out,"BN_div");
if (!test_div(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_div_recp");
if (!test_div_recp(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mod");
if (!test_mod(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mod_mul");
if (!test_mod_mul(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mont");
if (!test_mont(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mod_exp");
if (!test_mod_exp(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_exp");
if (!test_exp(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_kronecker");
if (!test_kron(out,ctx)) goto err;
BIO_flush(out);
message(out,"BN_mod_sqrt");
if (!test_sqrt(out,ctx)) goto err;
BIO_flush(out);
BN_CTX_free(ctx);
BIO_free(out);
/**/
EXIT(0);
err:
BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
* the failure, see test_bn in test/Makefile.ssl*/
BIO_flush(out);
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
EXIT(1);
return(1);
}
int MAIN(int argc, char **argv)
{
int i,badops=0;
BIO *in=NULL,*out=NULL;
int informat,outformat;
char *infile,*outfile,*prog,*certfile;
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
X509_CRL *crl=NULL;
STACK_OF(OPENSSL_STRING) *certflst=NULL;
STACK_OF(X509_CRL) *crl_stack=NULL;
STACK_OF(X509) *cert_stack=NULL;
int ret=1,nocrl=0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT);
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-nocrl") == 0)
{
nocrl=1;
}
else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-certfile") == 0)
{
if (--argc < 1) goto bad;
if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(certflst,*(++argv));
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err," (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
ret = 1;
goto end;
}
ERR_load_crypto_strings();
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (!nocrl)
{
if (infile == NULL)
BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
TINYCLR_SSL_PERROR(infile);
goto end;
}
}
if (informat == FORMAT_ASN1)
crl=d2i_X509_CRL_bio(in,NULL);
else if (informat == FORMAT_PEM)
crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
else {
BIO_printf(bio_err,"bad input format specified for input crl\n");
goto end;
}
if (crl == NULL)
{
BIO_printf(bio_err,"unable to load CRL\n");
ERR_print_errors(bio_err);
goto end;
}
}
if ((p7=PKCS7_new()) == NULL) goto end;
if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
p7->type=OBJ_nid2obj(NID_pkcs7_signed);
p7->d.sign=p7s;
p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
p7s->crl=crl_stack;
if (crl != NULL)
{
sk_X509_CRL_push(crl_stack,crl);
crl=NULL; /* now part of p7 for OPENSSL_freeing */
}
if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
p7s->cert=cert_stack;
if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack,certfile) < 0)
{
BIO_printf(bio_err, "error loading certificates\n");
ERR_print_errors(bio_err);
goto end;
}
}
sk_OPENSSL_STRING_free(certflst);
if (outfile == NULL)
{
BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
TINYCLR_SSL_PERROR(outfile);
goto end;
}
}
if (outformat == FORMAT_ASN1)
i=i2d_PKCS7_bio(out,p7);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_PKCS7(out,p7);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (p7 != NULL) PKCS7_free(p7);
if (crl != NULL) X509_CRL_free(crl);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int main(int argc, char** argv) {
R_RSA_PUBLIC_KEY public_key;
R_RSA_PRIVATE_KEY private_key;
int i, n, retval;
bool is_valid;
DATA_BLOCK signature, in, out;
unsigned char signature_buf[256], buf[256], buf2[256];
FILE *f, *fpriv, *fpub;
char cbuf[256];
RSA rsa_key;
RSA *rsa_key_;
BIO *bio_out=NULL;
BIO *bio_err=NULL;
char *certpath;
bool b2o=false; // boinc key to openssl key ?
bool kpriv=false; // private key ?
if (argc == 1) {
usage();
exit(1);
}
if (!strcmp(argv[1], "-genkey")) {
if (argc < 5) {
usage();
exit(1);
}
printf("creating keys in %s and %s\n", argv[3], argv[4]);
n = atoi(argv[2]);
srand(random_int());
RSA* rp = RSA_generate_key(n, 65537, 0, 0);
openssl_to_keys(rp, n, private_key, public_key);
fpriv = fopen(argv[3], "w");
if (!fpriv) die("fopen");
fpub = fopen(argv[4], "w");
if (!fpub) die("fopen");
print_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
print_key_hex(fpub, (KEY*)&public_key, sizeof(public_key));
} else if (!strcmp(argv[1], "-sign")) {
if (argc < 4) {
usage();
exit(1);
}
fpriv = fopen(argv[3], "r");
if (!fpriv) die("fopen");
retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
if (retval) die("scan_key_hex\n");
signature.data = signature_buf;
signature.len = 256;
retval = sign_file(argv[2], private_key, signature);
print_hex_data(stdout, signature);
} else if (!strcmp(argv[1], "-sign_string")) {
if (argc < 4) {
usage();
exit(1);
}
fpriv = fopen(argv[3], "r");
if (!fpriv) die("fopen");
retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
if (retval) die("scan_key_hex\n");
generate_signature(argv[2], cbuf, private_key);
puts(cbuf);
} else if (!strcmp(argv[1], "-verify")) {
if (argc < 5) {
usage();
exit(1);
}
fpub = fopen(argv[4], "r");
if (!fpub) die("fopen");
retval = scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key));
if (retval) die("read_public_key");
f = fopen(argv[3], "r");
signature.data = signature_buf;
signature.len = 256;
retval = scan_hex_data(f, signature);
if (retval) die("scan_hex_data");
retval = verify_file(argv[2], public_key, signature, is_valid);
if (retval) die("verify_file");
if (is_valid) {
printf("file is valid\n");
} else {
printf("file is invalid\n");
return 1;
}
} else if (!strcmp(argv[1], "-test_crypt")) {
if (argc < 4) {
usage();
exit(1);
}
fpriv = fopen(argv[2], "r");
if (!fpriv) die("fopen");
retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
if (retval) die("scan_key_hex\n");
fpub = fopen(argv[3], "r");
if (!fpub) die("fopen");
retval = scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key));
if (retval) die("read_public_key");
strcpy((char*)buf2, "encryption test successful");
in.data = buf2;
in.len = strlen((char*)in.data);
out.data = buf;
encrypt_private(private_key, in, out);
in = out;
out.data = buf2;
decrypt_public(public_key, in, out);
printf("out: %s\n", out.data);
} else if (!strcmp(argv[1], "-cert_verify")) {
if (argc < 6)
die("usage: crypt_prog -cert_verify file signature_file certificate_dir ca_dir \n");
f = fopen(argv[3], "r");
signature.data = signature_buf;
signature.len = 256;
retval = scan_hex_data(f, signature);
if (retval) die("cannot scan_hex_data");
certpath = check_validity(argv[4], argv[2], signature.data, argv[5]);
if (certpath == NULL) {
die("signature cannot be verfied.\n\n");
} else {
printf("siganture verified using certificate '%s'.\n\n", certpath);
free(certpath);
}
// this converts, but an executable signed with sign_executable,
// and signature converted to OpenSSL format cannot be verified with
// OpenSSL
} else if (!strcmp(argv[1], "-convsig")) {
if (argc < 5) {
usage();
exit(1);
}
if (strcmp(argv[2], "b2o") == 0) {
b2o = true;
} else if (strcmp(argv[2], "o2b") == 0) {
b2o = false;
} else {
die("either 'o2b' or 'b2o' must be defined for -convsig\n");
}
if (b2o) {
f = fopen(argv[3], "r");
signature.data = signature_buf;
signature.len = 256;
retval = scan_hex_data(f, signature);
fclose(f);
f = fopen(argv[4], "w+");
print_raw_data(f, signature);
fclose(f);
} else {
f = fopen(argv[3], "r");
signature.data = signature_buf;
signature.len = 256;
retval = scan_raw_data(f, signature);
fclose(f);
f = fopen(argv[4], "w+");
print_hex_data(f, signature);
fclose(f);
}
} else if (!strcmp(argv[1], "-convkey")) {
if (argc < 6) {
usage();
exit(1);
}
if (strcmp(argv[2], "b2o") == 0) {
b2o = true;
} else if (strcmp(argv[2], "o2b") == 0) {
b2o = false;
} else {
die("either 'o2b' or 'b2o' must be defined for -convkey\n");
}
if (strcmp(argv[3], "pub") == 0) {
kpriv = false;
} else if (strcmp(argv[3], "priv") == 0) {
kpriv = true;
} else {
die("either 'pub' or 'priv' must be defined for -convkey\n");
}
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ENGINE_load_builtin_engines();
if (bio_err == NULL) {
bio_err = BIO_new_fp(stdout, BIO_NOCLOSE);
}
//enc=EVP_get_cipherbyname("des");
//if (enc == NULL)
// die("could not get cypher.\n");
// no encription yet.
bio_out=BIO_new(BIO_s_file());
if (BIO_write_filename(bio_out,argv[5]) <= 0) {
perror(argv[5]);
die("could not create output file.\n");
}
if (b2o) {
rsa_key_ = RSA_new();
if (kpriv) {
fpriv = fopen(argv[4], "r");
if (!fpriv) {
die("fopen");
}
scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
fclose(fpriv);
private_to_openssl(private_key, &rsa_key);
//i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
// enc, NULL, 0, pass_cb, NULL);
// no encryption yet.
//i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
// NULL, NULL, 0, pass_cb, NULL);
fpriv = fopen(argv[5], "w+");
PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL);
fclose(fpriv);
//if (i == 0) {
// ERR_print_errors(bio_err);
// die("could not write key file.\n");
//}
} else {
fpub = fopen(argv[4], "r");
if (!fpub) {
die("fopen");
}
scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key));
fclose(fpub);
fpub = fopen(argv[5], "w+");
if (!fpub) {
die("fopen");
}
public_to_openssl(public_key, rsa_key_);
i = PEM_write_RSA_PUBKEY(fpub, rsa_key_);
if (i == 0) {
ERR_print_errors(bio_err);
die("could not write key file.\n");
}
fclose(fpub);
}
} else {
// o2b
rsa_key_ = (RSA *)calloc(1, sizeof(RSA));
memset(rsa_key_, 0, sizeof(RSA));
if (rsa_key_ == NULL) {
die("could not allocate memory for RSA structure.\n");
}
if (kpriv) {
fpriv = fopen (argv[4], "r");
rsa_key_ = PEM_read_RSAPrivateKey(fpriv, NULL, NULL, NULL);
fclose(fpriv);
if (rsa_key_ == NULL) {
ERR_print_errors(bio_err);
die("could not load private key.\n");
}
openssl_to_private(rsa_key_, &private_key);
fpriv = fopen(argv[5], "w");
if (!fpriv) {
die("fopen");
}
print_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
} else {
fpub = fopen (argv[4], "r");
rsa_key_ = PEM_read_RSA_PUBKEY(fpub, NULL, NULL, NULL);
fclose(fpub);
if (rsa_key_ == NULL) {
ERR_print_errors(bio_err);
die("could not load public key.\n");
}
openssl_to_keys(rsa_key_, 1024, private_key, public_key);
//openssl_to_public(rsa_key_, &public_key);
public_to_openssl(public_key, rsa_key_); //
fpub = fopen(argv[5], "w");
if (!fpub) {
die("fopen");
}
print_key_hex(fpub, (KEY*)&public_key, sizeof(public_key));
}
}
} else {
usage();
exit(1);
}
return 0;
}
int
enc_main(int argc, char **argv)
{
static const char magic[] = "Salted__";
char mbuf[sizeof magic - 1];
char *strbuf = NULL, *pass = NULL;
unsigned char *buff = NULL;
int bsize = BSIZE;
int ret = 1, inl;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
unsigned char salt[PKCS5_SALT_LEN];
#ifdef ZLIB
BIO *bzl = NULL;
#endif
EVP_CIPHER_CTX *ctx = NULL;
const EVP_MD *dgst = NULL;
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL;
BIO *rbio = NULL, *wbio = NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE + 1];
int i;
if (single_execution) {
if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
perror("pledge");
exit(1);
}
}
memset(&enc_config, 0, sizeof(enc_config));
enc_config.enc = 1;
/* first check the program name */
program_name(argv[0], pname, sizeof(pname));
if (strcmp(pname, "base64") == 0)
enc_config.base64 = 1;
#ifdef ZLIB
if (strcmp(pname, "zlib") == 0)
enc_config.do_zlib = 1;
#endif
enc_config.cipher = EVP_get_cipherbyname(pname);
#ifdef ZLIB
if (!enc_config.do_zlib && !enc_config.base64 &&
enc_config.cipher == NULL && strcmp(pname, "enc") != 0)
#else
if (!enc_config.base64 && enc_config.cipher == NULL &&
strcmp(pname, "enc") != 0)
#endif
{
BIO_printf(bio_err, "%s is an unknown cipher\n", pname);
goto end;
}
if (options_parse(argc, argv, enc_options, NULL, NULL) != 0) {
enc_usage();
goto end;
}
if (enc_config.keyfile != NULL) {
static char buf[128];
FILE *infile;
infile = fopen(enc_config.keyfile, "r");
if (infile == NULL) {
BIO_printf(bio_err, "unable to read key from '%s'\n",
enc_config.keyfile);
goto end;
}
buf[0] = '\0';
if (!fgets(buf, sizeof buf, infile)) {
BIO_printf(bio_err, "unable to read key from '%s'\n",
enc_config.keyfile);
fclose(infile);
goto end;
}
fclose(infile);
i = strlen(buf);
if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
buf[--i] = '\0';
if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
buf[--i] = '\0';
if (i < 1) {
BIO_printf(bio_err, "zero length password\n");
goto end;
}
enc_config.keystr = buf;
}
if (enc_config.md != NULL &&
(dgst = EVP_get_digestbyname(enc_config.md)) == NULL) {
BIO_printf(bio_err,
"%s is an unsupported message digest type\n",
enc_config.md);
goto end;
}
if (dgst == NULL) {
dgst = EVP_md5(); /* XXX */
}
if (enc_config.bufsize != NULL) {
char *p = enc_config.bufsize;
unsigned long n;
/* XXX - provide an OPTION_ARG_DISKUNIT. */
for (n = 0; *p != '\0'; p++) {
i = *p;
if ((i <= '9') && (i >= '0'))
n = n * 10 + i - '0';
else if (i == 'k') {
n *= 1024;
p++;
break;
}
}
if (*p != '\0') {
BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
goto end;
}
/* It must be large enough for a base64 encoded line. */
if (enc_config.base64 && n < 80)
n = 80;
bsize = (int)n;
if (enc_config.verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
}
strbuf = malloc(SIZE);
buff = malloc(EVP_ENCODE_LENGTH(bsize));
if ((buff == NULL) || (strbuf == NULL)) {
BIO_printf(bio_err, "malloc failure %ld\n", (long) EVP_ENCODE_LENGTH(bsize));
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (enc_config.debug) {
BIO_set_callback(in, BIO_debug_callback);
BIO_set_callback(out, BIO_debug_callback);
BIO_set_callback_arg(in, (char *) bio_err);
BIO_set_callback_arg(out, (char *) bio_err);
}
if (enc_config.inf == NULL) {
if (enc_config.bufsize != NULL)
setvbuf(stdin, (char *) NULL, _IONBF, 0);
BIO_set_fp(in, stdin, BIO_NOCLOSE);
} else {
if (BIO_read_filename(in, enc_config.inf) <= 0) {
perror(enc_config.inf);
goto end;
}
}
if (!enc_config.keystr && enc_config.passarg) {
if (!app_passwd(bio_err, enc_config.passarg, NULL,
&pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
enc_config.keystr = pass;
}
if (enc_config.keystr == NULL && enc_config.cipher != NULL &&
enc_config.hkey == NULL) {
for (;;) {
char buf[200];
int retval;
retval = snprintf(buf, sizeof buf,
"enter %s %s password:"******"encryption" : "decryption");
if ((size_t)retval >= sizeof buf) {
BIO_printf(bio_err,
"Password prompt too long\n");
goto end;
}
strbuf[0] = '\0';
i = EVP_read_pw_string((char *)strbuf, SIZE, buf,
enc_config.enc);
if (i == 0) {
if (strbuf[0] == '\0') {
ret = 1;
goto end;
}
enc_config.keystr = strbuf;
break;
}
if (i < 0) {
BIO_printf(bio_err, "bad password read\n");
goto end;
}
}
}
if (enc_config.outf == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
if (enc_config.bufsize != NULL)
setvbuf(stdout, (char *)NULL, _IONBF, 0);
} else {
if (BIO_write_filename(out, enc_config.outf) <= 0) {
perror(enc_config.outf);
goto end;
}
}
rbio = in;
wbio = out;
#ifdef ZLIB
if (do_zlib) {
if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
goto end;
if (enc)
wbio = BIO_push(bzl, wbio);
else
rbio = BIO_push(bzl, rbio);
}
#endif
if (enc_config.base64) {
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
if (enc_config.debug) {
BIO_set_callback(b64, BIO_debug_callback);
BIO_set_callback_arg(b64, (char *) bio_err);
}
if (enc_config.olb64)
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
if (enc_config.enc)
wbio = BIO_push(b64, wbio);
else
rbio = BIO_push(b64, rbio);
}
if (enc_config.cipher != NULL) {
/*
* Note that keystr is NULL if a key was passed on the command
* line, so we get no salt in that case. Is this a bug?
*/
if (enc_config.keystr != NULL) {
/*
* Salt handling: if encrypting generate a salt and
* write to output BIO. If decrypting read salt from
* input BIO.
*/
unsigned char *sptr;
if (enc_config.nosalt)
sptr = NULL;
else {
if (enc_config.enc) {
if (enc_config.hsalt) {
if (!set_hex(enc_config.hsalt, salt, sizeof salt)) {
BIO_printf(bio_err,
"invalid hex salt value\n");
goto end;
}
} else
arc4random_buf(salt,
sizeof(salt));
/*
* If -P option then don't bother
* writing
*/
if ((enc_config.printkey != 2)
&& (BIO_write(wbio, magic,
sizeof magic - 1) != sizeof magic - 1
|| BIO_write(wbio,
(char *) salt,
sizeof salt) != sizeof salt)) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
} else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
|| BIO_read(rbio,
(unsigned char *) salt,
sizeof salt) != sizeof salt) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
} else if (memcmp(mbuf, magic, sizeof magic - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
sptr = salt;
}
EVP_BytesToKey(enc_config.cipher, dgst, sptr,
(unsigned char *)enc_config.keystr,
strlen(enc_config.keystr), 1, key, iv);
/*
* zero the complete buffer or the string passed from
* the command line bug picked up by Larry J. Hughes
* Jr. <*****@*****.**>
*/
if (enc_config.keystr == strbuf)
explicit_bzero(enc_config.keystr, SIZE);
else
explicit_bzero(enc_config.keystr,
strlen(enc_config.keystr));
}
if (enc_config.hiv != NULL &&
!set_hex(enc_config.hiv, iv, sizeof iv)) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
if (enc_config.hiv == NULL && enc_config.keystr == NULL &&
EVP_CIPHER_iv_length(enc_config.cipher) != 0) {
/*
* No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
* making correct decryption impossible.
*/
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
if (enc_config.hkey != NULL &&
!set_hex(enc_config.hkey, key, sizeof key)) {
BIO_printf(bio_err, "invalid hex key value\n");
goto end;
}
if ((benc = BIO_new(BIO_f_cipher())) == NULL)
goto end;
/*
* Since we may be changing parameters work on the encryption
* context rather than calling BIO_set_cipher().
*/
BIO_get_cipher_ctx(benc, &ctx);
if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL,
NULL, enc_config.enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(enc_config.cipher));
ERR_print_errors(bio_err);
goto end;
}
if (enc_config.nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv,
enc_config.enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(enc_config.cipher));
ERR_print_errors(bio_err);
goto end;
}
if (enc_config.debug) {
BIO_set_callback(benc, BIO_debug_callback);
BIO_set_callback_arg(benc, (char *) bio_err);
}
if (enc_config.printkey) {
if (!enc_config.nosalt) {
printf("salt=");
for (i = 0; i < (int) sizeof(salt); i++)
printf("%02X", salt[i]);
printf("\n");
}
if (enc_config.cipher->key_len > 0) {
printf("key=");
for (i = 0; i < enc_config.cipher->key_len; i++)
printf("%02X", key[i]);
printf("\n");
}
if (enc_config.cipher->iv_len > 0) {
printf("iv =");
for (i = 0; i < enc_config.cipher->iv_len; i++)
printf("%02X", iv[i]);
printf("\n");
}
if (enc_config.printkey == 2) {
ret = 0;
goto end;
}
}
}
/* Only encrypt/decrypt as we write the file */
if (benc != NULL)
wbio = BIO_push(benc, wbio);
for (;;) {
inl = BIO_read(rbio, (char *) buff, bsize);
if (inl <= 0)
break;
if (BIO_write(wbio, (char *) buff, inl) != inl) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
}
if (!BIO_flush(wbio)) {
BIO_printf(bio_err, "bad decrypt\n");
goto end;
}
ret = 0;
if (enc_config.verbose) {
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
}
end:
ERR_print_errors(bio_err);
free(strbuf);
free(buff);
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
BIO_free(benc);
BIO_free(b64);
#ifdef ZLIB
BIO_free(bzl);
#endif
free(pass);
return (ret);
}
int
genrsa_main(int argc, char **argv)
{
BN_GENCB cb;
int ret = 1;
int i, num = DEFBITS;
long l;
const EVP_CIPHER *enc = NULL;
unsigned long f4 = RSA_F4;
char *outfile = NULL;
char *passargout = NULL, *passout = NULL;
BIO *out = NULL;
BIGNUM *bn = BN_new();
RSA *rsa = NULL;
if (single_execution) {
if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
perror("pledge");
exit(1);
}
}
if (!bn)
goto err;
BN_GENCB_set(&cb, genrsa_cb, bio_err);
if ((out = BIO_new(BIO_s_file())) == NULL) {
BIO_printf(bio_err, "unable to create BIO for output\n");
goto err;
}
argv++;
argc--;
for (;;) {
if (argc <= 0)
break;
if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-3") == 0)
f4 = 3;
else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0)
f4 = RSA_F4;
#ifndef OPENSSL_NO_DES
else if (strcmp(*argv, "-des") == 0)
enc = EVP_des_cbc();
else if (strcmp(*argv, "-des3") == 0)
enc = EVP_des_ede3_cbc();
#endif
#ifndef OPENSSL_NO_IDEA
else if (strcmp(*argv, "-idea") == 0)
enc = EVP_idea_cbc();
#endif
#ifndef OPENSSL_NO_AES
else if (strcmp(*argv, "-aes128") == 0)
enc = EVP_aes_128_cbc();
else if (strcmp(*argv, "-aes192") == 0)
enc = EVP_aes_192_cbc();
else if (strcmp(*argv, "-aes256") == 0)
enc = EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
else if (strcmp(*argv, "-camellia128") == 0)
enc = EVP_camellia_128_cbc();
else if (strcmp(*argv, "-camellia192") == 0)
enc = EVP_camellia_192_cbc();
else if (strcmp(*argv, "-camellia256") == 0)
enc = EVP_camellia_256_cbc();
#endif
else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
} else
break;
argv++;
argc--;
}
if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
bad:
BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n");
BIO_printf(bio_err, " -des encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err, " -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err, " -idea encrypt the generated key with IDEA in cbc mode\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
#endif
BIO_printf(bio_err, " -out file output the key to 'file\n");
BIO_printf(bio_err, " -passout arg output file pass phrase source\n");
BIO_printf(bio_err, " -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err, " -3 use 3 for the E value\n");
goto err;
}
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto err;
}
}
BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
num);
rsa = RSA_new();
if (!rsa)
goto err;
if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
/*
* We need to do the following for when the base number size is <
* long, esp windows 3.1 :-(.
*/
l = 0L;
for (i = 0; i < rsa->e->top; i++) {
#ifndef _LP64
l <<= BN_BITS4;
l <<= BN_BITS4;
#endif
l += rsa->e->d[i];
}
BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l);
{
PW_CB_DATA cb_data;
cb_data.password = passout;
cb_data.prompt_info = outfile;
if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
password_callback, &cb_data))
goto err;
}
ret = 0;
err:
BN_free(bn);
RSA_free(rsa);
BIO_free_all(out);
free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
return (ret);
}
int MAIN(int argc, char **argv)
{
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
int informat,outformat;
char *infile,*outfile,*prog;
int print_certs=0,text=0,noout=0,p7_print=0;
int ret=1;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-noout") == 0)
noout=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-text") == 0)
text=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-print") == 0)
p7_print=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-print_certs") == 0)
print_certs=1;
#ifndef OPENSSL_NO_ENGINE
else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
ret = 1;
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
if (in == NULL)
{
TINYCLR_SSL_PERROR(infile);
goto end;
}
}
if (informat == FORMAT_ASN1)
p7=d2i_PKCS7_bio(in,NULL);
else if (informat == FORMAT_PEM)
p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
else
{
BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
goto end;
}
if (p7 == NULL)
{
BIO_printf(bio_err,"unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
TINYCLR_SSL_PERROR(outfile);
goto end;
}
}
if (p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
if (print_certs)
{
STACK_OF(X509) *certs=NULL;
STACK_OF(X509_CRL) *crls=NULL;
i=OBJ_obj2nid(p7->type);
switch (i)
{
case NID_pkcs7_signed:
certs=p7->d.sign->cert;
crls=p7->d.sign->crl;
break;
case NID_pkcs7_signedAndEnveloped:
certs=p7->d.signed_and_enveloped->cert;
crls=p7->d.signed_and_enveloped->crl;
break;
default:
break;
}
if (certs != NULL)
{
X509 *x;
for (i=0; i<sk_X509_num(certs); i++)
{
x=sk_X509_value(certs,i);
if(text) X509_print(out, x);
else dump_cert_text(out, x);
if(!noout) PEM_write_bio_X509(out,x);
BIO_puts(out,"\n");
}
}
if (crls != NULL)
{
X509_CRL *crl;
for (i=0; i<sk_X509_CRL_num(crls); i++)
{
crl=sk_X509_CRL_value(crls,i);
X509_CRL_print(out, crl);
if(!noout)PEM_write_bio_X509_CRL(out,crl);
BIO_puts(out,"\n");
}
}
ret=0;
goto end;
}
if(!noout) {
if (outformat == FORMAT_ASN1)
i=i2d_PKCS7_bio(out,p7);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_PKCS7(out,p7);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret=0;
end:
if (p7 != NULL) PKCS7_free(p7);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
{
char *buf = NULL, *p;
MS_STATIC char buf2[1024];
ASN1_INTEGER *bs = NULL, *bs2 = NULL;
BIO *io = NULL;
BIGNUM *serial = NULL;
buf=OPENSSL_malloc( ((serialfile == NULL)
?(strlen(CAfile)+strlen(POSTFIX)+1)
:(strlen(serialfile)))+1);
if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
if (serialfile == NULL)
{
strcpy(buf,CAfile);
for (p=buf; *p; p++)
if (*p == '.')
{
*p='\0';
break;
}
strcat(buf,POSTFIX);
}
else
strcpy(buf,serialfile);
serial=BN_new();
bs=ASN1_INTEGER_new();
if ((serial == NULL) || (bs == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
io=BIO_new(BIO_s_file());
if (io == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (BIO_read_filename(io,buf) <= 0)
{
if (!create)
{
perror(buf);
goto end;
}
else
{
ASN1_INTEGER_set(bs,1);
BN_one(serial);
}
}
else
{
if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
{
BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
ERR_print_errors(bio_err);
goto end;
}
else
{
serial=BN_bin2bn(bs->data,bs->length,serial);
if (serial == NULL)
{
BIO_printf(bio_err,"error converting bin 2 bn");
goto end;
}
}
}
if (!BN_add_word(serial,1))
{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
{ BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
if (BIO_write_filename(io,buf) <= 0)
{
BIO_printf(bio_err,"error attempting to write serial number file\n");
perror(buf);
goto end;
}
i2a_ASN1_INTEGER(io,bs2);
BIO_puts(io,"\n");
BIO_free(io);
if (buf) OPENSSL_free(buf);
ASN1_INTEGER_free(bs2);
BN_free(serial);
io=NULL;
return bs;
end:
if (buf) OPENSSL_free(buf);
BIO_free(io);
ASN1_INTEGER_free(bs);
BN_free(serial);
return NULL;
}
int
gendh_main(int argc, char **argv)
{
BN_GENCB cb;
DH *dh = NULL;
int ret = 1, num = DEFBITS;
int g = 2;
char *outfile = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
BIO *out = NULL;
BN_GENCB_set(&cb, dh_cb, bio_err);
argv++;
argc--;
for (;;) {
if (argc <= 0)
break;
if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-2") == 0)
g = 2;
/*
* else if (strcmp(*argv,"-3") == 0) g=3;
*/
else if (strcmp(*argv, "-5") == 0)
g = 5;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
#endif
else
break;
argv++;
argc--;
}
if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
bad:
BIO_printf(bio_err, "usage: gendh [args] [numbits]\n");
BIO_printf(bio_err, " -out file - output the key to 'file\n");
BIO_printf(bio_err, " -2 - use 2 as the generator value\n");
/*
* BIO_printf(bio_err," -3 - use 3 as the generator
* value\n");
*/
BIO_printf(bio_err, " -5 - use 5 as the generator value\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " -engine e - use engine e, possibly a hardware device.\n");
#endif
goto end;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
out = BIO_new(BIO_s_file());
if (out == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g);
BIO_printf(bio_err, "This is going to take a long time\n");
if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
goto end;
if (!PEM_write_bio_DHparams(out, dh))
goto end;
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
if (out != NULL)
BIO_free_all(out);
if (dh != NULL)
DH_free(dh);
return (ret);
}
int
rand_main(int argc, char **argv)
{
char *num_bytes = NULL;
int ret = 1;
int badopt = 0;
int num = -1;
int i, r;
BIO *out = NULL;
memset(&rand_config, 0, sizeof(rand_config));
if (options_parse(argc, argv, rand_options, &num_bytes, NULL) != 0) {
rand_usage();
return (1);
}
if (num_bytes != NULL) {
r = sscanf(num_bytes, "%d", &num);
if (r == 0 || num < 0)
badopt = 1;
} else
badopt = 1;
if (rand_config.hex && rand_config.base64)
badopt = 1;
if (badopt) {
rand_usage();
goto err;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, rand_config.engine, 0);
#endif
out = BIO_new(BIO_s_file());
if (out == NULL)
goto err;
if (rand_config.outfile != NULL)
r = BIO_write_filename(out, rand_config.outfile);
else
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
if (r <= 0)
goto err;
if (rand_config.base64) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL)
goto err;
out = BIO_push(b64, out);
}
while (num > 0) {
unsigned char buf[4096];
int chunk;
chunk = num;
if (chunk > (int) sizeof(buf))
chunk = sizeof(buf);
arc4random_buf(buf, chunk);
if (rand_config.hex) {
for (i = 0; i < chunk; i++)
BIO_printf(out, "%02x", buf[i]);
} else
BIO_write(out, buf, chunk);
num -= chunk;
}
if (rand_config.hex)
BIO_puts(out, "\n");
(void) BIO_flush(out);
ret = 0;
err:
ERR_print_errors(bio_err);
if (out)
BIO_free_all(out);
return (ret);
}
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,badops=0, sgckey=0;
const EVP_CIPHER *enc=NULL;
BIO *out=NULL;
int informat,outformat,text=0,check=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
int modulus=0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-sgckey") == 0)
sgckey=1;
else if (strcmp(*argv,"-pubin") == 0)
pubin=1;
else if (strcmp(*argv,"-pubout") == 0)
pubout=1;
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-modulus") == 0)
modulus=1;
else if (strcmp(*argv,"-check") == 0)
check=1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -sgckey Use IIS SGC key format\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef OPENSSL_NO_SEED
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
#endif
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the RSA key modulus\n");
BIO_printf(bio_err," -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n");
BIO_printf(bio_err," -pubout output a public key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if(check && pubin) {
BIO_printf(bio_err, "Only private keys can be checked\n");
goto end;
}
out=BIO_new(BIO_s_file());
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(bio_err, infile,
(informat == FORMAT_NETSCAPE && sgckey ?
FORMAT_IISSGC : informat), 1,
passin, e, "Public Key");
else
pkey = load_key(bio_err, infile,
(informat == FORMAT_NETSCAPE && sgckey ?
FORMAT_IISSGC : informat), 1,
passin, e, "Private Key");
if (pkey != NULL)
rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
}
if (rsa == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (text)
if (!RSA_print(out,rsa,0))
{
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (modulus)
{
BIO_printf(out,"Modulus=");
BN_print(out,rsa->n);
BIO_printf(out,"\n");
}
if (check)
{
int r = RSA_check_key(rsa);
if (r == 1)
BIO_printf(out,"RSA key ok\n");
else if (r == 0)
{
unsigned long err;
while ((err = ERR_peek_error()) != 0 &&
ERR_GET_LIB(err) == ERR_LIB_RSA &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
{
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
ERR_get_error(); /* remove e from error stack */
}
}
if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
{
ERR_print_errors(bio_err);
goto end;
}
}
if (noout)
{
ret = 0;
goto end;
}
BIO_printf(bio_err,"writing RSA key\n");
if (outformat == FORMAT_ASN1) {
if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
else i=i2d_RSAPrivateKey_bio(out,rsa);
}
#ifndef OPENSSL_NO_RC4
else if (outformat == FORMAT_NETSCAPE)
{
unsigned char *p,*pp;
int size;
i=1;
size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto end;
}
pp=p;
i2d_RSA_NET(rsa,&p,NULL, sgckey);
BIO_write(out,(char *)pp,size);
OPENSSL_free(pp);
}
#endif
else if (outformat == FORMAT_PEM) {
if(pubout || pubin)
i=PEM_write_bio_RSA_PUBKEY(out,rsa);
else i=PEM_write_bio_RSAPrivateKey(out,rsa,
enc,NULL,0,NULL,passout);
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write key\n");
ERR_print_errors(bio_err);
}
else
ret=0;
end:
if(out != NULL) BIO_free_all(out);
if(rsa != NULL) RSA_free(rsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret = 1;
DSA *dsa = NULL;
int i, badops = 0;
const EVP_CIPHER *enc = NULL;
BIO *in = NULL, *out = NULL;
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0;
char *infile, *outfile, *prog;
char *engine;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus = 0;
int pvk_encr = 2;
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
engine = NULL;
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
} else if (strcmp(*argv, "-passin") == 0) {
if (--argc < 1)
goto bad;
passargin = *(++argv);
} else if (strcmp(*argv, "-passout") == 0) {
if (--argc < 1)
goto bad;
passargout = *(++argv);
}
# ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
# endif
else if (strcmp(*argv, "-pvk-strong") == 0)
pvk_encr = 2;
else if (strcmp(*argv, "-pvk-weak") == 0)
pvk_encr = 1;
else if (strcmp(*argv, "-pvk-none") == 0)
pvk_encr = 0;
else if (strcmp(*argv, "-noout") == 0)
noout = 1;
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-modulus") == 0)
modulus = 1;
else if (strcmp(*argv, "-pubin") == 0)
pubin = 1;
else if (strcmp(*argv, "-pubout") == 0)
pubout = 1;
else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err,
" -passin arg input file pass phrase source\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err,
" -passout arg output file pass phrase source\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
# endif
BIO_printf(bio_err,
" -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err,
" -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
# ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,
" -idea encrypt PEM output with cbc idea\n");
# endif
# ifndef OPENSSL_NO_AES
BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc aes\n");
# endif
# ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err,
" encrypt PEM output with cbc camellia\n");
# endif
# ifndef OPENSSL_NO_SEED
BIO_printf(bio_err,
" -seed encrypt PEM output with cbc seed\n");
# endif
BIO_printf(bio_err, " -text print the key in text\n");
BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -modulus print the DSA public value\n");
goto end;
}
ERR_load_crypto_strings();
e = setup_engine(bio_err, engine, 0);
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
BIO_printf(bio_err, "read DSA key\n");
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1,
passin, e, "Public Key");
else
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "Private Key");
if (pkey) {
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
# ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
# endif
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
if (text)
if (!DSA_print(out, dsa, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (modulus) {
fprintf(stdout, "Public Key=");
BN_print(out, dsa->pub_key);
fprintf(stdout, "\n");
}
if (noout)
goto end;
BIO_printf(bio_err, "writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if (pubin || pubout)
i = i2d_DSA_PUBKEY_bio(out, dsa);
else
i = i2d_DSAPrivateKey_bio(out, dsa);
} else if (outformat == FORMAT_PEM) {
if (pubin || pubout)
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
else
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
NULL, 0, NULL, passout);
# if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
else if (pubin || pubout)
i = i2b_PublicKey_bio(out, pk);
else
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
# endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (i <= 0) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
} else
ret = 0;
end:
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
release_engine(e);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
char *inrand=NULL,*dsaparams=NULL;
char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
const EVP_CIPHER *enc=NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
argv++;
argc--;
for (;;)
{
if (argc <= 0) break;
if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
else if (strcmp(*argv,"-") == 0)
goto bad;
#ifndef OPENSSL_NO_DES
else if (strcmp(*argv,"-des") == 0)
enc=EVP_des_cbc();
else if (strcmp(*argv,"-des3") == 0)
enc=EVP_des_ede3_cbc();
#endif
#ifndef OPENSSL_NO_IDEA
else if (strcmp(*argv,"-idea") == 0)
enc=EVP_idea_cbc();
#endif
#ifndef OPENSSL_NO_AES
else if (strcmp(*argv,"-aes128") == 0)
enc=EVP_aes_128_cbc();
else if (strcmp(*argv,"-aes192") == 0)
enc=EVP_aes_192_cbc();
else if (strcmp(*argv,"-aes256") == 0)
enc=EVP_aes_256_cbc();
#endif
else if (**argv != '-' && dsaparams == NULL)
{
dsaparams = *argv;
}
else
goto bad;
argv++;
argc--;
}
if (dsaparams == NULL)
{
bad:
BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
BIO_printf(bio_err," -out file - output the key to 'file'\n");
#ifndef OPENSSL_NO_DES
BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
#endif
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," dsaparam-file\n");
BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
in=BIO_new(BIO_s_file());
if (!(BIO_read_filename(in,dsaparams)))
{
perror(dsaparams);
goto end;
}
if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
{
BIO_printf(bio_err,"unable to load DSA parameter file\n");
goto end;
}
BIO_free(in);
in = NULL;
out=BIO_new(BIO_s_file());
if (out == NULL) goto end;
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating DSA key, %d bits\n",
BN_num_bits(dsa->p));
if (!DSA_generate_key(dsa)) goto end;
app_RAND_write_file(NULL, bio_err);
if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
goto end;
ret=0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
if(passout) OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
char *inrand=NULL;
char *engine=NULL;
BIO *out=NULL;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
argv++;
argc--;
for (;;)
{
if (argc <= 0) break;
if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-2") == 0)
g=2;
/* else if (strcmp(*argv,"-3") == 0)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
else
break;
argv++;
argc--;
}
if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
{
bad:
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
BIO_printf(bio_err," -out file - output the key to 'file\n");
BIO_printf(bio_err," -2 - use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 - use 5 as the generator value\n");
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
}
e = setup_engine(bio_err, engine, 0);
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
BIO_printf(bio_err,"This is going to take a long time\n");
dh=DH_generate_parameters(num,g,dh_cb,bio_err);
if (dh == NULL) goto end;
app_RAND_write_file(NULL, bio_err);
if (!PEM_write_bio_DHparams(out,dh))
goto end;
ret=0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
char *inrand = NULL;
int base64 = 0;
BIO *out = NULL;
int num = -1;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
badopt = 0;
i = 0;
while (!badopt && argv[++i] != NULL)
{
if (strcmp(argv[i], "-out") == 0)
{
if ((argv[i+1] != NULL) && (outfile == NULL))
outfile = argv[++i];
else
badopt = 1;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(argv[i], "-engine") == 0)
{
if ((argv[i+1] != NULL) && (engine == NULL))
engine = argv[++i];
else
badopt = 1;
}
#endif
else if (strcmp(argv[i], "-rand") == 0)
{
if ((argv[i+1] != NULL) && (inrand == NULL))
inrand = argv[++i];
else
badopt = 1;
}
else if (strcmp(argv[i], "-base64") == 0)
{
if (!base64)
base64 = 1;
else
badopt = 1;
}
else if (isdigit((unsigned char)argv[i][0]))
{
if (num < 0)
{
r = sscanf(argv[i], "%d", &num);
if (r == 0 || num < 0)
badopt = 1;
}
else
badopt = 1;
}
else
badopt = 1;
}
if (num < 0)
badopt = 1;
if (badopt)
{
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - encode output\n");
goto err;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
out = BIO_new(BIO_s_file());
if (out == NULL)
goto err;
if (outfile != NULL)
r = BIO_write_filename(out, outfile);
else
{
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (r <= 0)
goto err;
if (base64)
{
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL)
goto err;
out = BIO_push(b64, out);
}
while (num > 0)
{
unsigned char buf[4096];
int chunk;
chunk = num;
if (chunk > (int)sizeof(buf))
chunk = sizeof buf;
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto err;
BIO_write(out, buf, chunk);
num -= chunk;
}
BIO_flush(out);
app_RAND_write_file(NULL, bio_err);
ret = 0;
err:
ERR_print_errors(bio_err);
if (out)
BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
static const char magic[]="Salted__";
char mbuf[sizeof magic-1];
char *strbuf=NULL;
unsigned char *buff=NULL,*bufsize=NULL;
int bsize=BSIZE,verbose=0;
int ret=1,inl;
int nopad = 0;
unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
unsigned char salt[PKCS5_SALT_LEN];
char *str=NULL, *passarg = NULL, *pass = NULL;
char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
char *md=NULL;
int enc=1,printkey=0,i,base64=0;
int debug=0,olb64=0,nosalt=0;
const EVP_CIPHER *cipher=NULL,*c;
EVP_CIPHER_CTX *ctx = NULL;
char *inf=NULL,*outf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
const EVP_MD *dgst=NULL;
int non_fips_allow = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
/* first check the program name */
program_name(argv[0],pname,sizeof pname);
if (strcmp(pname,"base64") == 0)
base64=1;
cipher=EVP_get_cipherbyname(pname);
if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
{
BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
goto bad;
}
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-e") == 0)
enc=1;
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
inf= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outf= *(++argv);
}
else if (strcmp(*argv,"-pass") == 0)
{
if (--argc < 1) goto bad;
passarg= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
printkey=1;
else if (strcmp(*argv,"-v") == 0)
verbose=1;
else if (strcmp(*argv,"-nopad") == 0)
nopad=1;
else if (strcmp(*argv,"-salt") == 0)
nosalt=0;
else if (strcmp(*argv,"-nosalt") == 0)
nosalt=1;
else if (strcmp(*argv,"-debug") == 0)
debug=1;
else if (strcmp(*argv,"-P") == 0)
printkey=2;
else if (strcmp(*argv,"-A") == 0)
olb64=1;
else if (strcmp(*argv,"-a") == 0)
base64=1;
else if (strcmp(*argv,"-base64") == 0)
base64=1;
else if (strcmp(*argv,"-bufsize") == 0)
{
if (--argc < 1) goto bad;
bufsize=(unsigned char *)*(++argv);
}
else if (strcmp(*argv,"-k") == 0)
{
if (--argc < 1) goto bad;
str= *(++argv);
}
else if (strcmp(*argv,"-kfile") == 0)
{
static char buf[128];
FILE *infile;
char *file;
if (--argc < 1) goto bad;
file= *(++argv);
infile=fopen(file,"r");
if (infile == NULL)
{
BIO_printf(bio_err,"unable to read key from '%s'\n",
file);
goto bad;
}
buf[0]='\0';
if (!fgets(buf,sizeof buf,infile))
{
BIO_printf(bio_err,"unable to read key from '%s'\n",
file);
goto bad;
}
fclose(infile);
i=strlen(buf);
if ((i > 0) &&
((buf[i-1] == '\n') || (buf[i-1] == '\r')))
buf[--i]='\0';
if ((i > 0) &&
((buf[i-1] == '\n') || (buf[i-1] == '\r')))
buf[--i]='\0';
if (i < 1)
{
BIO_printf(bio_err,"zero length password\n");
goto bad;
}
str=buf;
}
else if (strcmp(*argv,"-K") == 0)
{
if (--argc < 1) goto bad;
hkey= *(++argv);
}
else if (strcmp(*argv,"-S") == 0)
{
if (--argc < 1) goto bad;
hsalt= *(++argv);
}
else if (strcmp(*argv,"-iv") == 0)
{
if (--argc < 1) goto bad;
hiv= *(++argv);
}
else if (strcmp(*argv,"-md") == 0)
{
if (--argc < 1) goto bad;
md= *(++argv);
}
else if (strcmp(*argv,"-non-fips-allow") == 0)
non_fips_allow = 1;
else if ((argv[0][0] == '-') &&
((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
{
cipher=c;
}
else if (strcmp(*argv,"-none") == 0)
cipher=NULL;
else
{
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
bad:
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"%-14s input file\n","-in <file>");
BIO_printf(bio_err,"%-14s output file\n","-out <file>");
BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
BIO_printf(bio_err,"%-14s encrypt\n","-e");
BIO_printf(bio_err,"%-14s decrypt\n","-d");
BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
#endif
BIO_printf(bio_err,"Cipher Types\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers,
bio_err);
BIO_printf(bio_err,"\n");
goto end;
}
argc--;
argv++;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
goto end;
}
if (dgst == NULL)
{
if (in_FIPS_mode)
dgst = EVP_sha1();
else
dgst = EVP_md5();
}
if (bufsize != NULL)
{
unsigned long n;
for (n=0; *bufsize; bufsize++)
{
i= *bufsize;
if ((i <= '9') && (i >= '0'))
n=n*10+i-'0';
else if (i == 'k')
{
n*=1024;
bufsize++;
break;
}
}
if (*bufsize != '\0')
{
BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
goto end;
}
/* It must be large enough for a base64 encoded line */
if (base64 && n < 80) n=80;
bsize=(int)n;
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
}
strbuf=OPENSSL_malloc(SIZE);
buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
if ((buff == NULL) || (strbuf == NULL))
{
BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
goto end;
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (debug)
{
BIO_set_callback(in,BIO_debug_callback);
BIO_set_callback(out,BIO_debug_callback);
BIO_set_callback_arg(in,(char *)bio_err);
BIO_set_callback_arg(out,(char *)bio_err);
}
if (inf == NULL)
{
if (bufsize != NULL)
setvbuf(stdin, (char *)NULL, _IONBF, 0);
BIO_set_fp(in,stdin,BIO_NOCLOSE);
}
else
{
if (BIO_read_filename(in,inf) <= 0)
{
perror(inf);
goto end;
}
}
if(!str && passarg) {
if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
str = pass;
}
if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
{
for (;;)
{
char buf[200];
BIO_snprintf(buf,sizeof buf,"enter %s %s password:"******"encryption":"decryption");
strbuf[0]='\0';
i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
if (i == 0)
{
if (strbuf[0] == '\0')
{
ret=1;
goto end;
}
str=strbuf;
break;
}
if (i < 0)
{
BIO_printf(bio_err,"bad password read\n");
goto end;
}
}
}
if (outf == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
if (bufsize != NULL)
setvbuf(stdout, (char *)NULL, _IONBF, 0);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outf) <= 0)
{
perror(outf);
goto end;
}
}
rbio=in;
wbio=out;
if (base64)
{
if ((b64=BIO_new(BIO_f_base64())) == NULL)
goto end;
if (debug)
{
BIO_set_callback(b64,BIO_debug_callback);
BIO_set_callback_arg(b64,(char *)bio_err);
}
if (olb64)
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
if (enc)
wbio=BIO_push(b64,wbio);
else
rbio=BIO_push(b64,rbio);
}
if (cipher != NULL)
{
/* Note that str is NULL if a key was passed on the command
* line, so we get no salt in that case. Is this a bug?
*/
if (str != NULL)
{
/* Salt handling: if encrypting generate a salt and
* write to output BIO. If decrypting read salt from
* input BIO.
*/
unsigned char *sptr;
if(nosalt) sptr = NULL;
else {
if(enc) {
if(hsalt) {
if(!set_hex(hsalt,salt,sizeof salt)) {
BIO_printf(bio_err,
"invalid hex salt value\n");
goto end;
}
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
goto end;
/* If -P option then don't bother writing */
if((printkey != 2)
&& (BIO_write(wbio,magic,
sizeof magic-1) != sizeof magic-1
|| BIO_write(wbio,
(char *)salt,
sizeof salt) != sizeof salt)) {
BIO_printf(bio_err,"error writing output file\n");
goto end;
}
} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
|| BIO_read(rbio,
(unsigned char *)salt,
sizeof salt) != sizeof salt) {
BIO_printf(bio_err,"error reading input file\n");
goto end;
} else if(memcmp(mbuf,magic,sizeof magic-1)) {
BIO_printf(bio_err,"bad magic number\n");
goto end;
}
sptr = salt;
}
EVP_BytesToKey(cipher,dgst,sptr,
(unsigned char *)str,
strlen(str),1,key,iv);
/* zero the complete buffer or the string
* passed from the command line
* bug picked up by
* Larry J. Hughes Jr. <*****@*****.**> */
if (str == strbuf)
OPENSSL_cleanse(str,SIZE);
else
OPENSSL_cleanse(str,strlen(str));
}
if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
{
BIO_printf(bio_err,"invalid hex iv value\n");
goto end;
}
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0)
{
/* No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
* making correct decryption impossible. */
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
{
BIO_printf(bio_err,"invalid hex key value\n");
goto end;
}
if ((benc=BIO_new(BIO_f_cipher())) == NULL)
goto end;
/* Since we may be changing parameters work on the encryption
* context rather than calling BIO_set_cipher().
*/
BIO_get_cipher_ctx(benc, &ctx);
if (non_fips_allow)
EVP_CIPHER_CTX_set_flags(ctx,
EVP_CIPH_FLAG_NON_FIPS_ALLOW);
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
{
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
{
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (debug)
{
BIO_set_callback(benc,BIO_debug_callback);
BIO_set_callback_arg(benc,(char *)bio_err);
}
if (printkey)
{
if (!nosalt)
{
printf("salt=");
for (i=0; i<(int)sizeof(salt); i++)
printf("%02X",salt[i]);
printf("\n");
}
if (cipher->key_len > 0)
{
printf("key=");
for (i=0; i<cipher->key_len; i++)
printf("%02X",key[i]);
printf("\n");
}
if (cipher->iv_len > 0)
{
printf("iv =");
for (i=0; i<cipher->iv_len; i++)
printf("%02X",iv[i]);
printf("\n");
}
if (printkey == 2)
{
ret=0;
goto end;
}
}
}
/* Only encrypt/decrypt as we write the file */
if (benc != NULL)
wbio=BIO_push(benc,wbio);
for (;;)
{
inl=BIO_read(rbio,(char *)buff,bsize);
if (inl <= 0) break;
if (BIO_write(wbio,(char *)buff,inl) != inl)
{
BIO_printf(bio_err,"error writing output file\n");
goto end;
}
}
if (!BIO_flush(wbio))
{
BIO_printf(bio_err,"bad decrypt\n");
goto end;
}
ret=0;
if (verbose)
{
BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
}
end:
ERR_print_errors(bio_err);
if (strbuf != NULL) OPENSSL_free(strbuf);
if (buff != NULL) OPENSSL_free(buff);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
if(pass) OPENSSL_free(pass);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int main(int argc, char **argv)
{
BIO* in=NULL;
BIO* out=NULL;
char *outfile = NULL;
char *infile = NULL;
int tabLength=100;
char *binaryptr;
char *mimetype;
char *mimetypeaccept=NULL;
char *contenttype;
const char **pp;
unsigned char *hostporturl = NULL;
BIO *p12bio;
char **args = argv + 1;
unsigned char *serverurl;
sslctxparm p;
char *response;
CURLcode res;
struct curl_slist *headers=NULL;
int badarg=0;
binaryptr = malloc(tabLength);
p.verbose = 0;
p.errorbio = BIO_new_fp(stderr, BIO_NOCLOSE);
curl_global_init(CURL_GLOBAL_DEFAULT);
/* we need some more for the P12 decoding */
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
while(*args && *args[0] == '-') {
if(!strcmp (*args, "-in")) {
if(args[1]) {
infile=*(++args);
}
else
badarg=1;
}
else if(!strcmp (*args, "-out")) {
if(args[1]) {
outfile=*(++args);
}
else
badarg=1;
}
else if(!strcmp (*args, "-p12")) {
if(args[1]) {
p.p12file = *(++args);
}
else
badarg=1;
}
else if(strcmp(*args, "-envpass") == 0) {
if(args[1]) {
p.pst = getenv(*(++args));
}
else
badarg=1;
}
else if(strcmp(*args, "-connect") == 0) {
if(args[1]) {
hostporturl = *(++args);
}
else
badarg=1;
}
else if(strcmp(*args, "-mimetype") == 0) {
if(args[1]) {
mimetype = *(++args);
}
else
badarg=1;
}
else if(strcmp(*args, "-acceptmime") == 0) {
if(args[1]) {
mimetypeaccept = *(++args);
}
else
badarg=1;
}
else if(strcmp(*args, "-accesstype") == 0) {
if(args[1]) {
p.accesstype = OBJ_obj2nid(OBJ_txt2obj(*++args, 0));
if(p.accesstype == 0)
badarg=1;
}
else
badarg=1;
}
else if(strcmp(*args, "-verbose") == 0) {
p.verbose++;
}
else
badarg=1;
args++;
}
if(mimetype==NULL || mimetypeaccept == NULL)
badarg = 1;
if(badarg) {
for(pp=curlx_usage; (*pp != NULL); pp++)
BIO_printf(p.errorbio, "%s\n", *pp);
BIO_printf(p.errorbio, "\n");
goto err;
}
/* set input */
if((in=BIO_new(BIO_s_file())) == NULL) {
BIO_printf(p.errorbio, "Error setting input bio\n");
goto err;
}
else if(infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE|BIO_FP_TEXT);
else if(BIO_read_filename(in, infile) <= 0) {
BIO_printf(p.errorbio, "Error opening input file %s\n", infile);
BIO_free(in);
goto err;
}
/* set output */
if((out=BIO_new(BIO_s_file())) == NULL) {
BIO_printf(p.errorbio, "Error setting output bio.\n");
goto err;
}
else if(outfile == NULL)
BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT);
else if(BIO_write_filename(out, outfile) <= 0) {
BIO_printf(p.errorbio, "Error opening output file %s\n", outfile);
BIO_free(out);
goto err;
}
p.errorbio = BIO_new_fp(stderr, BIO_NOCLOSE);
p.curl = curl_easy_init();
if(!p.curl) {
BIO_printf(p.errorbio, "Cannot init curl lib\n");
goto err;
}
p12bio = BIO_new_file(p.p12file, "rb");
if(!p12bio) {
BIO_printf(p.errorbio, "Error opening P12 file %s\n", p.p12file);
goto err;
}
p.p12 = d2i_PKCS12_bio(p12bio, NULL);
if(!p.p12) {
BIO_printf(p.errorbio, "Cannot decode P12 structure %s\n", p.p12file);
goto err;
}
p.ca= NULL;
if(!(PKCS12_parse (p.p12, p.pst, &(p.pkey), &(p.usercert), &(p.ca) ) )) {
BIO_printf(p.errorbio, "Invalid P12 structure in %s\n", p.p12file);
goto err;
}
if(sk_X509_num(p.ca) <= 0) {
BIO_printf(p.errorbio, "No trustworthy CA given.%s\n", p.p12file);
goto err;
}
if(p.verbose > 1)
X509_print_ex(p.errorbio, p.usercert, 0, 0);
/* determine URL to go */
if(hostporturl) {
size_t len = strlen(hostporturl) + 9;
serverurl = malloc(len);
snprintf(serverurl, len, "https://%s", hostporturl);
}
else if(p.accesstype != 0) { /* see whether we can find an AIA or SIA for a
given access type */
serverurl = my_get_ext(p.usercert, p.accesstype, NID_info_access);
if(!serverurl) {
int j=0;
BIO_printf(p.errorbio, "no service URL in user cert "
"cherching in others certificats\n");
for(j=0; j<sk_X509_num(p.ca); j++) {
serverurl = my_get_ext(sk_X509_value(p.ca, j), p.accesstype,
NID_info_access);
if(serverurl)
break;
serverurl = my_get_ext(sk_X509_value(p.ca, j), p.accesstype,
NID_sinfo_access);
if(serverurl)
break;
}
}
}
if(!serverurl) {
BIO_printf(p.errorbio, "no service URL in certificats,"
" check '-accesstype (AD_DVCS | ad_timestamping)'"
" or use '-connect'\n");
goto err;
}
if(p.verbose)
BIO_printf(p.errorbio, "Service URL: <%s>\n", serverurl);
curl_easy_setopt(p.curl, CURLOPT_URL, serverurl);
/* Now specify the POST binary data */
curl_easy_setopt(p.curl, CURLOPT_POSTFIELDS, binaryptr);
curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE, (long)tabLength);
/* pass our list of custom made headers */
contenttype = malloc(15+strlen(mimetype));
snprintf(contenttype, 15+strlen(mimetype), "Content-type: %s", mimetype);
headers = curl_slist_append(headers, contenttype);
curl_easy_setopt(p.curl, CURLOPT_HTTPHEADER, headers);
if(p.verbose)
BIO_printf(p.errorbio, "Service URL: <%s>\n", serverurl);
{
FILE *outfp;
BIO_get_fp(out, &outfp);
curl_easy_setopt(p.curl, CURLOPT_WRITEDATA, outfp);
}
res = curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun);
if(res != CURLE_OK)
BIO_printf(p.errorbio, "%d %s=%d %d\n", __LINE__,
"CURLOPT_SSL_CTX_FUNCTION", CURLOPT_SSL_CTX_FUNCTION, res);
curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_DATA, &p);
{
int lu; int i=0;
while((lu = BIO_read(in, &binaryptr[i], tabLength-i)) >0) {
i+=lu;
if(i== tabLength) {
tabLength+=100;
binaryptr=realloc(binaryptr, tabLength); /* should be more careful */
}
}
tabLength = i;
}
/* Now specify the POST binary data */
curl_easy_setopt(p.curl, CURLOPT_POSTFIELDS, binaryptr);
curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE, (long)tabLength);
/* Perform the request, res will get the return code */
BIO_printf(p.errorbio, "%d %s %d\n", __LINE__, "curl_easy_perform",
res = curl_easy_perform(p.curl));
{
int result =curl_easy_getinfo(p.curl, CURLINFO_CONTENT_TYPE, &response);
if(mimetypeaccept && p.verbose)
if(!strcmp(mimetypeaccept, response))
BIO_printf(p.errorbio, "the response has a correct mimetype : %s\n",
response);
else
BIO_printf(p.errorbio, "the response doesn\'t have an acceptable "
"mime type, it is %s instead of %s\n",
response, mimetypeaccept);
}
/*** code d'erreur si accept mime ***, egalement code return HTTP != 200 ***/
/* free the header list*/
curl_slist_free_all(headers);
/* always cleanup */
curl_easy_cleanup(p.curl);
BIO_free(in);
BIO_free(out);
return (EXIT_SUCCESS);
err: BIO_printf(p.errorbio, "error");
exit(1);
}
int main(int argc, char *argv[]) {
int c, poll = 0, reqversion = 0, rc = -1;
char *cacertfile = NULL, *keyfile = NULL, *challenge = NULL,
*savedrequestfile = NULL, *requestfile = NULL,
*dn = NULL, *spkacfile = NULL, *endrequest = NULL;
scep_t scep;
BIO *repbio;
char *url = "http://localhost/cgi-bin";
scepmsg_t *msg;
unsigned char *checkNonce = NULL;
/* initialize what you can */
scepinit();
scep_clear(&scep);
/* we are a client */
scep.client = 1;
/* parse command line */
while (EOF != (c = getopt(argc, argv, "dc:e:r:s:k:w:pu:2a:q:")))
switch (c) {
case 'd':
debug++;
break;
case 'e':
endrequest = optarg;
break;
case 'c':
cacertfile = optarg;
break;
case 's':
savedrequestfile = optarg;
case 'r':
/* the request file will also contain the self */
/* signed certificate */
requestfile = optarg;
break;
case 'k':
keyfile = optarg;
break;
case 'w':
challenge = optarg;
break;
case 'p':
poll = 1;
break;
case 'q':
scep.community = optarg;
break;
case 'u':
url = optarg;
break;
case '2':
reqversion = 1;
break;
case 'a':
spkacfile = optarg;
break;
}
/* stop immediately if request or key is missing */
/* (even in the case of a version 2 proxied request, we need */
/* a request as the carrier of the proxy entities public key) */
if (keyfile == NULL) {
BIO_printf(bio_err, "%s:%d: key file is required argument\n",
__FILE__, __LINE__);
goto err;
}
if (requestfile == NULL) {
BIO_printf(bio_err, "%s:%d: request file is required "
"argument\n", __FILE__, __LINE__);
goto err;
}
/* we are preparing the request message */
msg = &scep.request;
/* decode the URL */
if (parseurl(&scep, url) < 0) {
BIO_printf(bio_err, "%s:%d: cannot parse url\n", __FILE__,
__LINE__);
goto err;
}
if (debug)
BIO_printf(bio_err, "%s:%d: decoded URL %s|%d|%s\n", __FILE__,
__LINE__, scep.h.httphost, scep.h.httpport,
scep.h.httppath);
/* read the client key and request information */
if (read_clientstuff(&scep, requestfile, keyfile) < 0) {
BIO_printf(bio_err, "%s:%d: failed to read client stuff\n",
__FILE__, __LINE__);
goto err;
}
/* now we have to decide about the payload we want to have */
/* with our scep request: */
/* - for a version 1 request, this will always be the original */
/* certificate signing request */
/* - for a version 2 request, it will be a payload structure */
switch (reqversion) {
case 0:
/* for a version 1 client, client pubkey and client req */
/* coincide */
scep.requestorpubkey = scep.clientpubkey;
scep.requestorreq = scep.clientreq;
if (debug)
BIO_printf(bio_err, "%s:%d: end request coincides "
"with SCEP client\n", __FILE__, __LINE__);
break;
case 1:
msg->rd.payload = payload_new();
rc = -1;
if (spkacfile) {
if (debug)
BIO_printf(bio_err, "%s:%d: reading spki "
"from %s\n", __FILE__, __LINE__,
spkacfile);
rc = read_requestorstuff(&scep, 1, spkacfile);
} else if (endrequest) {
if (debug)
BIO_printf(bio_err, "%s:%d: reading X509 req "
"from %s\n", __FILE__, __LINE__,
endrequest);
rc = read_requestorstuff(&scep, 0, endrequest);
}
if (rc < 0) {
BIO_printf(bio_err, "%s:%d: could not read end "
"request data\n", __FILE__, __LINE__);
goto err;
}
if (debug)
BIO_printf(bio_err, "%s:%d: end request read\n",
__FILE__, __LINE__);
break;
}
/* set the transaction id value */
scep.transId = key_fingerprint(scep.requestorpubkey);
if (debug)
BIO_printf(bio_err, "%s:%d: transaction ID is %s\n",
__FILE__, __LINE__, scep.transId);
/* read the CA certificate file */
if (read_castuff(&scep, cacertfile) < 0) {
BIO_printf(bio_err, "%s:%d: read CA certificate info\n",
__FILE__, __LINE__);
}
if (debug)
BIO_printf(bio_err, "%s:%d: CA certificate read\n",
__FILE__, __LINE__);
/* for SPKI requests, there should be exactly one more argument */
/* namely the distinguished name */
if (spkacfile) {
if ((argc - optind) != 1) {
BIO_printf(bio_err, "%s:%d: DN argument needed\n",
__FILE__, __LINE__);
goto err;
}
dn = argv[optind];
if (debug)
BIO_printf(bio_err, "%s:%d: DN argument is '%s'\n",
__FILE__, __LINE__, dn);
/* convert the DN into attributes and add them to the */
/* payload */
if (payload_dn_to_attrs(msg->rd.payload, dn) < 0) {
BIO_printf(bio_err, "%s:%d: failed to add DN attrs\n",
__FILE__, __LINE__);
goto err;
}
}
/* skip creation of a request message when polling */
if (poll)
goto pollinginit;
/* pack the request as a PKSCReq message, of type PKCSReq */
switch (reqversion) {
case 0:
msg->messageType = SCEP_MESSAGE_TYPE_PKCSREQ;
msg->rd.req = scep.clientreq;
break;
case 1:
/* build a version 2 payload */
if (debug)
BIO_printf(bio_err, "%s:%d: building version 2 "
"payload\n", __FILE__, __LINE__);
if (scep.requestorreq)
payload_set_req(msg->rd.payload, scep.requestorreq);
if (scep.requestorspki)
payload_set_spki(msg->rd.payload, scep.requestorspki);
/* set the correct message type */
if (scep.community) {
/* compute the authenticator from the original */
/* request and the community */
msg->messageType = SCEP_MESSAGE_TYPE_V2PROXY;
} else {
msg->messageType = SCEP_MESSAGE_TYPE_V2REQUEST;
}
break;
}
/* write the request to the request file, for later perusal */
if (savedrequestfile) {
BIO *reqbio;
reqbio = BIO_new(BIO_s_file());
BIO_write_filename(reqbio, savedrequestfile);
switch (reqversion) {
case 0:
/* version 1 request has a X509_REQ payload */
PEM_write_bio_X509_REQ(reqbio, msg->rd.req);
break;
case 1:
/* version 2 requests have a "real" payload */
i2d_payload_bio(reqbio, msg->rd.payload);
break;
}
BIO_free(reqbio);
}
goto common;
pollinginit:
/* when polling, the request is a GetCertInitial message */
msg->messageType = SCEP_MESSAGE_TYPE_GETCERTINITIAL;
/* the contents is the pair issuer and subject */
msg->rd.is = (issuer_and_subject_t *)malloc(
sizeof(issuer_and_subject_t));
msg->rd.is->issuer = X509_get_subject_name(scep.cacert);
msg->rd.is->subject = NULL;
/* when polling we should read the request from request file */
/* (only needed for the distinguished name of the client) */
if (debug)
BIO_printf(bio_err, "%s:%d: getting subject X509_NAME\n",
__FILE__, __LINE__);
switch (reqversion) {
case 0:
msg->rd.is->subject = X509_REQ_get_subject_name(scep.clientreq);
break;
case 1:
if (scep.requestorreq)
msg->rd.is->subject
= X509_REQ_get_subject_name(scep.requestorreq);
if (scep.requestorspki) {
if (debug)
BIO_printf(bio_err, "%s:%d: converting DN '%s' "
"to X509_NAME\n",
__FILE__, __LINE__, dn);
msg->rd.is->subject = ldap_to_x509(dn);
}
break;
}
if (msg->rd.is->subject == NULL) {
BIO_printf(bio_err, "%s:%d: no subject found\n",
__FILE__, __LINE__);
goto err;
}
if (debug)
BIO_printf(bio_err, "%s:%d: issuer and subject found\n",
__FILE__, __LINE__);
common:
/* create a self signed certificate for use with SCEP */
if (selfsigned(&scep) < 0) {
BIO_printf(bio_err, "%s:%d: failed to create self signed "
"certificate\n", __FILE__, __LINE__);
goto err;
}
if (debug)
BIO_printf(bio_err, "%s:%d: self signed certificate created\n",
__FILE__, __LINE__);
/* set the senderNonce */
scep.senderNonceLength = 16;
scep.senderNonce = (unsigned char *)malloc(scep.senderNonceLength);
RAND_bytes(scep.senderNonce, scep.senderNonceLength);
if (debug)
BIO_printf(bio_err, "%s:%d: senderNonce set\n", __FILE__,
__LINE__);
checkNonce = scep.senderNonce;
/* all messages sent from the client are base 64 encoded */
msg->base64 = 1;
/* encode */
if (encode(&scep) < 0) {
BIO_printf(bio_err, "%s:%d: encoding the request failed\n",
__FILE__, __LINE__);
goto err;
}
if (debug)
BIO_printf(bio_err, "%s:%d: encoded bytes: %d\n",
__FILE__, __LINE__, scep.request.length);
/* send the request to the server, read the reply */
repbio = getrequest(&scep);
if (repbio == NULL) {
BIO_printf(bio_err, "%s:%d: failed to read correct reply\n",
__FILE__, __LINE__);
goto err;
}
/* analyze the reply */
if (decode(&scep, repbio) < 0) {
BIO_printf(bio_err, "%s:%d: decoding the reply failed\n",
__FILE__, __LINE__);
goto err;
}
/* display some information about the reply */
printf("transaction id: %s\n", scep.transId);
printf("PKIstatus: %s\n", (scep.reply.pkiStatus)
? scep.reply.pkiStatus : "(null)");
printf("reply message type: %s\n", scep.reply.messageType);
if (scep.reply.failinfo) {
printf("failinfo: %s\n", scep.reply.failinfo);
}
/* make sure we get a CertRep message back */
if (strcmp(scep.reply.messageType, SCEP_MESSAGE_TYPE_CERTREP)) {
BIO_printf(bio_err, "%s:%d: only CertRep message acceptable "
" in response to PKCSReq/GetCertInitial\n",
__FILE__, __LINE__);
goto err;
}
/* check for the Nonces */
if (memcmp(checkNonce, scep.recipientNonce, 16)) {
BIO_printf(bio_err, "%s:%d: recipientNonce != sent "
"senderNonce\n", __FILE__, __LINE__);
goto err;
}
if (debug)
BIO_printf(bio_err, "%s:%d: Nonce check OK\n", __FILE__,
__LINE__);
if (scep.reply.pkiStatus == NULL) {
BIO_printf(bio_err, "no pkiStatus returned\n");
exit(1);
}
switch (atoi(scep.reply.pkiStatus)) {
case PKI_SUCCESS:
/* Success */
scep.clientcert = extract_cert(&scep);
if (debug)
BIO_printf(bio_err, "%s:%d: certificate returned %p\n",
__FILE__, __LINE__, scep.clientcert);
if (scep.clientcert) {
BIO *cb;
cb = BIO_new(BIO_s_file());
BIO_set_fp(cb, stdout, BIO_NOCLOSE);
PEM_write_bio_X509(cb, scep.clientcert);
BIO_free(cb);
}
exit(EXIT_SUCCESS);
break;
case PKI_FAILURE: /* Failure */
if (debug)
BIO_printf(bio_err, "%s:%d: request failed: %s\n",
__FILE__, __LINE__, scep.reply.failinfo);
exit(1);
break;
case PKI_PENDING: /* Pending */
if (debug)
BIO_printf(bio_err, "%s:%d: request still pending\n",
__FILE__, __LINE__);
exit(2);
break;
}
/* error return */
err:
ERR_print_errors(bio_err);
exit(EXIT_FAILURE);
}
int MAIN(int argc, char **argv)
{
X509_CRL *x=NULL;
char *CAfile = NULL, *CApath = NULL;
int ret=1,i,num,badops=0;
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
int fingerprint = 0;
char **pp,buf[256];
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
X509_LOOKUP *lookup = NULL;
X509_OBJECT xobj;
EVP_PKEY *pkey;
int do_ver = 0;
const EVP_MD *md_alg,*digest=EVP_md5();
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (bio_out == NULL)
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
{
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
#endif
}
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
argc--;
argv++;
num=0;
while (argc >= 1)
{
#ifdef undef
if (strcmp(*argv,"-p") == 0)
{
if (--argc < 1) goto bad;
if (!args_from_file(++argv,Nargc,Nargv)) {
goto end;
}*/
}
#endif
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-CApath") == 0)
{
if (--argc < 1) goto bad;
CApath = *(++argv);
do_ver = 1;
}
else if (strcmp(*argv,"-CAfile") == 0)
{
if (--argc < 1) goto bad;
CAfile = *(++argv);
do_ver = 1;
}
else if (strcmp(*argv,"-verify") == 0)
do_ver = 1;
else if (strcmp(*argv,"-text") == 0)
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
else if (strcmp(*argv,"-issuer") == 0)
issuer= ++num;
else if (strcmp(*argv,"-lastupdate") == 0)
lastupdate= ++num;
else if (strcmp(*argv,"-nextupdate") == 0)
nextupdate= ++num;
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-fingerprint") == 0)
fingerprint= ++num;
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
digest=md_alg;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
for (pp=crl_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,*pp);
goto end;
}
ERR_load_crypto_strings();
x=load_crl(infile,informat);
if (x == NULL) {
goto end;
}
if(do_ver) {
store = X509_STORE_new();
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
if (lookup == NULL) goto end;
if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
if (lookup == NULL) goto end;
if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
ERR_clear_error();
X509_STORE_CTX_init(&ctx, store, NULL, NULL);
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
X509_CRL_get_issuer(x), &xobj);
if(i <= 0) {
BIO_printf(bio_err,
"Error getting CRL issuer certificate\n");
goto end;
}
pkey = X509_get_pubkey(xobj.data.x509);
X509_OBJECT_free_contents(&xobj);
if(!pkey) {
BIO_printf(bio_err,
"Error getting CRL issuer public key\n");
goto end;
}
i = X509_CRL_verify(x, pkey);
EVP_PKEY_free(pkey);
if(i < 0) goto end;
if(i == 0) BIO_printf(bio_err, "verify failure\n");
else BIO_printf(bio_err, "verify OK\n");
}
if (num)
{
for (i=1; i<=num; i++)
{
if (issuer == i)
{
X509_NAME_oneline(X509_CRL_get_issuer(x),
buf,256);
BIO_printf(bio_out,"issuer= %s\n",buf);
}
if (hash == i)
{
BIO_printf(bio_out,"%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
if (lastupdate == i)
{
BIO_printf(bio_out,"lastUpdate=");
ASN1_TIME_print(bio_out,
X509_CRL_get_lastUpdate(x));
BIO_printf(bio_out,"\n");
}
if (nextupdate == i)
{
BIO_printf(bio_out,"nextUpdate=");
if (X509_CRL_get_nextUpdate(x))
ASN1_TIME_print(bio_out,
X509_CRL_get_nextUpdate(x));
else
BIO_printf(bio_out,"NONE");
BIO_printf(bio_out,"\n");
}
if (fingerprint == i)
{
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
if (!X509_CRL_digest(x,digest,md,&n))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
}
BIO_printf(bio_out,"%s Fingerprint=",
OBJ_nid2sn(EVP_MD_type(digest)));
for (j=0; j<(int)n; j++)
{
BIO_printf(bio_out,"%02X%c",md[j],
(j+1 == (int)n)
?'\n':':');
}
}
}
}
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (text) X509_CRL_print(out, x);
if (noout) goto end;
if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_CRL_bio(out,x);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_X509_CRL(out,x);
else
{
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err,"unable to write CRL\n");
goto end;
}
ret=0;
end:
BIO_free_all(out);
BIO_free_all(bio_out);
bio_out=NULL;
X509_CRL_free(x);
if(store) {
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
EXIT(ret);
}
int
dsaparam_main(int argc, char **argv)
{
DSA *dsa = NULL;
int i, badops = 0, text = 0;
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog;
int numbits = -1, num, genkey = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
#ifdef GENCB_TEST
const char *errstr = NULL;
int timebomb = 0;
#endif
if (!load_config(bio_err, NULL))
goto end;
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-inform") == 0) {
if (--argc < 1)
goto bad;
informat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-outform") == 0) {
if (--argc < 1)
goto bad;
outformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
infile = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outfile = *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
engine = *(++argv);
}
#endif
#ifdef GENCB_TEST
else if (strcmp(*argv, "-timebomb") == 0) {
if (--argc < 1)
goto bad;
timebomb = strtonum(*(++argv), 0, INT_MAX, &errstr);
if (errstr)
goto bad;
}
#endif
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-C") == 0)
C = 1;
else if (strcmp(*argv, "-genkey") == 0) {
genkey = 1;
} else if (strcmp(*argv, "-noout") == 0)
noout = 1;
else if (sscanf(*argv, "%d", &num) == 1) {
/* generate a key */
numbits = num;
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
}
argc--;
argv++;
}
if (badops) {
bad:
BIO_printf(bio_err, "%s [options] [bits] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err, " -text print as text\n");
BIO_printf(bio_err, " -C Output C code\n");
BIO_printf(bio_err, " -noout no output\n");
BIO_printf(bio_err, " -genkey generate a DSA key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
#endif
#ifdef GENCB_TEST
BIO_printf(bio_err, " -timebomb n interrupt keygen after <n> seconds\n");
#endif
BIO_printf(bio_err, " number number of bits to use for generating private key\n");
goto end;
}
ERR_load_crypto_strings();
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, infile) <= 0) {
perror(infile);
goto end;
}
}
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
if (BIO_write_filename(out, outfile) <= 0) {
perror(outfile);
goto end;
}
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if (numbits > 0) {
BN_GENCB cb;
BN_GENCB_set(&cb, dsa_cb, bio_err);
dsa = DSA_new();
if (!dsa) {
BIO_printf(bio_err, "Error allocating DSA object\n");
goto end;
}
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num);
BIO_printf(bio_err, "This could take some time\n");
#ifdef GENCB_TEST
if (timebomb > 0) {
struct sigaction act;
act.sa_handler = timebomb_sigalarm;
act.sa_flags = 0;
BIO_printf(bio_err, "(though I'll stop it if not done within %d secs)\n",
timebomb);
if (sigaction(SIGALRM, &act, NULL) != 0) {
BIO_printf(bio_err, "Error, couldn't set SIGALRM handler\n");
goto end;
}
alarm(timebomb);
}
#endif
if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, &cb)) {
#ifdef GENCB_TEST
if (stop_keygen_flag) {
BIO_printf(bio_err, "DSA key generation time-stopped\n");
/* This is an asked-for behaviour! */
ret = 0;
goto end;
}
#endif
ERR_print_errors(bio_err);
BIO_printf(bio_err, "Error, DSA key generation failed\n");
goto end;
}
} else if (informat == FORMAT_ASN1)
dsa = d2i_DSAparams_bio(in, NULL);
else if (informat == FORMAT_PEM)
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (text) {
DSAparams_print(out, dsa);
}
if (C) {
unsigned char *data;
int l, len, bits_p;
len = BN_num_bytes(dsa->p);
bits_p = BN_num_bits(dsa->p);
data = malloc(len + 20);
if (data == NULL) {
perror("malloc");
goto end;
}
l = BN_bn2bin(dsa->p, data);
printf("static unsigned char dsa%d_p[] = {", bits_p);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t");
printf("0x%02X, ", data[i]);
}
printf("\n\t};\n");
l = BN_bn2bin(dsa->q, data);
printf("static unsigned char dsa%d_q[] = {", bits_p);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t");
printf("0x%02X, ", data[i]);
}
printf("\n\t};\n");
l = BN_bn2bin(dsa->g, data);
printf("static unsigned char dsa%d_g[] = {", bits_p);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t");
printf("0x%02X, ", data[i]);
}
free(data);
printf("\n\t};\n\n");
printf("DSA *get_dsa%d()\n\t{\n", bits_p);
printf("\tDSA *dsa;\n\n");
printf("\tif ((dsa = DSA_new()) == NULL) return(NULL);\n");
printf("\tdsa->p = BN_bin2bn(dsa%d_p, sizeof(dsa%d_p), NULL);\n",
bits_p, bits_p);
printf("\tdsa->q = BN_bin2bn(dsa%d_q, sizeof(dsa%d_q), NULL);\n",
bits_p, bits_p);
printf("\tdsa->g = BN_bin2bn(dsa%d_g, sizeof(dsa%d_g), NULL);\n",
bits_p, bits_p);
printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
printf("\treturn(dsa);\n\t}\n");
}
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_DSAparams(out, dsa);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (genkey) {
DSA *dsakey;
if ((dsakey = DSAparams_dup(dsa)) == NULL)
goto end;
if (!DSA_generate_key(dsakey)) {
ERR_print_errors(bio_err);
DSA_free(dsakey);
goto end;
}
if (outformat == FORMAT_ASN1)
i = i2d_DSAPrivateKey_bio(out, dsakey);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL, NULL);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
DSA_free(dsakey);
goto end;
}
DSA_free(dsakey);
}
ret = 0;
end:
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
return (ret);
}
int
dhparam_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
char *num_bits = NULL;
DH *dh = NULL;
int num = 0;
int ret = 1;
int i;
if (single_execution) {
if (pledge("stdio rpath wpath cpath", NULL) == -1) {
perror("pledge");
exit(1);
}
}
memset(&dhparam_config, 0, sizeof(dhparam_config));
dhparam_config.informat = FORMAT_PEM;
dhparam_config.outformat = FORMAT_PEM;
if (options_parse(argc, argv, dhparam_options, &num_bits, NULL) != 0) {
dhparam_usage();
return (1);
}
if (num_bits != NULL) {
if(sscanf(num_bits, "%d", &num) == 0 || num <= 0) {
BIO_printf(bio_err, "invalid number of bits: %s\n",
num_bits);
return (1);
}
}
if (dhparam_config.g && !num)
num = DEFBITS;
if (dhparam_config.dsaparam) {
if (dhparam_config.g) {
BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
goto end;
}
} else {
/* DH parameters */
if (num && !dhparam_config.g)
dhparam_config.g = 2;
}
if (num) {
BN_GENCB cb;
BN_GENCB_set(&cb, dh_cb, bio_err);
if (dhparam_config.dsaparam) {
DSA *dsa = DSA_new();
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num);
if (!dsa || !DSA_generate_parameters_ex(dsa, num,
NULL, 0, NULL, NULL, &cb)) {
if (dsa)
DSA_free(dsa);
ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL) {
ERR_print_errors(bio_err);
goto end;
}
} else {
dh = DH_new();
BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, dhparam_config.g);
BIO_printf(bio_err, "This is going to take a long time\n");
if (!dh || !DH_generate_parameters_ex(dh, num, dhparam_config.g, &cb)) {
ERR_print_errors(bio_err);
goto end;
}
}
} else {
in = BIO_new(BIO_s_file());
if (in == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (dhparam_config.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, dhparam_config.infile) <= 0) {
perror(dhparam_config.infile);
goto end;
}
}
if (dhparam_config.informat != FORMAT_ASN1 &&
dhparam_config.informat != FORMAT_PEM) {
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
if (dhparam_config.dsaparam) {
DSA *dsa;
if (dhparam_config.informat == FORMAT_ASN1)
dsa = d2i_DSAparams_bio(in, NULL);
else /* informat == FORMAT_PEM */
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL) {
ERR_print_errors(bio_err);
goto end;
}
} else
{
if (dhparam_config.informat == FORMAT_ASN1)
dh = d2i_DHparams_bio(in, NULL);
else /* informat == FORMAT_PEM */
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
if (dh == NULL) {
BIO_printf(bio_err, "unable to load DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
/* dh != NULL */
}
out = BIO_new(BIO_s_file());
if (out == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (dhparam_config.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
if (BIO_write_filename(out, dhparam_config.outfile) <= 0) {
perror(dhparam_config.outfile);
goto end;
}
}
if (dhparam_config.text) {
DHparams_print(out, dh);
}
if (dhparam_config.check) {
if (!DH_check(dh, &i)) {
ERR_print_errors(bio_err);
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
printf("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
printf("the g value is not a generator\n");
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
if (dhparam_config.C) {
unsigned char *data;
int len, l, bits;
len = BN_num_bytes(dh->p);
bits = BN_num_bits(dh->p);
data = malloc(len);
if (data == NULL) {
perror("malloc");
goto end;
}
printf("#ifndef HEADER_DH_H\n"
"#include <openssl/dh.h>\n"
"#endif\n");
printf("DH *get_dh%d()\n\t{\n", bits);
l = BN_bn2bin(dh->p, data);
printf("\tstatic unsigned char dh%d_p[] = {", bits);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t\t");
printf("0x%02X, ", data[i]);
}
printf("\n\t\t};\n");
l = BN_bn2bin(dh->g, data);
printf("\tstatic unsigned char dh%d_g[] = {", bits);
for (i = 0; i < l; i++) {
if ((i % 12) == 0)
printf("\n\t\t");
printf("0x%02X, ", data[i]);
}
printf("\n\t\t};\n");
printf("\tDH *dh;\n\n");
printf("\tif ((dh = DH_new()) == NULL) return(NULL);\n");
printf("\tdh->p = BN_bin2bn(dh%d_p, sizeof(dh%d_p), NULL);\n",
bits, bits);
printf("\tdh->g = BN_bin2bn(dh%d_g, sizeof(dh%d_g), NULL);\n",
bits, bits);
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
printf("\t\t{ DH_free(dh); return(NULL); }\n");
if (dh->length)
printf("\tdh->length = %ld;\n", dh->length);
printf("\treturn(dh);\n\t}\n");
free(data);
}
if (!dhparam_config.noout) {
if (dhparam_config.outformat == FORMAT_ASN1)
i = i2d_DHparams_bio(out, dh);
else if (dhparam_config.outformat == FORMAT_PEM)
i = PEM_write_bio_DHparams(out, dh);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret = 0;
end:
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (dh != NULL)
DH_free(dh);
return (ret);
}
int MAIN(int argc, char **argv)
{
SSL_SESSION *x=NULL;
X509 *peer = NULL;
int ret=1,i,num,badops=0;
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL,*context=NULL;
int cert=0,noout=0,text=0;
const char **pp;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
argc--;
argv++;
num=0;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-text") == 0)
text= ++num;
else if (strcmp(*argv,"-cert") == 0)
cert= ++num;
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-context") == 0)
{
if(--argc < 1) goto bad;
context=*++argv;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
for (pp=sess_id_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,"%s",*pp);
goto end;
}
ERR_load_crypto_strings();
x=load_sess_id(infile,informat);
if (x == NULL) { goto end; }
peer = SSL_SESSION_get0_peer(x);
if(context)
{
size_t ctx_len = strlen(context);
if(ctx_len > SSL_MAX_SID_CTX_LENGTH)
{
BIO_printf(bio_err,"Context too long\n");
goto end;
}
SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
}
#ifdef undef
/* just testing for memory leaks :-) */
{
SSL_SESSION *s;
char buf[1024*10],*p;
int i;
s=SSL_SESSION_new();
p= &buf;
i=i2d_SSL_SESSION(x,&p);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
SSL_SESSION_free(s);
}
#endif
if (!noout || text)
{
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
}
if (text)
{
SSL_SESSION_print(out,x);
if (cert)
{
if (peer == NULL)
BIO_puts(out,"No certificate present\n");
else
X509_print(out,peer);
}
}
if (!noout && !cert)
{
if (outformat == FORMAT_ASN1)
i=i2d_SSL_SESSION_bio(out,x);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_SSL_SESSION(out,x);
else if (outformat == FORMAT_NSS)
i=SSL_SESSION_print_keylog(out,x);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err,"unable to write SSL_SESSION\n");
goto end;
}
}
else if (!noout && (peer != NULL)) /* just print the certificate */
{
if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_bio(out,peer);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_X509(out,peer);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err,"unable to write X509\n");
goto end;
}
}
ret=0;
end:
if (out != NULL) BIO_free_all(out);
if (x != NULL) SSL_SESSION_free(x);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int main(int argc, char *argv[])
{
BN_CTX *ctx;
BIO *out;
char *outfile=NULL;
results = 0;
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-results") == 0)
results=1;
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) break;
outfile= *(++argv);
}
argc--;
argv++;
}
ctx=BN_CTX_new();
if (ctx == NULL) exit(1);
out=BIO_new(BIO_s_file());
if (out == NULL) exit(1);
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
}
else
{
if (!BIO_write_filename(out,outfile))
{
perror(outfile);
exit(1);
}
}
if (!results)
BIO_puts(out,"obase=16\nibase=16\n");
message(out,"BN_add");
if (!test_add(out)) goto err;
(void)BIO_flush(out);
message(out,"BN_sub");
if (!test_sub(out)) goto err;
(void)BIO_flush(out);
message(out,"BN_lshift1");
if (!test_lshift1(out)) goto err;
(void)BIO_flush(out);
message(out,"BN_lshift (fixed)");
if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
goto err;
(void)BIO_flush(out);
message(out,"BN_lshift");
if (!test_lshift(out,ctx,NULL)) goto err;
(void)BIO_flush(out);
message(out,"BN_rshift1");
if (!test_rshift1(out)) goto err;
(void)BIO_flush(out);
message(out,"BN_rshift");
if (!test_rshift(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_sqr");
if (!test_sqr(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_mul");
if (!test_mul(out)) goto err;
(void)BIO_flush(out);
message(out,"BN_div");
if (!test_div(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_div_word");
if (!test_div_word(out)) goto err;
(void)BIO_flush(out);
message(out,"BN_div_recp");
if (!test_div_recp(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_mod");
if (!test_mod(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_mod_mul");
if (!test_mod_mul(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_mont");
if (!test_mont(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_mod_exp");
if (!test_mod_exp(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_mod_exp_mont_consttime");
if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_exp");
if (!test_exp(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_kronecker");
if (!test_kron(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_mod_sqrt");
if (!test_sqrt(out,ctx)) goto err;
(void)BIO_flush(out);
#ifndef OPENSSL_NO_EC2M
message(out,"BN_GF2m_add");
if (!test_gf2m_add(out)) goto err;
(void)BIO_flush(out);
message(out,"BN_GF2m_mod");
if (!test_gf2m_mod(out)) goto err;
(void)BIO_flush(out);
message(out,"BN_GF2m_mod_mul");
if (!test_gf2m_mod_mul(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_GF2m_mod_sqr");
if (!test_gf2m_mod_sqr(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_GF2m_mod_inv");
if (!test_gf2m_mod_inv(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_GF2m_mod_div");
if (!test_gf2m_mod_div(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_GF2m_mod_exp");
if (!test_gf2m_mod_exp(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_GF2m_mod_sqrt");
if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_GF2m_mod_solve_quad");
if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
(void)BIO_flush(out);
#endif
BN_CTX_free(ctx);
BIO_free(out);
/**/
exit(0);
err:
BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
* the failure, see test_bn in test/Makefile.ssl*/
(void)BIO_flush(out);
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
exit(1);
}
int
pkcs7_main(int argc, char **argv)
{
PKCS7 *p7 = NULL;
BIO *in = NULL, *out = NULL;
int ret = 1;
int i;
memset(&pkcs7_config, 0, sizeof(pkcs7_config));
pkcs7_config.informat = FORMAT_PEM;
pkcs7_config.outformat = FORMAT_PEM;
if (options_parse(argc, argv, pkcs7_options, NULL, NULL) != 0) {
pkcs7_usage();
goto end;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, pkcs7_config.engine, 0);
#endif
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (pkcs7_config.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, pkcs7_config.infile) <= 0) {
perror(pkcs7_config.infile);
goto end;
}
}
if (pkcs7_config.informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else if (pkcs7_config.informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
goto end;
}
if (p7 == NULL) {
BIO_printf(bio_err, "unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
}
if (pkcs7_config.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
if (BIO_write_filename(out, pkcs7_config.outfile) <= 0) {
perror(pkcs7_config.outfile);
goto end;
}
}
if (pkcs7_config.p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
if (pkcs7_config.print_certs) {
STACK_OF(X509) * certs = NULL;
STACK_OF(X509_CRL) * crls = NULL;
i = OBJ_obj2nid(p7->type);
switch (i) {
case NID_pkcs7_signed:
certs = p7->d.sign->cert;
crls = p7->d.sign->crl;
break;
case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
break;
default:
break;
}
if (certs != NULL) {
X509 *x;
for (i = 0; i < sk_X509_num(certs); i++) {
x = sk_X509_value(certs, i);
if (pkcs7_config.text)
X509_print(out, x);
else
dump_cert_text(out, x);
if (!pkcs7_config.noout)
PEM_write_bio_X509(out, x);
BIO_puts(out, "\n");
}
}
if (crls != NULL) {
X509_CRL *crl;
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
crl = sk_X509_CRL_value(crls, i);
X509_CRL_print(out, crl);
if (!pkcs7_config.noout)
PEM_write_bio_X509_CRL(out, crl);
BIO_puts(out, "\n");
}
}
ret = 0;
goto end;
}
if (!pkcs7_config.noout) {
if (pkcs7_config.outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else if (pkcs7_config.outformat == FORMAT_PEM)
i = PEM_write_bio_PKCS7(out, p7);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret = 0;
end:
if (p7 != NULL)
PKCS7_free(p7);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
return (ret);
}
