int MAIN(int argc, char **argv) { unsigned long nmflag = 0; X509_CRL *x = NULL; char *CAfile = NULL, *CApath = NULL; int ret = 1, i, num, badops = 0, badsig = 0; BIO *out = NULL; int informat, outformat, keyformat; char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0, text = 0; #ifndef OPENSSL_NO_MD5 int hash_old = 0; #endif int fingerprint = 0, crlnumber = 0; const char **pp; X509_STORE *store = NULL; X509_STORE_CTX ctx; X509_LOOKUP *lookup = NULL; X509_OBJECT xobj; EVP_PKEY *pkey; int do_ver = 0; const EVP_MD *md_alg, *digest = EVP_sha1(); apps_startup(); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; if (bio_out == NULL) if ((bio_out = BIO_new(BIO_s_file())) != NULL) { BIO_set_fp(bio_out, stdout, BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); bio_out = BIO_push(tmpbio, bio_out); } #endif } informat = FORMAT_PEM; outformat = FORMAT_PEM; keyformat = FORMAT_PEM; argc--; argv++; num = 0; while (argc >= 1) { #ifdef undef if (sgx_strcmp(*argv, "-p") == 0) { if (--argc < 1) goto bad; if (!args_from_file(++argv, Nargc, Nargv)) { goto end; } */} #endif if (sgx_strcmp(*argv, "-inform") == 0) { if (--argc < 1) goto bad; informat = str2fmt(*(++argv)); } else if (sgx_strcmp(*argv, "-outform") == 0) { if (--argc < 1) goto bad; outformat = str2fmt(*(++argv)); } else if (sgx_strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (sgx_strcmp(*argv, "-gendelta") == 0) { if (--argc < 1) goto bad; crldiff = *(++argv); } else if (sgx_strcmp(*argv, "-key") == 0) { if (--argc < 1) goto bad; keyfile = *(++argv); } else if (sgx_strcmp(*argv, "-keyform") == 0) { if (--argc < 1) goto bad; keyformat = str2fmt(*(++argv)); } else if (sgx_strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (sgx_strcmp(*argv, "-CApath") == 0) { if (--argc < 1) goto bad; CApath = *(++argv); do_ver = 1; } else if (sgx_strcmp(*argv, "-CAfile") == 0) { if (--argc < 1) goto bad; CAfile = *(++argv); do_ver = 1; } else if (sgx_strcmp(*argv, "-verify") == 0) do_ver = 1; else if (sgx_strcmp(*argv, "-text") == 0) text = 1; else if (sgx_strcmp(*argv, "-hash") == 0) hash = ++num; #ifndef OPENSSL_NO_MD5 else if (sgx_strcmp(*argv, "-hash_old") == 0) hash_old = ++num; #endif else if (sgx_strcmp(*argv, "-nameopt") == 0) { if (--argc < 1) goto bad; if (!set_name_ex(&nmflag, *(++argv))) goto bad; } else if (sgx_strcmp(*argv, "-issuer") == 0) issuer = ++num; else if (sgx_strcmp(*argv, "-lastupdate") == 0) lastupdate = ++num; else if (sgx_strcmp(*argv, "-nextupdate") == 0) nextupdate = ++num; else if (sgx_strcmp(*argv, "-noout") == 0) noout = ++num; else if (sgx_strcmp(*argv, "-fingerprint") == 0) fingerprint = ++num; else if (sgx_strcmp(*argv, "-crlnumber") == 0) crlnumber = ++num; else if (sgx_strcmp(*argv, "-badsig") == 0) badsig = 1; else if ((md_alg = EVP_get_digestbyname(*argv + 1))) { /* ok */ digest = md_alg; } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: for (pp = crl_usage; (*pp != NULL); pp++) BIO_printf(bio_err, "%s", *pp); goto end; } ERR_load_crypto_strings(); x = load_crl(infile, informat); if (x == NULL) { goto end; } if (do_ver) { store = X509_STORE_new(); lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) goto end; if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); if (lookup == NULL) goto end; if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); ERR_clear_error(); if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { BIO_printf(bio_err, "Error initialising X509 store\n"); goto end; } i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, X509_CRL_get_issuer(x), &xobj); if (i <= 0) { BIO_printf(bio_err, "Error getting CRL issuer certificate\n"); goto end; } pkey = X509_get_pubkey(xobj.data.x509); X509_OBJECT_free_contents(&xobj); if (!pkey) { BIO_printf(bio_err, "Error getting CRL issuer public key\n"); goto end; } i = X509_CRL_verify(x, pkey); EVP_PKEY_free(pkey); if (i < 0) goto end; if (i == 0) BIO_printf(bio_err, "verify failure\n"); else BIO_printf(bio_err, "verify OK\n"); } if (crldiff) { X509_CRL *newcrl, *delta; if (!keyfile) { BIO_puts(bio_err, "Missing CRL signing key\n"); goto end; } newcrl = load_crl(crldiff, informat); if (!newcrl) goto end; pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL, "CRL signing key"); if (!pkey) { X509_CRL_free(newcrl); goto end; } delta = X509_CRL_diff(x, newcrl, pkey, digest, 0); X509_CRL_free(newcrl); EVP_PKEY_free(pkey); if (delta) { X509_CRL_free(x); x = delta; } else { BIO_puts(bio_err, "Error creating delta CRL\n"); goto end; } } if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); } if (crlnumber == i) { ASN1_INTEGER *crlnum; crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL); BIO_printf(bio_out, "crlNumber="); if (crlnum) { i2a_ASN1_INTEGER(bio_out, crlnum); ASN1_INTEGER_free(crlnum); } else BIO_puts(bio_out, "<NONE>"); BIO_printf(bio_out, "\n"); } if (hash == i) { BIO_printf(bio_out, "%08lx\n", X509_NAME_hash(X509_CRL_get_issuer(x))); } #ifndef OPENSSL_NO_MD5 if (hash_old == i) { BIO_printf(bio_out, "%08lx\n", X509_NAME_hash_old(X509_CRL_get_issuer(x))); } #endif if (lastupdate == i) { BIO_printf(bio_out, "lastUpdate="); ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x)); BIO_printf(bio_out, "\n"); } if (nextupdate == i) { BIO_printf(bio_out, "nextUpdate="); if (X509_CRL_get_nextUpdate(x)) ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x)); else BIO_printf(bio_out, "NONE"); BIO_printf(bio_out, "\n"); } if (fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; if (!X509_CRL_digest(x, digest, md, &n)) { BIO_printf(bio_err, "out of memory\n"); goto end; } BIO_printf(bio_out, "%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(digest))); for (j = 0; j < (int)n; j++) { BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':'); } } } } out = BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; } } if (text) X509_CRL_print(out, x); if (noout) { ret = 0; goto end; } if (badsig) x->signature->data[x->signature->length - 1] ^= 0x1; if (outformat == FORMAT_ASN1) i = (int)i2d_X509_CRL_bio(out, x); else if (outformat == FORMAT_PEM) i = PEM_write_bio_X509_CRL(out, x); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write CRL\n"); goto end; } ret = 0; end: if (ret != 0) ERR_print_errors(bio_err); BIO_free_all(out); BIO_free_all(bio_out); bio_out = NULL; X509_CRL_free(x); if (store) { X509_STORE_CTX_cleanup(&ctx); X509_STORE_free(store); } apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN (int argc, char **argv) { ENGINE *e = NULL; int ret = 1; X509_REQ *req = NULL; X509 *x = NULL, *xca = NULL; ASN1_OBJECT *objtmp; STACK_OF (OPENSSL_STRING) * sigopts = NULL; EVP_PKEY *Upkey = NULL, *CApkey = NULL; ASN1_INTEGER *sno = NULL; int i, num, badops = 0; BIO *out = NULL; BIO *STDout = NULL; STACK_OF (ASN1_OBJECT) * trust = NULL, *reject = NULL; int informat, outformat, keyformat, CAformat, CAkeyformat; char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL; char *CAkeyfile = NULL, *CAserial = NULL; char *alias = NULL; int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0, enddate = 0; int next_serial = 0; int subject_hash = 0, issuer_hash = 0, ocspid = 0; #ifndef OPENSSL_NO_MD5 int subject_hash_old = 0, issuer_hash_old = 0; #endif int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0; int ocsp_uri = 0; int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0; int C = 0; int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0; int pprint = 0; const char **pp; X509_STORE *ctx = NULL; X509_REQ *rq = NULL; int fingerprint = 0; char buf[256]; const EVP_MD *md_alg, *digest = NULL; CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; int checkend = 0, checkoffset = 0; unsigned long nmflag = 0, certflag = 0; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif reqfile = 0; apps_startup (); if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); if (!load_config (bio_err, NULL)) goto end; STDout = BIO_new_fp (stdout, BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new (BIO_f_linebuffer ()); STDout = BIO_push (tmpbio, STDout); } #endif informat = FORMAT_PEM; outformat = FORMAT_PEM; keyformat = FORMAT_PEM; CAformat = FORMAT_PEM; CAkeyformat = FORMAT_PEM; ctx = X509_STORE_new (); if (ctx == NULL) goto end; X509_STORE_set_verify_cb (ctx, callb); argc--; argv++; num = 0; while (argc >= 1) { if (strcmp (*argv, "-inform") == 0) { if (--argc < 1) goto bad; informat = str2fmt (*(++argv)); } else if (strcmp (*argv, "-outform") == 0) { if (--argc < 1) goto bad; outformat = str2fmt (*(++argv)); } else if (strcmp (*argv, "-keyform") == 0) { if (--argc < 1) goto bad; keyformat = str2fmt (*(++argv)); } else if (strcmp (*argv, "-req") == 0) { reqfile = 1; need_rand = 1; } else if (strcmp (*argv, "-CAform") == 0) { if (--argc < 1) goto bad; CAformat = str2fmt (*(++argv)); } else if (strcmp (*argv, "-CAkeyform") == 0) { if (--argc < 1) goto bad; CAkeyformat = str2fmt (*(++argv)); } else if (strcmp (*argv, "-sigopt") == 0) { if (--argc < 1) goto bad; if (!sigopts) sigopts = sk_OPENSSL_STRING_new_null (); if (!sigopts || !sk_OPENSSL_STRING_push (sigopts, *(++argv))) goto bad; } else if (strcmp (*argv, "-days") == 0) { if (--argc < 1) goto bad; days = atoi (*(++argv)); if (days == 0) { BIO_printf (bio_err, "bad number of days\n"); goto bad; } } else if (strcmp (*argv, "-passin") == 0) { if (--argc < 1) goto bad; passargin = *(++argv); } else if (strcmp (*argv, "-extfile") == 0) { if (--argc < 1) goto bad; extfile = *(++argv); } else if (strcmp (*argv, "-extensions") == 0) { if (--argc < 1) goto bad; extsect = *(++argv); } else if (strcmp (*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (strcmp (*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (strcmp (*argv, "-signkey") == 0) { if (--argc < 1) goto bad; keyfile = *(++argv); sign_flag = ++num; need_rand = 1; } else if (strcmp (*argv, "-CA") == 0) { if (--argc < 1) goto bad; CAfile = *(++argv); CA_flag = ++num; need_rand = 1; } else if (strcmp (*argv, "-CAkey") == 0) { if (--argc < 1) goto bad; CAkeyfile = *(++argv); } else if (strcmp (*argv, "-CAserial") == 0) { if (--argc < 1) goto bad; CAserial = *(++argv); } else if (strcmp (*argv, "-set_serial") == 0) { if (--argc < 1) goto bad; if (!(sno = s2i_ASN1_INTEGER (NULL, *(++argv)))) goto bad; } else if (strcmp (*argv, "-addtrust") == 0) { if (--argc < 1) goto bad; if (!(objtmp = OBJ_txt2obj (*(++argv), 0))) { BIO_printf (bio_err, "Invalid trust object value %s\n", *argv); goto bad; } if (!trust) trust = sk_ASN1_OBJECT_new_null (); sk_ASN1_OBJECT_push (trust, objtmp); trustout = 1; } else if (strcmp (*argv, "-addreject") == 0) { if (--argc < 1) goto bad; if (!(objtmp = OBJ_txt2obj (*(++argv), 0))) { BIO_printf (bio_err, "Invalid reject object value %s\n", *argv); goto bad; } if (!reject) reject = sk_ASN1_OBJECT_new_null (); sk_ASN1_OBJECT_push (reject, objtmp); trustout = 1; } else if (strcmp (*argv, "-setalias") == 0) { if (--argc < 1) goto bad; alias = *(++argv); trustout = 1; } else if (strcmp (*argv, "-certopt") == 0) { if (--argc < 1) goto bad; if (!set_cert_ex (&certflag, *(++argv))) goto bad; } else if (strcmp (*argv, "-nameopt") == 0) { if (--argc < 1) goto bad; if (!set_name_ex (&nmflag, *(++argv))) goto bad; } #ifndef OPENSSL_NO_ENGINE else if (strcmp (*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } #endif else if (strcmp (*argv, "-C") == 0) C = ++num; else if (strcmp (*argv, "-email") == 0) email = ++num; else if (strcmp (*argv, "-ocsp_uri") == 0) ocsp_uri = ++num; else if (strcmp (*argv, "-serial") == 0) serial = ++num; else if (strcmp (*argv, "-next_serial") == 0) next_serial = ++num; else if (strcmp (*argv, "-modulus") == 0) modulus = ++num; else if (strcmp (*argv, "-pubkey") == 0) pubkey = ++num; else if (strcmp (*argv, "-x509toreq") == 0) x509req = ++num; else if (strcmp (*argv, "-text") == 0) text = ++num; else if (strcmp (*argv, "-hash") == 0 || strcmp (*argv, "-subject_hash") == 0) subject_hash = ++num; #ifndef OPENSSL_NO_MD5 else if (strcmp (*argv, "-subject_hash_old") == 0) subject_hash_old = ++num; #endif else if (strcmp (*argv, "-issuer_hash") == 0) issuer_hash = ++num; #ifndef OPENSSL_NO_MD5 else if (strcmp (*argv, "-issuer_hash_old") == 0) issuer_hash_old = ++num; #endif else if (strcmp (*argv, "-subject") == 0) subject = ++num; else if (strcmp (*argv, "-issuer") == 0) issuer = ++num; else if (strcmp (*argv, "-fingerprint") == 0) fingerprint = ++num; else if (strcmp (*argv, "-dates") == 0) { startdate = ++num; enddate = ++num; } else if (strcmp (*argv, "-purpose") == 0) pprint = ++num; else if (strcmp (*argv, "-startdate") == 0) startdate = ++num; else if (strcmp (*argv, "-enddate") == 0) enddate = ++num; else if (strcmp (*argv, "-checkend") == 0) { if (--argc < 1) goto bad; checkoffset = atoi (*(++argv)); checkend = 1; } else if (strcmp (*argv, "-noout") == 0) noout = ++num; else if (strcmp (*argv, "-trustout") == 0) trustout = 1; else if (strcmp (*argv, "-clrtrust") == 0) clrtrust = ++num; else if (strcmp (*argv, "-clrreject") == 0) clrreject = ++num; else if (strcmp (*argv, "-alias") == 0) aliasout = ++num; else if (strcmp (*argv, "-CAcreateserial") == 0) CA_createserial = ++num; else if (strcmp (*argv, "-clrext") == 0) clrext = 1; #if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */ else if (strcmp (*argv, "-crlext") == 0) { BIO_printf (bio_err, "use -clrext instead of -crlext\n"); clrext = 1; } #endif else if (strcmp (*argv, "-ocspid") == 0) ocspid = ++num; else if ((md_alg = EVP_get_digestbyname (*argv + 1))) { /* ok */ digest = md_alg; } else { BIO_printf (bio_err, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: for (pp = x509_usage; (*pp != NULL); pp++) BIO_printf (bio_err, "%s", *pp); goto end; } #ifndef OPENSSL_NO_ENGINE e = setup_engine (bio_err, engine, 0); #endif if (need_rand) app_RAND_load_file (NULL, bio_err, 0); ERR_load_crypto_strings (); if (!app_passwd (bio_err, passargin, NULL, &passin, NULL)) { BIO_printf (bio_err, "Error getting password\n"); goto end; } if (!X509_STORE_set_default_paths (ctx)) { ERR_print_errors (bio_err); goto end; } if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) { CAkeyfile = CAfile; } else if ((CA_flag) && (CAkeyfile == NULL)) { BIO_printf (bio_err, "need to specify a CAkey if using the CA command\n"); goto end; } if (extfile) { long errorline = -1; X509V3_CTX ctx2; extconf = NCONF_new (NULL); if (!NCONF_load (extconf, extfile, &errorline)) { if (errorline <= 0) BIO_printf (bio_err, "error loading the config file '%s'\n", extfile); else BIO_printf (bio_err, "error on line %ld of config file '%s'\n", errorline, extfile); goto end; } if (!extsect) { extsect = NCONF_get_string (extconf, "default", "extensions"); if (!extsect) { ERR_clear_error (); extsect = "default"; } } X509V3_set_ctx_test (&ctx2); X509V3_set_nconf (&ctx2, extconf); if (!X509V3_EXT_add_nconf (extconf, &ctx2, extsect, NULL)) { BIO_printf (bio_err, "Error Loading extension section %s\n", extsect); ERR_print_errors (bio_err); goto end; } } if (reqfile) { EVP_PKEY *pkey; BIO *in; if (!sign_flag && !CA_flag) { BIO_printf (bio_err, "We need a private key to sign with\n"); goto end; } in = BIO_new (BIO_s_file ()); if (in == NULL) { ERR_print_errors (bio_err); goto end; } if (infile == NULL) BIO_set_fp (in, stdin, BIO_NOCLOSE | BIO_FP_TEXT); else { if (BIO_read_filename (in, infile) <= 0) { perror (infile); BIO_free (in); goto end; } } req = PEM_read_bio_X509_REQ (in, NULL, NULL, NULL); BIO_free (in); if (req == NULL) { ERR_print_errors (bio_err); goto end; } if ((req->req_info == NULL) || (req->req_info->pubkey == NULL) || (req->req_info->pubkey->public_key == NULL) || (req->req_info->pubkey->public_key->data == NULL)) { BIO_printf (bio_err, "The certificate request appears to corrupted\n"); BIO_printf (bio_err, "It does not contain a public key\n"); goto end; } if ((pkey = X509_REQ_get_pubkey (req)) == NULL) { BIO_printf (bio_err, "error unpacking public key\n"); goto end; } i = X509_REQ_verify (req, pkey); EVP_PKEY_free (pkey); if (i < 0) { BIO_printf (bio_err, "Signature verification error\n"); ERR_print_errors (bio_err); goto end; } if (i == 0) { BIO_printf (bio_err, "Signature did not match the certificate request\n"); goto end; } else BIO_printf (bio_err, "Signature ok\n"); print_name (bio_err, "subject=", X509_REQ_get_subject_name (req), nmflag); if ((x = X509_new ()) == NULL) goto end; if (sno == NULL) { sno = ASN1_INTEGER_new (); if (!sno || !rand_serial (NULL, sno)) goto end; if (!X509_set_serialNumber (x, sno)) goto end; ASN1_INTEGER_free (sno); sno = NULL; } else if (!X509_set_serialNumber (x, sno)) goto end; if (!X509_set_issuer_name (x, req->req_info->subject)) goto end; if (!X509_set_subject_name (x, req->req_info->subject)) goto end; X509_gmtime_adj (X509_get_notBefore (x), 0); X509_time_adj_ex (X509_get_notAfter (x), days, 0, NULL); pkey = X509_REQ_get_pubkey (req); X509_set_pubkey (x, pkey); EVP_PKEY_free (pkey); } else x = load_cert (bio_err, infile, informat, NULL, e, "Certificate"); if (x == NULL) goto end; if (CA_flag) { xca = load_cert (bio_err, CAfile, CAformat, NULL, e, "CA Certificate"); if (xca == NULL) goto end; } if (!noout || text || next_serial) { OBJ_create ("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); out = BIO_new (BIO_s_file ()); if (out == NULL) { ERR_print_errors (bio_err); goto end; } if (outfile == NULL) { BIO_set_fp (out, stdout, BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new (BIO_f_linebuffer ()); out = BIO_push (tmpbio, out); } #endif } else { if (BIO_write_filename (out, outfile) <= 0) { perror (outfile); goto end; } } } if (alias) X509_alias_set1 (x, (unsigned char *) alias, -1); if (clrtrust) X509_trust_clear (x); if (clrreject) X509_reject_clear (x); if (trust) { for (i = 0; i < sk_ASN1_OBJECT_num (trust); i++) { objtmp = sk_ASN1_OBJECT_value (trust, i); X509_add1_trust_object (x, objtmp); } } if (reject) { for (i = 0; i < sk_ASN1_OBJECT_num (reject); i++) { objtmp = sk_ASN1_OBJECT_value (reject, i); X509_add1_reject_object (x, objtmp); } } if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { print_name (STDout, "issuer= ", X509_get_issuer_name (x), nmflag); } else if (subject == i) { print_name (STDout, "subject= ", X509_get_subject_name (x), nmflag); } else if (serial == i) { BIO_printf (STDout, "serial="); i2a_ASN1_INTEGER (STDout, X509_get_serialNumber (x)); BIO_printf (STDout, "\n"); } else if (next_serial == i) { BIGNUM *bnser; ASN1_INTEGER *ser; ser = X509_get_serialNumber (x); bnser = ASN1_INTEGER_to_BN (ser, NULL); if (!bnser) goto end; if (!BN_add_word (bnser, 1)) goto end; ser = BN_to_ASN1_INTEGER (bnser, NULL); if (!ser) goto end; BN_free (bnser); i2a_ASN1_INTEGER (out, ser); ASN1_INTEGER_free (ser); BIO_puts (out, "\n"); } else if ((email == i) || (ocsp_uri == i)) { int j; STACK_OF (OPENSSL_STRING) * emlst; if (email == i) emlst = X509_get1_email (x); else emlst = X509_get1_ocsp (x); for (j = 0; j < sk_OPENSSL_STRING_num (emlst); j++) BIO_printf (STDout, "%s\n", sk_OPENSSL_STRING_value (emlst, j)); X509_email_free (emlst); } else if (aliasout == i) { unsigned char *alstr; alstr = X509_alias_get0 (x, NULL); if (alstr) BIO_printf (STDout, "%s\n", alstr); else BIO_puts (STDout, "<No Alias>\n"); } else if (subject_hash == i) { BIO_printf (STDout, "%08lx\n", X509_subject_name_hash (x)); } #ifndef OPENSSL_NO_MD5 else if (subject_hash_old == i) { BIO_printf (STDout, "%08lx\n", X509_subject_name_hash_old (x)); } #endif else if (issuer_hash == i) { BIO_printf (STDout, "%08lx\n", X509_issuer_name_hash (x)); } #ifndef OPENSSL_NO_MD5 else if (issuer_hash_old == i) { BIO_printf (STDout, "%08lx\n", X509_issuer_name_hash_old (x)); } #endif else if (pprint == i) { X509_PURPOSE *ptmp; int j; BIO_printf (STDout, "Certificate purposes:\n"); for (j = 0; j < X509_PURPOSE_get_count (); j++) { ptmp = X509_PURPOSE_get0 (j); purpose_print (STDout, x, ptmp); } } else if (modulus == i) { EVP_PKEY *pkey; pkey = X509_get_pubkey (x); if (pkey == NULL) { BIO_printf (bio_err, "Modulus=unavailable\n"); ERR_print_errors (bio_err); goto end; } BIO_printf (STDout, "Modulus="); #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) BN_print (STDout, pkey->pkey.rsa->n); else #endif #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) BN_print (STDout, pkey->pkey.dsa->pub_key); else #endif BIO_printf (STDout, "Wrong Algorithm type"); BIO_printf (STDout, "\n"); EVP_PKEY_free (pkey); } else if (pubkey == i) { EVP_PKEY *pkey; pkey = X509_get_pubkey (x); if (pkey == NULL) { BIO_printf (bio_err, "Error getting public key\n"); ERR_print_errors (bio_err); goto end; } PEM_write_bio_PUBKEY (STDout, pkey); EVP_PKEY_free (pkey); } else if (C == i) { unsigned char *d; char *m; int y, z; X509_NAME_oneline (X509_get_subject_name (x), buf, sizeof buf); BIO_printf (STDout, "/* subject:%s */\n", buf); m = X509_NAME_oneline (X509_get_issuer_name (x), buf, sizeof buf); BIO_printf (STDout, "/* issuer :%s */\n", buf); z = i2d_X509 (x, NULL); m = OPENSSL_malloc (z); d = (unsigned char *) m; z = i2d_X509_NAME (X509_get_subject_name (x), &d); BIO_printf (STDout, "unsigned char XXX_subject_name[%d]={\n", z); d = (unsigned char *) m; for (y = 0; y < z; y++) { BIO_printf (STDout, "0x%02X,", d[y]); if ((y & 0x0f) == 0x0f) BIO_printf (STDout, "\n"); } if (y % 16 != 0) BIO_printf (STDout, "\n"); BIO_printf (STDout, "};\n"); z = i2d_X509_PUBKEY (X509_get_X509_PUBKEY (x), &d); BIO_printf (STDout, "unsigned char XXX_public_key[%d]={\n", z); d = (unsigned char *) m; for (y = 0; y < z; y++) { BIO_printf (STDout, "0x%02X,", d[y]); if ((y & 0x0f) == 0x0f) BIO_printf (STDout, "\n"); } if (y % 16 != 0) BIO_printf (STDout, "\n"); BIO_printf (STDout, "};\n"); z = i2d_X509 (x, &d); BIO_printf (STDout, "unsigned char XXX_certificate[%d]={\n", z); d = (unsigned char *) m; for (y = 0; y < z; y++) { BIO_printf (STDout, "0x%02X,", d[y]); if ((y & 0x0f) == 0x0f) BIO_printf (STDout, "\n"); } if (y % 16 != 0) BIO_printf (STDout, "\n"); BIO_printf (STDout, "};\n"); OPENSSL_free (m); } else if (text == i) { X509_print_ex (STDout, x, nmflag, certflag); } else if (startdate == i) { BIO_puts (STDout, "notBefore="); ASN1_TIME_print (STDout, X509_get_notBefore (x)); BIO_puts (STDout, "\n"); } else if (enddate == i) { BIO_puts (STDout, "notAfter="); ASN1_TIME_print (STDout, X509_get_notAfter (x)); BIO_puts (STDout, "\n"); } else if (fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; const EVP_MD *fdig = digest; if (!fdig) fdig = EVP_sha1 (); if (!X509_digest (x, fdig, md, &n)) { BIO_printf (bio_err, "out of memory\n"); goto end; } BIO_printf (STDout, "%s Fingerprint=", OBJ_nid2sn (EVP_MD_type (fdig))); for (j = 0; j < (int) n; j++) { BIO_printf (STDout, "%02X%c", md[j], (j + 1 == (int) n) ? '\n' : ':'); } } /* should be in the library */ else if ((sign_flag == i) && (x509req == 0)) { BIO_printf (bio_err, "Getting Private key\n"); if (Upkey == NULL) { Upkey = load_key (bio_err, keyfile, keyformat, 0, passin, e, "Private key"); if (Upkey == NULL) goto end; } assert (need_rand); if (!sign (x, Upkey, days, clrext, digest, extconf, extsect)) goto end; } else if (CA_flag == i) { BIO_printf (bio_err, "Getting CA Private Key\n"); if (CAkeyfile != NULL) { CApkey = load_key (bio_err, CAkeyfile, CAkeyformat, 0, passin, e, "CA Private Key"); if (CApkey == NULL) goto end; } assert (need_rand); if (!x509_certify (ctx, CAfile, digest, x, xca, CApkey, sigopts, CAserial, CA_createserial, days, clrext, extconf, extsect, sno)) goto end; } else if (x509req == i) { EVP_PKEY *pk; BIO_printf (bio_err, "Getting request Private Key\n"); if (keyfile == NULL) { BIO_printf (bio_err, "no request key file specified\n"); goto end; } else { pk = load_key (bio_err, keyfile, keyformat, 0, passin, e, "request key"); if (pk == NULL) goto end; } BIO_printf (bio_err, "Generating certificate request\n"); rq = X509_to_X509_REQ (x, pk, digest); EVP_PKEY_free (pk); if (rq == NULL) { ERR_print_errors (bio_err); goto end; } if (!noout) { X509_REQ_print (out, rq); PEM_write_bio_X509_REQ (out, rq); } noout = 1; } else if (ocspid == i) { X509_ocspid_print (out, x); } } } if (checkend) { time_t tcheck = time (NULL) + checkoffset; if (X509_cmp_time (X509_get_notAfter (x), &tcheck) < 0) { BIO_printf (out, "Certificate will expire\n"); ret = 1; } else { BIO_printf (out, "Certificate will not expire\n"); ret = 0; } goto end; } if (noout) { ret = 0; goto end; } if (outformat == FORMAT_ASN1) i = i2d_X509_bio (out, x); else if (outformat == FORMAT_PEM) { if (trustout) i = PEM_write_bio_X509_AUX (out, x); else i = PEM_write_bio_X509 (out, x); } else if (outformat == FORMAT_NETSCAPE) { NETSCAPE_X509 nx; ASN1_OCTET_STRING hdr; hdr.data = (unsigned char *) NETSCAPE_CERT_HDR; hdr.length = strlen (NETSCAPE_CERT_HDR); nx.header = &hdr; nx.cert = x; i = ASN1_item_i2d_bio (ASN1_ITEM_rptr (NETSCAPE_X509), out, &nx); } else { BIO_printf (bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf (bio_err, "unable to write certificate\n"); ERR_print_errors (bio_err); goto end; } ret = 0; end: if (need_rand) app_RAND_write_file (NULL, bio_err); OBJ_cleanup (); NCONF_free (extconf); BIO_free_all (out); BIO_free_all (STDout); X509_STORE_free (ctx); X509_REQ_free (req); X509_free (x); X509_free (xca); EVP_PKEY_free (Upkey); EVP_PKEY_free (CApkey); if (sigopts) sk_OPENSSL_STRING_free (sigopts); X509_REQ_free (rq); ASN1_INTEGER_free (sno); sk_ASN1_OBJECT_pop_free (trust, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free (reject, ASN1_OBJECT_free); if (passin) OPENSSL_free (passin); apps_shutdown (); OPENSSL_EXIT (ret); }
int MAIN(int argc, char **argv) { int ret = 1; EC_KEY *eckey = NULL; const EC_GROUP *group; int i, badops = 0; const EVP_CIPHER *enc = NULL; BIO *in = NULL, *out = NULL; int informat, outformat, text = 0, noout = 0; int pubin = 0, pubout = 0, param_out = 0; char *infile, *outfile, *prog, *engine; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; int new_form = 0; int asn1_flag = OPENSSL_EC_NAMED_CURVE; int new_asn1_flag = 0; apps_startup(); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; engine = NULL; infile = NULL; outfile = NULL; informat = FORMAT_PEM; outformat = FORMAT_PEM; prog = argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv, "-inform") == 0) { if (--argc < 1) goto bad; informat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) { if (--argc < 1) goto bad; outformat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (strcmp(*argv, "-passin") == 0) { if (--argc < 1) goto bad; passargin = *(++argv); } else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; passargout = *(++argv); } else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-conv_form") == 0) { if (--argc < 1) goto bad; ++argv; new_form = 1; if (strcmp(*argv, "compressed") == 0) form = POINT_CONVERSION_COMPRESSED; else if (strcmp(*argv, "uncompressed") == 0) form = POINT_CONVERSION_UNCOMPRESSED; else if (strcmp(*argv, "hybrid") == 0) form = POINT_CONVERSION_HYBRID; else goto bad; } else if (strcmp(*argv, "-param_enc") == 0) { if (--argc < 1) goto bad; ++argv; new_asn1_flag = 1; if (strcmp(*argv, "named_curve") == 0) asn1_flag = OPENSSL_EC_NAMED_CURVE; else if (strcmp(*argv, "explicit") == 0) asn1_flag = 0; else goto bad; } else if (strcmp(*argv, "-param_out") == 0) param_out = 1; else if (strcmp(*argv, "-pubin") == 0) pubin = 1; else if (strcmp(*argv, "-pubout") == 0) pubout = 1; else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, " -inform arg input format - " "DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - " "DER or PEM\n"); BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -passin arg input file pass " "phrase source\n"); BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -passout arg output file pass " "phrase source\n"); BIO_printf(bio_err, " -engine e use engine e, " "possibly a hardware device.\n"); BIO_printf(bio_err, " -des encrypt PEM output, " "instead of 'des' every other \n" " cipher " "supported by OpenSSL can be used\n"); BIO_printf(bio_err, " -text print the key\n"); BIO_printf(bio_err, " -noout don't print key out\n"); BIO_printf(bio_err, " -param_out print the elliptic " "curve parameters\n"); BIO_printf(bio_err, " -conv_form arg specifies the " "point conversion form \n"); BIO_printf(bio_err, " possible values:" " compressed\n"); BIO_printf(bio_err, " " " uncompressed (default)\n"); BIO_printf(bio_err, " " " hybrid\n"); BIO_printf(bio_err, " -param_enc arg specifies the way" " the ec parameters are encoded\n"); BIO_printf(bio_err, " in the asn1 der " "encoding\n"); BIO_printf(bio_err, " possible values:" " named_curve (default)\n"); BIO_printf(bio_err, " " "explicit\n"); goto end; } ERR_load_crypto_strings(); # ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); # endif if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename(in, infile) <= 0) { perror(infile); goto end; } } BIO_printf(bio_err, "read EC key\n"); if (informat == FORMAT_ASN1) { if (pubin) eckey = d2i_EC_PUBKEY_bio(in, NULL); else eckey = d2i_ECPrivateKey_bio(in, NULL); } else if (informat == FORMAT_PEM) { if (pubin) eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL); else eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin); } else { BIO_printf(bio_err, "bad input format specified for key\n"); goto end; } if (eckey == NULL) { BIO_printf(bio_err, "unable to load Key\n"); ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); # ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } # endif } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; } } group = EC_KEY_get0_group(eckey); if (new_form) EC_KEY_set_conv_form(eckey, form); if (new_asn1_flag) EC_KEY_set_asn1_flag(eckey, asn1_flag); if (text) if (!EC_KEY_print(out, eckey, 0)) { perror(outfile); ERR_print_errors(bio_err); goto end; } if (noout) { ret = 0; goto end; } BIO_printf(bio_err, "writing EC key\n"); if (outformat == FORMAT_ASN1) { if (param_out) i = i2d_ECPKParameters_bio(out, group); else if (pubin || pubout) i = i2d_EC_PUBKEY_bio(out, eckey); else i = i2d_ECPrivateKey_bio(out, eckey); } else if (outformat == FORMAT_PEM) { if (param_out) i = PEM_write_bio_ECPKParameters(out, group); else if (pubin || pubout) i = PEM_write_bio_EC_PUBKEY(out, eckey); else i = PEM_write_bio_ECPrivateKey(out, eckey, enc, NULL, 0, NULL, passout); } else { BIO_printf(bio_err, "bad output format specified for " "outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write private key\n"); ERR_print_errors(bio_err); } else ret = 0; end: if (in) BIO_free(in); if (out) BIO_free_all(out); if (eckey) EC_KEY_free(eckey); if (passin) OPENSSL_free(passin); if (passout) OPENSSL_free(passout); apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { BN_GENCB cb; # ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; # endif int ret = 1; int i, num = DEFBITS; long l; const EVP_CIPHER *enc = NULL; unsigned long f4 = RSA_F4; char *outfile = NULL; char *passargout = NULL, *passout = NULL; # ifndef OPENSSL_NO_ENGINE char *engine = NULL; # endif char *inrand = NULL; BIO *out = NULL; BIGNUM *bn = BN_new(); RSA *rsa = NULL; if (!bn) goto err; apps_startup(); BN_GENCB_set(&cb, genrsa_cb, bio_err); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto err; if ((out = BIO_new(BIO_s_file())) == NULL) { BIO_printf(bio_err, "unable to create BIO for output\n"); goto err; } argv++; argc--; for (;;) { if (argc <= 0) break; if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (strcmp(*argv, "-3") == 0) f4 = 3; else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0) f4 = RSA_F4; # ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } # endif else if (strcmp(*argv, "-rand") == 0) { if (--argc < 1) goto bad; inrand = *(++argv); } # ifndef OPENSSL_NO_DES else if (strcmp(*argv, "-des") == 0) enc = EVP_des_cbc(); else if (strcmp(*argv, "-des3") == 0) enc = EVP_des_ede3_cbc(); # endif # ifndef OPENSSL_NO_IDEA else if (strcmp(*argv, "-idea") == 0) enc = EVP_idea_cbc(); # endif # ifndef OPENSSL_NO_SEED else if (strcmp(*argv, "-seed") == 0) enc = EVP_seed_cbc(); # endif # ifndef OPENSSL_NO_AES else if (strcmp(*argv, "-aes128") == 0) enc = EVP_aes_128_cbc(); else if (strcmp(*argv, "-aes192") == 0) enc = EVP_aes_192_cbc(); else if (strcmp(*argv, "-aes256") == 0) enc = EVP_aes_256_cbc(); # endif # ifndef OPENSSL_NO_CAMELLIA else if (strcmp(*argv, "-camellia128") == 0) enc = EVP_camellia_128_cbc(); else if (strcmp(*argv, "-camellia192") == 0) enc = EVP_camellia_192_cbc(); else if (strcmp(*argv, "-camellia256") == 0) enc = EVP_camellia_256_cbc(); # endif else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; passargout = *(++argv); } else break; argv++; argc--; } if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) { bad: BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n"); BIO_printf(bio_err, " -des encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err, " -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); # ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, " -idea encrypt the generated key with IDEA in cbc mode\n"); # endif # ifndef OPENSSL_NO_SEED BIO_printf(bio_err, " -seed\n"); BIO_printf(bio_err, " encrypt PEM output with cbc seed\n"); # endif # ifndef OPENSSL_NO_AES BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); # endif # ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); # endif BIO_printf(bio_err, " -out file output the key to 'file\n"); BIO_printf(bio_err, " -passout arg output file pass phrase source\n"); BIO_printf(bio_err, " -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err, " -3 use 3 for the E value\n"); # ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); # endif BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); goto err; } ERR_load_crypto_strings(); if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto err; } # ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); # endif if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); # ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } # endif } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto err; } } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); } if (inrand != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", num); # ifdef OPENSSL_NO_ENGINE rsa = RSA_new(); # else rsa = RSA_new_method(e); # endif if (!rsa) goto err; if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) goto err; app_RAND_write_file(NULL, bio_err); /* * We need to do the following for when the base number size is < long, * esp windows 3.1 :-(. */ l = 0L; for (i = 0; i < rsa->e->top; i++) { # ifndef SIXTY_FOUR_BIT l <<= BN_BITS4; l <<= BN_BITS4; # endif l += rsa->e->d[i]; } BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l); { PW_CB_DATA cb_data; cb_data.password = passout; cb_data.prompt_info = outfile; if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, (pem_password_cb *)password_callback, &cb_data)) goto err; } ret = 0; err: if (bn) BN_free(bn); if (rsa) RSA_free(rsa); if (out) BIO_free_all(out); if (passout) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { EC_GROUP *group = NULL; point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; int new_form = 0; int asn1_flag = OPENSSL_EC_NAMED_CURVE; int new_asn1_flag = 0; char *curve_name = NULL, *inrand = NULL; int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0, i, need_rand = 0, genkey = 0; char *infile = NULL, *outfile = NULL, *prog; BIO *in = NULL, *out = NULL; int informat, outformat, noout = 0, C = 0, ret = 1; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif char *engine = NULL; BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL; unsigned char *buffer = NULL; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; informat=FORMAT_PEM; outformat=FORMAT_PEM; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-text") == 0) text = 1; else if (TINYCLR_SSL_STRCMP(*argv,"-C") == 0) C = 1; else if (TINYCLR_SSL_STRCMP(*argv,"-check") == 0) check = 1; else if (TINYCLR_SSL_STRCMP (*argv, "-name") == 0) { if (--argc < 1) goto bad; curve_name = *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv, "-list_curves") == 0) list_curves = 1; else if (TINYCLR_SSL_STRCMP(*argv, "-conv_form") == 0) { if (--argc < 1) goto bad; ++argv; new_form = 1; if (TINYCLR_SSL_STRCMP(*argv, "compressed") == 0) form = POINT_CONVERSION_COMPRESSED; else if (TINYCLR_SSL_STRCMP(*argv, "uncompressed") == 0) form = POINT_CONVERSION_UNCOMPRESSED; else if (TINYCLR_SSL_STRCMP(*argv, "hybrid") == 0) form = POINT_CONVERSION_HYBRID; else goto bad; } else if (TINYCLR_SSL_STRCMP(*argv, "-param_enc") == 0) { if (--argc < 1) goto bad; ++argv; new_asn1_flag = 1; if (TINYCLR_SSL_STRCMP(*argv, "named_curve") == 0) asn1_flag = OPENSSL_EC_NAMED_CURVE; else if (TINYCLR_SSL_STRCMP(*argv, "explicit") == 0) asn1_flag = 0; else goto bad; } else if (TINYCLR_SSL_STRCMP(*argv, "-no_seed") == 0) no_seed = 1; else if (TINYCLR_SSL_STRCMP(*argv, "-noout") == 0) noout=1; else if (TINYCLR_SSL_STRCMP(*argv,"-genkey") == 0) { genkey=1; need_rand=1; } else if (TINYCLR_SSL_STRCMP(*argv, "-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); need_rand=1; } else if(TINYCLR_SSL_STRCMP(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, " -inform arg input format - " "default PEM (DER or PEM)\n"); BIO_printf(bio_err, " -outform arg output format - " "default PEM\n"); BIO_printf(bio_err, " -in arg input file - " "default OPENSSL_TYPE__FILE_STDIN\n"); BIO_printf(bio_err, " -out arg output file - " "default OPENSSL_TYPE__FILE_STDOUT\n"); BIO_printf(bio_err, " -noout do not print the " "ec parameter\n"); BIO_printf(bio_err, " -text print the ec " "parameters in text form\n"); BIO_printf(bio_err, " -check validate the ec " "parameters\n"); BIO_printf(bio_err, " -C print a 'C' " "function creating the parameters\n"); BIO_printf(bio_err, " -name arg use the " "ec parameters with 'short name' name\n"); BIO_printf(bio_err, " -list_curves prints a list of " "all currently available curve 'short names'\n"); BIO_printf(bio_err, " -conv_form arg specifies the " "point conversion form \n"); BIO_printf(bio_err, " possible values:" " compressed\n"); BIO_printf(bio_err, " " " uncompressed (default)\n"); BIO_printf(bio_err, " " " hybrid\n"); BIO_printf(bio_err, " -param_enc arg specifies the way" " the ec parameters are encoded\n"); BIO_printf(bio_err, " in the asn1 der " "encoding\n"); BIO_printf(bio_err, " possible values:" " named_curve (default)\n"); BIO_printf(bio_err, " " " explicit\n"); BIO_printf(bio_err, " -no_seed if 'explicit'" " parameters are choosen do not" " use the seed\n"); BIO_printf(bio_err, " -genkey generate ec" " key\n"); BIO_printf(bio_err, " -rand file files to use for" " random number input\n"); BIO_printf(bio_err, " -engine e use engine e, " "possibly a hardware device\n"); goto end; } ERR_load_crypto_strings(); in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) { TINYCLR_SSL_PERROR(infile); goto end; } } if (outfile == NULL) { BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { TINYCLR_SSL_PERROR(outfile); goto end; } } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if (list_curves) { EC_builtin_curve *curves = NULL; size_t crv_len = 0; size_t n = 0; crv_len = EC_get_builtin_curves(NULL, 0); curves = (EC_builtin_curve*)OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len)); if (curves == NULL) goto end; if (!EC_get_builtin_curves(curves, crv_len)) { OPENSSL_free(curves); goto end; } for (n = 0; n < crv_len; n++) { const char *comment; const char *sname; comment = curves[n].comment; sname = OBJ_nid2sn(curves[n].nid); if (comment == NULL) comment = "CURVE DESCRIPTION NOT AVAILABLE"; if (sname == NULL) sname = ""; BIO_printf(out, " %-10s: ", sname); BIO_printf(out, "%s\n", comment); } OPENSSL_free(curves); ret = 0; goto end; } if (curve_name != NULL) { int nid; /* workaround for the SECG curve names secp192r1 * and secp256r1 (which are the same as the curves * prime192v1 and prime256v1 defined in X9.62) */ if (!TINYCLR_SSL_STRCMP(curve_name, "secp192r1")) { BIO_printf(bio_err, "using curve name prime192v1 " "instead of secp192r1\n"); nid = NID_X9_62_prime192v1; } else if (!TINYCLR_SSL_STRCMP(curve_name, "secp256r1")) { BIO_printf(bio_err, "using curve name prime256v1 " "instead of secp256r1\n"); nid = NID_X9_62_prime256v1; } else nid = OBJ_sn2nid(curve_name); if (nid == 0) { BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name); goto end; } group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) { BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name); goto end; } EC_GROUP_set_asn1_flag(group, asn1_flag); EC_GROUP_set_point_conversion_form(group, form); } else if (informat == FORMAT_ASN1) { group = d2i_ECPKParameters_bio(in, NULL); } else if (informat == FORMAT_PEM) { group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL); } else { BIO_printf(bio_err, "bad input format specified\n"); goto end; } if (group == NULL) { BIO_printf(bio_err, "unable to load elliptic curve parameters\n"); ERR_print_errors(bio_err); goto end; } if (new_form) EC_GROUP_set_point_conversion_form(group, form); if (new_asn1_flag) EC_GROUP_set_asn1_flag(group, asn1_flag); if (no_seed) { EC_GROUP_set_seed(group, NULL, 0); } if (text) { if (!ECPKParameters_print(out, group, 0)) goto end; } if (check) { if (group == NULL) BIO_printf(bio_err, "no elliptic curve parameters\n"); BIO_printf(bio_err, "checking elliptic curve parameters: "); if (!EC_GROUP_check(group, NULL)) { BIO_printf(bio_err, "failed\n"); ERR_print_errors(bio_err); } else BIO_printf(bio_err, "ok\n"); } if (C) { size_t buf_len = 0, tmp_len = 0; const EC_POINT *point; int is_prime, len = 0; const EC_METHOD *meth = EC_GROUP_method_of(group); if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL || (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL || (ec_order = BN_new()) == NULL || (ec_cofactor = BN_new()) == NULL ) { TINYCLR_SSL_PERROR("OPENSSL_malloc"); goto end; } is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field); if (is_prime) { if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL)) goto end; } else { /* TODO */ goto end; } if ((point = EC_GROUP_get0_generator(group)) == NULL) goto end; if (!EC_POINT_point2bn(group, point, EC_GROUP_get_point_conversion_form(group), ec_gen, NULL)) goto end; if (!EC_GROUP_get_order(group, ec_order, NULL)) goto end; if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL)) goto end; if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor) goto end; len = BN_num_bits(ec_order); if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len) buf_len = tmp_len; if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len) buf_len = tmp_len; if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len) buf_len = tmp_len; if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len) buf_len = tmp_len; if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len) buf_len = tmp_len; if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len) buf_len = tmp_len; buffer = (unsigned char *)OPENSSL_malloc(buf_len); if (buffer == NULL) { TINYCLR_SSL_PERROR("OPENSSL_malloc"); goto end; } ecparam_print_var(out, ec_p, "ec_p", len, buffer); ecparam_print_var(out, ec_a, "ec_a", len, buffer); ecparam_print_var(out, ec_b, "ec_b", len, buffer); ecparam_print_var(out, ec_gen, "ec_gen", len, buffer); ecparam_print_var(out, ec_order, "ec_order", len, buffer); ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, buffer); BIO_printf(out, "\n\n"); BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len); BIO_printf(out, "\tint ok=0;\n"); BIO_printf(out, "\tEC_GROUP *group = NULL;\n"); BIO_printf(out, "\tEC_POINT *point = NULL;\n"); BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, " "*tmp_3 = NULL;\n\n"); BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, " "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t" "goto err;\n", len, len); BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, " "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t" "goto err;\n", len, len); BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, " "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t" "goto err;\n", len, len); if (is_prime) { BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_" "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)" "\n\t\tgoto err;\n\n"); } else { /* TODO */ goto end; } BIO_printf(out, "\t/* build generator */\n"); BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, " "sizeof(ec_gen_%d), tmp_1)) == NULL)" "\n\t\tgoto err;\n", len, len); BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, " "NULL, NULL);\n"); BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n"); BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, " "sizeof(ec_order_%d), tmp_2)) == NULL)" "\n\t\tgoto err;\n", len, len); BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, " "sizeof(ec_cofactor_%d), tmp_3)) == NULL)" "\n\t\tgoto err;\n", len, len); BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point," " tmp_2, tmp_3))\n\t\tgoto err;\n"); BIO_printf(out, "\n\tok=1;\n"); BIO_printf(out, "err:\n"); BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n"); BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n"); BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n"); BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n"); BIO_printf(out, "\tif (!ok)\n"); BIO_printf(out, "\t\t{\n"); BIO_printf(out, "\t\tEC_GROUP_free(group);\n"); BIO_printf(out, "\t\tgroup = NULL;\n"); BIO_printf(out, "\t\t}\n"); BIO_printf(out, "\treturn(group);\n\t}\n"); } if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_ECPKParameters_bio(out, group); else if (outformat == FORMAT_PEM) i = PEM_write_bio_ECPKParameters(out, group); else { BIO_printf(bio_err,"bad output format specified for" " outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write elliptic " "curve parameters\n"); ERR_print_errors(bio_err); goto end; } } if (need_rand) { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); } if (genkey) { EC_KEY *eckey = EC_KEY_new(); if (eckey == NULL) goto end; TINYCLR_SSL_ASSERT(need_rand); if (EC_KEY_set_group(eckey, group) == 0) goto end; if (!EC_KEY_generate_key(eckey)) { EC_KEY_free(eckey); goto end; } if (outformat == FORMAT_ASN1) i = i2d_ECPrivateKey_bio(out, eckey); else if (outformat == FORMAT_PEM) i = PEM_write_bio_ECPrivateKey(out, eckey, NULL, NULL, 0, NULL, NULL); else { BIO_printf(bio_err, "bad output format specified " "for outfile\n"); EC_KEY_free(eckey); goto end; } EC_KEY_free(eckey); } if (need_rand) app_RAND_write_file(NULL, bio_err); ret=0; end: if (ec_p) BN_free(ec_p); if (ec_a) BN_free(ec_a); if (ec_b) BN_free(ec_b); if (ec_gen) BN_free(ec_gen); if (ec_order) BN_free(ec_order); if (ec_cofactor) BN_free(ec_cofactor); if (buffer) OPENSSL_free(buffer); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (group != NULL) EC_GROUP_free(group); apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; char *infile,*outfile,*prog; #ifndef OPENSSL_NO_ENGINE char *engine; #endif apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; #ifndef OPENSSL_NO_ENGINE engine=NULL; #endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; outformat=FORMAT_PEM; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (TINYCLR_SSL_STRCMP(*argv,"-check") == 0) check=1; else if (TINYCLR_SSL_STRCMP(*argv,"-text") == 0) text=1; else if (TINYCLR_SSL_STRCMP(*argv,"-C") == 0) C=1; else if (TINYCLR_SSL_STRCMP(*argv,"-noout") == 0) noout=1; else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -check check the DH parameters\n"); BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif goto end; } ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) { TINYCLR_SSL_PERROR(infile); goto end; } } if (outfile == NULL) { BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { TINYCLR_SSL_PERROR(outfile); goto end; } } if (informat == FORMAT_ASN1) dh=d2i_DHparams_bio(in,NULL); else if (informat == FORMAT_PEM) dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL); else { BIO_printf(bio_err,"bad input format specified\n"); goto end; } if (dh == NULL) { BIO_printf(bio_err,"unable to load DH parameters\n"); ERR_print_errors(bio_err); goto end; } if (text) { DHparams_print(out,dh); #ifdef undef TINYCLR_SSL_PRINTF("p="); BN_print(OPENSSL_TYPE__FILE_STDOUT,dh->p); TINYCLR_SSL_PRINTF("\ng="); BN_print(OPENSSL_TYPE__FILE_STDOUT,dh->g); TINYCLR_SSL_PRINTF("\n"); if (dh->length != 0) TINYCLR_SSL_PRINTF("recommended private length=%ld\n",dh->length); #endif } if (check) { if (!DH_check(dh,&i)) { ERR_print_errors(bio_err); goto end; } if (i & DH_CHECK_P_NOT_PRIME) TINYCLR_SSL_PRINTF("p value is not prime\n"); if (i & DH_CHECK_P_NOT_SAFE_PRIME) TINYCLR_SSL_PRINTF("p value is not a safe prime\n"); if (i & DH_UNABLE_TO_CHECK_GENERATOR) TINYCLR_SSL_PRINTF("unable to check the generator value\n"); if (i & DH_NOT_SUITABLE_GENERATOR) TINYCLR_SSL_PRINTF("the g value is not a generator\n"); if (i == 0) TINYCLR_SSL_PRINTF("DH parameters appear to be ok.\n"); } if (C) { unsigned char *data; int len,l,bits; len=BN_num_bytes(dh->p); bits=BN_num_bits(dh->p); data=(unsigned char *)OPENSSL_malloc(len); if (data == NULL) { TINYCLR_SSL_PERROR("OPENSSL_malloc"); goto end; } l=BN_bn2bin(dh->p,data); TINYCLR_SSL_PRINTF("static unsigned char dh%d_p[]={",bits); for (i=0; i<l; i++) { if ((i%12) == 0) TINYCLR_SSL_PRINTF("\n\t"); TINYCLR_SSL_PRINTF("0x%02X,",data[i]); } TINYCLR_SSL_PRINTF("\n\t};\n"); l=BN_bn2bin(dh->g,data); TINYCLR_SSL_PRINTF("static unsigned char dh%d_g[]={",bits); for (i=0; i<l; i++) { if ((i%12) == 0) TINYCLR_SSL_PRINTF("\n\t"); TINYCLR_SSL_PRINTF("0x%02X,",data[i]); } TINYCLR_SSL_PRINTF("\n\t};\n\n"); TINYCLR_SSL_PRINTF("DH *get_dh%d()\n\t{\n",bits); TINYCLR_SSL_PRINTF("\tDH *dh;\n\n"); TINYCLR_SSL_PRINTF("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); TINYCLR_SSL_PRINTF("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", bits,bits); TINYCLR_SSL_PRINTF("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", bits,bits); TINYCLR_SSL_PRINTF("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); TINYCLR_SSL_PRINTF("\t\treturn(NULL);\n"); TINYCLR_SSL_PRINTF("\treturn(dh);\n\t}\n"); OPENSSL_free(data); } if (!noout) { if (outformat == FORMAT_ASN1) i=i2d_DHparams_bio(out,dh); else if (outformat == FORMAT_PEM) i=PEM_write_bio_DHparams(out,dh); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write DH parameters\n"); ERR_print_errors(bio_err); goto end; } } ret=0; end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA int dsaparam=0; #endif BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; char *infile,*outfile,*prog; char *inrand=NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif int num = 0, g = 0; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; infile=NULL; outfile=NULL; informat=FORMAT_PEM; outformat=FORMAT_PEM; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) text=1; #ifndef OPENSSL_NO_DSA else if (strcmp(*argv,"-dsaparam") == 0) dsaparam=1; #endif else if (strcmp(*argv,"-C") == 0) C=1; else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-2") == 0) g=2; else if (strcmp(*argv,"-5") == 0) g=5; else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); } else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0))) goto bad; argv++; argc--; } if (badops) { bad: BIO_printf(bio_err,"%s [options] [numbits]\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); BIO_printf(bio_err," -outform arg output format - one of DER PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); #ifndef OPENSSL_NO_DSA BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n"); #endif BIO_printf(bio_err," -check check the DH parameters\n"); BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," -noout no output\n"); goto end; } ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif if (g && !num) num = DEFBITS; #ifndef OPENSSL_NO_DSA if (dsaparam) { if (g) { BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); goto end; } } else #endif { /* DH parameters */ if (num && !g) g = 2; } if(num) { BN_GENCB cb; BN_GENCB_set(&cb, dh_cb, bio_err); if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); #ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa = DSA_new(); BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); if(!dsa || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, &cb)) { if(dsa) DSA_free(dsa); ERR_print_errors(bio_err); goto end; } dh = DSA_dup_DH(dsa); DSA_free(dsa); if (dh == NULL) { ERR_print_errors(bio_err); goto end; } } else #endif { dh = DH_new(); BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) { ERR_print_errors(bio_err); goto end; } } app_RAND_write_file(NULL, bio_err); } else { in=BIO_new(BIO_s_file()); if (in == NULL) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,stdin,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) { perror(infile); goto end; } } if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) { BIO_printf(bio_err,"bad input format specified\n"); goto end; } #ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa; if (informat == FORMAT_ASN1) dsa=d2i_DSAparams_bio(in,NULL); else /* informat == FORMAT_PEM */ dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL); if (dsa == NULL) { BIO_printf(bio_err,"unable to load DSA parameters\n"); ERR_print_errors(bio_err); goto end; } dh = DSA_dup_DH(dsa); DSA_free(dsa); if (dh == NULL) { ERR_print_errors(bio_err); goto end; } } else #endif { if (informat == FORMAT_ASN1) dh=d2i_DHparams_bio(in,NULL); else /* informat == FORMAT_PEM */ dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL); if (dh == NULL) { BIO_printf(bio_err,"unable to load DH parameters\n"); ERR_print_errors(bio_err); goto end; } } /* dh != NULL */ } out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } if (text) { DHparams_print(out,dh); } if (check) { if (!DH_check(dh,&i)) { ERR_print_errors(bio_err); goto end; } if (i & DH_CHECK_P_NOT_PRIME) printf("p value is not prime\n"); if (i & DH_CHECK_P_NOT_SAFE_PRIME) printf("p value is not a safe prime\n"); if (i & DH_UNABLE_TO_CHECK_GENERATOR) printf("unable to check the generator value\n"); if (i & DH_NOT_SUITABLE_GENERATOR) printf("the g value is not a generator\n"); if (i == 0) printf("DH parameters appear to be ok.\n"); } if (C) { unsigned char *data; int len,l,bits; len=BN_num_bytes(dh->p); bits=BN_num_bits(dh->p); data=(unsigned char *)OPENSSL_malloc(len); if (data == NULL) { perror("OPENSSL_malloc"); goto end; } printf("#ifndef HEADER_DH_H\n" "#include <openssl/dh.h>\n" "#endif\n"); printf("DH *get_dh%d()\n\t{\n",bits); l=BN_bn2bin(dh->p,data); printf("\tstatic unsigned char dh%d_p[]={",bits); for (i=0; i<l; i++) { if ((i%12) == 0) printf("\n\t\t"); printf("0x%02X,",data[i]); } printf("\n\t\t};\n"); l=BN_bn2bin(dh->g,data); printf("\tstatic unsigned char dh%d_g[]={",bits); for (i=0; i<l; i++) { if ((i%12) == 0) printf("\n\t\t"); printf("0x%02X,",data[i]); } printf("\n\t\t};\n"); printf("\tDH *dh;\n\n"); printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n"); printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n", bits,bits); printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n", bits,bits); printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); printf("\t\t{ DH_free(dh); return(NULL); }\n"); if (dh->length) printf("\tdh->length = %ld;\n", dh->length); printf("\treturn(dh);\n\t}\n"); OPENSSL_free(data); } if (!noout) { if (outformat == FORMAT_ASN1) i=i2d_DHparams_bio(out,dh); else if (outformat == FORMAT_PEM) i=PEM_write_bio_DHparams(out,dh); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write DH parameters\n"); ERR_print_errors(bio_err); goto end; } } ret=0; end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); apps_shutdown(); OPENSSL_EXIT(ret); }
int main(int argc, char *argv[]) { BN_CTX *ctx; BIO *out; char *outfile=NULL; results = 0; RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ argc--; argv++; while (argc >= 1) { if (strcmp(*argv,"-results") == 0) results=1; else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) break; outfile= *(++argv); } argc--; argv++; } ctx=BN_CTX_new(); if (ctx == NULL) EXIT(1); out=BIO_new(BIO_s_file()); if (out == NULL) EXIT(1); if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); } else { if (!BIO_write_filename(out,outfile)) { perror(outfile); EXIT(1); } } if (!results) BIO_puts(out,"obase=16\nibase=16\n"); message(out,"BN_add"); if (!test_add(out)) goto err; BIO_flush(out); message(out,"BN_sub"); if (!test_sub(out)) goto err; BIO_flush(out); message(out,"BN_lshift1"); if (!test_lshift1(out)) goto err; BIO_flush(out); message(out,"BN_lshift (fixed)"); if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL))) goto err; BIO_flush(out); message(out,"BN_lshift"); if (!test_lshift(out,ctx,NULL)) goto err; BIO_flush(out); message(out,"BN_rshift1"); if (!test_rshift1(out)) goto err; BIO_flush(out); message(out,"BN_rshift"); if (!test_rshift(out,ctx)) goto err; BIO_flush(out); message(out,"BN_sqr"); if (!test_sqr(out,ctx)) goto err; BIO_flush(out); message(out,"BN_mul"); if (!test_mul(out)) goto err; BIO_flush(out); message(out,"BN_div"); if (!test_div(out,ctx)) goto err; BIO_flush(out); message(out,"BN_div_recp"); if (!test_div_recp(out,ctx)) goto err; BIO_flush(out); message(out,"BN_mod"); if (!test_mod(out,ctx)) goto err; BIO_flush(out); message(out,"BN_mod_mul"); if (!test_mod_mul(out,ctx)) goto err; BIO_flush(out); message(out,"BN_mont"); if (!test_mont(out,ctx)) goto err; BIO_flush(out); message(out,"BN_mod_exp"); if (!test_mod_exp(out,ctx)) goto err; BIO_flush(out); message(out,"BN_exp"); if (!test_exp(out,ctx)) goto err; BIO_flush(out); message(out,"BN_kronecker"); if (!test_kron(out,ctx)) goto err; BIO_flush(out); message(out,"BN_mod_sqrt"); if (!test_sqrt(out,ctx)) goto err; BIO_flush(out); BN_CTX_free(ctx); BIO_free(out); /**/ EXIT(0); err: BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices * the failure, see test_bn in test/Makefile.ssl*/ BIO_flush(out); ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); EXIT(1); return(1); }
int MAIN(int argc, char **argv) { int i,badops=0; BIO *in=NULL,*out=NULL; int informat,outformat; char *infile,*outfile,*prog,*certfile; PKCS7 *p7 = NULL; PKCS7_SIGNED *p7s = NULL; X509_CRL *crl=NULL; STACK_OF(OPENSSL_STRING) *certflst=NULL; STACK_OF(X509_CRL) *crl_stack=NULL; STACK_OF(X509) *cert_stack=NULL; int ret=1,nocrl=0; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT); infile=NULL; outfile=NULL; informat=FORMAT_PEM; outformat=FORMAT_PEM; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-nocrl") == 0) { nocrl=1; } else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-certfile") == 0) { if (--argc < 1) goto bad; if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(certflst,*(++argv)); } else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); BIO_printf(bio_err," (can be used more than once)\n"); BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); ret = 1; goto end; } ERR_load_crypto_strings(); in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (!nocrl) { if (infile == NULL) BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) { TINYCLR_SSL_PERROR(infile); goto end; } } if (informat == FORMAT_ASN1) crl=d2i_X509_CRL_bio(in,NULL); else if (informat == FORMAT_PEM) crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); else { BIO_printf(bio_err,"bad input format specified for input crl\n"); goto end; } if (crl == NULL) { BIO_printf(bio_err,"unable to load CRL\n"); ERR_print_errors(bio_err); goto end; } } if ((p7=PKCS7_new()) == NULL) goto end; if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end; p7->type=OBJ_nid2obj(NID_pkcs7_signed); p7->d.sign=p7s; p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data); if (!ASN1_INTEGER_set(p7s->version,1)) goto end; if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end; p7s->crl=crl_stack; if (crl != NULL) { sk_X509_CRL_push(crl_stack,crl); crl=NULL; /* now part of p7 for OPENSSL_freeing */ } if ((cert_stack=sk_X509_new_null()) == NULL) goto end; p7s->cert=cert_stack; if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { certfile = sk_OPENSSL_STRING_value(certflst, i); if (add_certs_from_file(cert_stack,certfile) < 0) { BIO_printf(bio_err, "error loading certificates\n"); ERR_print_errors(bio_err); goto end; } } sk_OPENSSL_STRING_free(certflst); if (outfile == NULL) { BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { TINYCLR_SSL_PERROR(outfile); goto end; } } if (outformat == FORMAT_ASN1) i=i2d_PKCS7_bio(out,p7); else if (outformat == FORMAT_PEM) i=PEM_write_bio_PKCS7(out,p7); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write pkcs7 object\n"); ERR_print_errors(bio_err); goto end; } ret=0; end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (p7 != NULL) PKCS7_free(p7); if (crl != NULL) X509_CRL_free(crl); apps_shutdown(); OPENSSL_EXIT(ret); }
int main(int argc, char** argv) { R_RSA_PUBLIC_KEY public_key; R_RSA_PRIVATE_KEY private_key; int i, n, retval; bool is_valid; DATA_BLOCK signature, in, out; unsigned char signature_buf[256], buf[256], buf2[256]; FILE *f, *fpriv, *fpub; char cbuf[256]; RSA rsa_key; RSA *rsa_key_; BIO *bio_out=NULL; BIO *bio_err=NULL; char *certpath; bool b2o=false; // boinc key to openssl key ? bool kpriv=false; // private key ? if (argc == 1) { usage(); exit(1); } if (!strcmp(argv[1], "-genkey")) { if (argc < 5) { usage(); exit(1); } printf("creating keys in %s and %s\n", argv[3], argv[4]); n = atoi(argv[2]); srand(random_int()); RSA* rp = RSA_generate_key(n, 65537, 0, 0); openssl_to_keys(rp, n, private_key, public_key); fpriv = fopen(argv[3], "w"); if (!fpriv) die("fopen"); fpub = fopen(argv[4], "w"); if (!fpub) die("fopen"); print_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); print_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); } else if (!strcmp(argv[1], "-sign")) { if (argc < 4) { usage(); exit(1); } fpriv = fopen(argv[3], "r"); if (!fpriv) die("fopen"); retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); if (retval) die("scan_key_hex\n"); signature.data = signature_buf; signature.len = 256; retval = sign_file(argv[2], private_key, signature); print_hex_data(stdout, signature); } else if (!strcmp(argv[1], "-sign_string")) { if (argc < 4) { usage(); exit(1); } fpriv = fopen(argv[3], "r"); if (!fpriv) die("fopen"); retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); if (retval) die("scan_key_hex\n"); generate_signature(argv[2], cbuf, private_key); puts(cbuf); } else if (!strcmp(argv[1], "-verify")) { if (argc < 5) { usage(); exit(1); } fpub = fopen(argv[4], "r"); if (!fpub) die("fopen"); retval = scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); if (retval) die("read_public_key"); f = fopen(argv[3], "r"); signature.data = signature_buf; signature.len = 256; retval = scan_hex_data(f, signature); if (retval) die("scan_hex_data"); retval = verify_file(argv[2], public_key, signature, is_valid); if (retval) die("verify_file"); if (is_valid) { printf("file is valid\n"); } else { printf("file is invalid\n"); return 1; } } else if (!strcmp(argv[1], "-test_crypt")) { if (argc < 4) { usage(); exit(1); } fpriv = fopen(argv[2], "r"); if (!fpriv) die("fopen"); retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); if (retval) die("scan_key_hex\n"); fpub = fopen(argv[3], "r"); if (!fpub) die("fopen"); retval = scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); if (retval) die("read_public_key"); strcpy((char*)buf2, "encryption test successful"); in.data = buf2; in.len = strlen((char*)in.data); out.data = buf; encrypt_private(private_key, in, out); in = out; out.data = buf2; decrypt_public(public_key, in, out); printf("out: %s\n", out.data); } else if (!strcmp(argv[1], "-cert_verify")) { if (argc < 6) die("usage: crypt_prog -cert_verify file signature_file certificate_dir ca_dir \n"); f = fopen(argv[3], "r"); signature.data = signature_buf; signature.len = 256; retval = scan_hex_data(f, signature); if (retval) die("cannot scan_hex_data"); certpath = check_validity(argv[4], argv[2], signature.data, argv[5]); if (certpath == NULL) { die("signature cannot be verfied.\n\n"); } else { printf("siganture verified using certificate '%s'.\n\n", certpath); free(certpath); } // this converts, but an executable signed with sign_executable, // and signature converted to OpenSSL format cannot be verified with // OpenSSL } else if (!strcmp(argv[1], "-convsig")) { if (argc < 5) { usage(); exit(1); } if (strcmp(argv[2], "b2o") == 0) { b2o = true; } else if (strcmp(argv[2], "o2b") == 0) { b2o = false; } else { die("either 'o2b' or 'b2o' must be defined for -convsig\n"); } if (b2o) { f = fopen(argv[3], "r"); signature.data = signature_buf; signature.len = 256; retval = scan_hex_data(f, signature); fclose(f); f = fopen(argv[4], "w+"); print_raw_data(f, signature); fclose(f); } else { f = fopen(argv[3], "r"); signature.data = signature_buf; signature.len = 256; retval = scan_raw_data(f, signature); fclose(f); f = fopen(argv[4], "w+"); print_hex_data(f, signature); fclose(f); } } else if (!strcmp(argv[1], "-convkey")) { if (argc < 6) { usage(); exit(1); } if (strcmp(argv[2], "b2o") == 0) { b2o = true; } else if (strcmp(argv[2], "o2b") == 0) { b2o = false; } else { die("either 'o2b' or 'b2o' must be defined for -convkey\n"); } if (strcmp(argv[3], "pub") == 0) { kpriv = false; } else if (strcmp(argv[3], "priv") == 0) { kpriv = true; } else { die("either 'pub' or 'priv' must be defined for -convkey\n"); } OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); if (bio_err == NULL) { bio_err = BIO_new_fp(stdout, BIO_NOCLOSE); } //enc=EVP_get_cipherbyname("des"); //if (enc == NULL) // die("could not get cypher.\n"); // no encription yet. bio_out=BIO_new(BIO_s_file()); if (BIO_write_filename(bio_out,argv[5]) <= 0) { perror(argv[5]); die("could not create output file.\n"); } if (b2o) { rsa_key_ = RSA_new(); if (kpriv) { fpriv = fopen(argv[4], "r"); if (!fpriv) { die("fopen"); } scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); fclose(fpriv); private_to_openssl(private_key, &rsa_key); //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key, // enc, NULL, 0, pass_cb, NULL); // no encryption yet. //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key, // NULL, NULL, 0, pass_cb, NULL); fpriv = fopen(argv[5], "w+"); PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL); fclose(fpriv); //if (i == 0) { // ERR_print_errors(bio_err); // die("could not write key file.\n"); //} } else { fpub = fopen(argv[4], "r"); if (!fpub) { die("fopen"); } scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); fclose(fpub); fpub = fopen(argv[5], "w+"); if (!fpub) { die("fopen"); } public_to_openssl(public_key, rsa_key_); i = PEM_write_RSA_PUBKEY(fpub, rsa_key_); if (i == 0) { ERR_print_errors(bio_err); die("could not write key file.\n"); } fclose(fpub); } } else { // o2b rsa_key_ = (RSA *)calloc(1, sizeof(RSA)); memset(rsa_key_, 0, sizeof(RSA)); if (rsa_key_ == NULL) { die("could not allocate memory for RSA structure.\n"); } if (kpriv) { fpriv = fopen (argv[4], "r"); rsa_key_ = PEM_read_RSAPrivateKey(fpriv, NULL, NULL, NULL); fclose(fpriv); if (rsa_key_ == NULL) { ERR_print_errors(bio_err); die("could not load private key.\n"); } openssl_to_private(rsa_key_, &private_key); fpriv = fopen(argv[5], "w"); if (!fpriv) { die("fopen"); } print_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); } else { fpub = fopen (argv[4], "r"); rsa_key_ = PEM_read_RSA_PUBKEY(fpub, NULL, NULL, NULL); fclose(fpub); if (rsa_key_ == NULL) { ERR_print_errors(bio_err); die("could not load public key.\n"); } openssl_to_keys(rsa_key_, 1024, private_key, public_key); //openssl_to_public(rsa_key_, &public_key); public_to_openssl(public_key, rsa_key_); // fpub = fopen(argv[5], "w"); if (!fpub) { die("fopen"); } print_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); } } } else { usage(); exit(1); } return 0; }
int enc_main(int argc, char **argv) { static const char magic[] = "Salted__"; char mbuf[sizeof magic - 1]; char *strbuf = NULL, *pass = NULL; unsigned char *buff = NULL; int bsize = BSIZE; int ret = 1, inl; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; unsigned char salt[PKCS5_SALT_LEN]; #ifdef ZLIB BIO *bzl = NULL; #endif EVP_CIPHER_CTX *ctx = NULL; const EVP_MD *dgst = NULL; BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL; BIO *rbio = NULL, *wbio = NULL; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE + 1]; int i; if (single_execution) { if (pledge("stdio rpath wpath cpath tty", NULL) == -1) { perror("pledge"); exit(1); } } memset(&enc_config, 0, sizeof(enc_config)); enc_config.enc = 1; /* first check the program name */ program_name(argv[0], pname, sizeof(pname)); if (strcmp(pname, "base64") == 0) enc_config.base64 = 1; #ifdef ZLIB if (strcmp(pname, "zlib") == 0) enc_config.do_zlib = 1; #endif enc_config.cipher = EVP_get_cipherbyname(pname); #ifdef ZLIB if (!enc_config.do_zlib && !enc_config.base64 && enc_config.cipher == NULL && strcmp(pname, "enc") != 0) #else if (!enc_config.base64 && enc_config.cipher == NULL && strcmp(pname, "enc") != 0) #endif { BIO_printf(bio_err, "%s is an unknown cipher\n", pname); goto end; } if (options_parse(argc, argv, enc_options, NULL, NULL) != 0) { enc_usage(); goto end; } if (enc_config.keyfile != NULL) { static char buf[128]; FILE *infile; infile = fopen(enc_config.keyfile, "r"); if (infile == NULL) { BIO_printf(bio_err, "unable to read key from '%s'\n", enc_config.keyfile); goto end; } buf[0] = '\0'; if (!fgets(buf, sizeof buf, infile)) { BIO_printf(bio_err, "unable to read key from '%s'\n", enc_config.keyfile); fclose(infile); goto end; } fclose(infile); i = strlen(buf); if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) buf[--i] = '\0'; if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r'))) buf[--i] = '\0'; if (i < 1) { BIO_printf(bio_err, "zero length password\n"); goto end; } enc_config.keystr = buf; } if (enc_config.md != NULL && (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { BIO_printf(bio_err, "%s is an unsupported message digest type\n", enc_config.md); goto end; } if (dgst == NULL) { dgst = EVP_md5(); /* XXX */ } if (enc_config.bufsize != NULL) { char *p = enc_config.bufsize; unsigned long n; /* XXX - provide an OPTION_ARG_DISKUNIT. */ for (n = 0; *p != '\0'; p++) { i = *p; if ((i <= '9') && (i >= '0')) n = n * 10 + i - '0'; else if (i == 'k') { n *= 1024; p++; break; } } if (*p != '\0') { BIO_printf(bio_err, "invalid 'bufsize' specified.\n"); goto end; } /* It must be large enough for a base64 encoded line. */ if (enc_config.base64 && n < 80) n = 80; bsize = (int)n; if (enc_config.verbose) BIO_printf(bio_err, "bufsize=%d\n", bsize); } strbuf = malloc(SIZE); buff = malloc(EVP_ENCODE_LENGTH(bsize)); if ((buff == NULL) || (strbuf == NULL)) { BIO_printf(bio_err, "malloc failure %ld\n", (long) EVP_ENCODE_LENGTH(bsize)); goto end; } in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (enc_config.debug) { BIO_set_callback(in, BIO_debug_callback); BIO_set_callback(out, BIO_debug_callback); BIO_set_callback_arg(in, (char *) bio_err); BIO_set_callback_arg(out, (char *) bio_err); } if (enc_config.inf == NULL) { if (enc_config.bufsize != NULL) setvbuf(stdin, (char *) NULL, _IONBF, 0); BIO_set_fp(in, stdin, BIO_NOCLOSE); } else { if (BIO_read_filename(in, enc_config.inf) <= 0) { perror(enc_config.inf); goto end; } } if (!enc_config.keystr && enc_config.passarg) { if (!app_passwd(bio_err, enc_config.passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } enc_config.keystr = pass; } if (enc_config.keystr == NULL && enc_config.cipher != NULL && enc_config.hkey == NULL) { for (;;) { char buf[200]; int retval; retval = snprintf(buf, sizeof buf, "enter %s %s password:"******"encryption" : "decryption"); if ((size_t)retval >= sizeof buf) { BIO_printf(bio_err, "Password prompt too long\n"); goto end; } strbuf[0] = '\0'; i = EVP_read_pw_string((char *)strbuf, SIZE, buf, enc_config.enc); if (i == 0) { if (strbuf[0] == '\0') { ret = 1; goto end; } enc_config.keystr = strbuf; break; } if (i < 0) { BIO_printf(bio_err, "bad password read\n"); goto end; } } } if (enc_config.outf == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); if (enc_config.bufsize != NULL) setvbuf(stdout, (char *)NULL, _IONBF, 0); } else { if (BIO_write_filename(out, enc_config.outf) <= 0) { perror(enc_config.outf); goto end; } } rbio = in; wbio = out; #ifdef ZLIB if (do_zlib) { if ((bzl = BIO_new(BIO_f_zlib())) == NULL) goto end; if (enc) wbio = BIO_push(bzl, wbio); else rbio = BIO_push(bzl, rbio); } #endif if (enc_config.base64) { if ((b64 = BIO_new(BIO_f_base64())) == NULL) goto end; if (enc_config.debug) { BIO_set_callback(b64, BIO_debug_callback); BIO_set_callback_arg(b64, (char *) bio_err); } if (enc_config.olb64) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); if (enc_config.enc) wbio = BIO_push(b64, wbio); else rbio = BIO_push(b64, rbio); } if (enc_config.cipher != NULL) { /* * Note that keystr is NULL if a key was passed on the command * line, so we get no salt in that case. Is this a bug? */ if (enc_config.keystr != NULL) { /* * Salt handling: if encrypting generate a salt and * write to output BIO. If decrypting read salt from * input BIO. */ unsigned char *sptr; if (enc_config.nosalt) sptr = NULL; else { if (enc_config.enc) { if (enc_config.hsalt) { if (!set_hex(enc_config.hsalt, salt, sizeof salt)) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } } else arc4random_buf(salt, sizeof(salt)); /* * If -P option then don't bother * writing */ if ((enc_config.printkey != 2) && (BIO_write(wbio, magic, sizeof magic - 1) != sizeof magic - 1 || BIO_write(wbio, (char *) salt, sizeof salt) != sizeof salt)) { BIO_printf(bio_err, "error writing output file\n"); goto end; } } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf || BIO_read(rbio, (unsigned char *) salt, sizeof salt) != sizeof salt) { BIO_printf(bio_err, "error reading input file\n"); goto end; } else if (memcmp(mbuf, magic, sizeof magic - 1)) { BIO_printf(bio_err, "bad magic number\n"); goto end; } sptr = salt; } EVP_BytesToKey(enc_config.cipher, dgst, sptr, (unsigned char *)enc_config.keystr, strlen(enc_config.keystr), 1, key, iv); /* * zero the complete buffer or the string passed from * the command line bug picked up by Larry J. Hughes * Jr. <*****@*****.**> */ if (enc_config.keystr == strbuf) explicit_bzero(enc_config.keystr, SIZE); else explicit_bzero(enc_config.keystr, strlen(enc_config.keystr)); } if (enc_config.hiv != NULL && !set_hex(enc_config.hiv, iv, sizeof iv)) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; } if (enc_config.hiv == NULL && enc_config.keystr == NULL && EVP_CIPHER_iv_length(enc_config.cipher) != 0) { /* * No IV was explicitly set and no IV was generated * during EVP_BytesToKey. Hence the IV is undefined, * making correct decryption impossible. */ BIO_printf(bio_err, "iv undefined\n"); goto end; } if (enc_config.hkey != NULL && !set_hex(enc_config.hkey, key, sizeof key)) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } if ((benc = BIO_new(BIO_f_cipher())) == NULL) goto end; /* * Since we may be changing parameters work on the encryption * context rather than calling BIO_set_cipher(). */ BIO_get_cipher_ctx(benc, &ctx); if (!EVP_CipherInit_ex(ctx, enc_config.cipher, NULL, NULL, NULL, enc_config.enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", EVP_CIPHER_name(enc_config.cipher)); ERR_print_errors(bio_err); goto end; } if (enc_config.nopad) EVP_CIPHER_CTX_set_padding(ctx, 0); if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc_config.enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", EVP_CIPHER_name(enc_config.cipher)); ERR_print_errors(bio_err); goto end; } if (enc_config.debug) { BIO_set_callback(benc, BIO_debug_callback); BIO_set_callback_arg(benc, (char *) bio_err); } if (enc_config.printkey) { if (!enc_config.nosalt) { printf("salt="); for (i = 0; i < (int) sizeof(salt); i++) printf("%02X", salt[i]); printf("\n"); } if (enc_config.cipher->key_len > 0) { printf("key="); for (i = 0; i < enc_config.cipher->key_len; i++) printf("%02X", key[i]); printf("\n"); } if (enc_config.cipher->iv_len > 0) { printf("iv ="); for (i = 0; i < enc_config.cipher->iv_len; i++) printf("%02X", iv[i]); printf("\n"); } if (enc_config.printkey == 2) { ret = 0; goto end; } } } /* Only encrypt/decrypt as we write the file */ if (benc != NULL) wbio = BIO_push(benc, wbio); for (;;) { inl = BIO_read(rbio, (char *) buff, bsize); if (inl <= 0) break; if (BIO_write(wbio, (char *) buff, inl) != inl) { BIO_printf(bio_err, "error writing output file\n"); goto end; } } if (!BIO_flush(wbio)) { BIO_printf(bio_err, "bad decrypt\n"); goto end; } ret = 0; if (enc_config.verbose) { BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in)); BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); } end: ERR_print_errors(bio_err); free(strbuf); free(buff); BIO_free(in); if (out != NULL) BIO_free_all(out); BIO_free(benc); BIO_free(b64); #ifdef ZLIB BIO_free(bzl); #endif free(pass); return (ret); }
int genrsa_main(int argc, char **argv) { BN_GENCB cb; int ret = 1; int i, num = DEFBITS; long l; const EVP_CIPHER *enc = NULL; unsigned long f4 = RSA_F4; char *outfile = NULL; char *passargout = NULL, *passout = NULL; BIO *out = NULL; BIGNUM *bn = BN_new(); RSA *rsa = NULL; if (single_execution) { if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { perror("pledge"); exit(1); } } if (!bn) goto err; BN_GENCB_set(&cb, genrsa_cb, bio_err); if ((out = BIO_new(BIO_s_file())) == NULL) { BIO_printf(bio_err, "unable to create BIO for output\n"); goto err; } argv++; argc--; for (;;) { if (argc <= 0) break; if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (strcmp(*argv, "-3") == 0) f4 = 3; else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0) f4 = RSA_F4; #ifndef OPENSSL_NO_DES else if (strcmp(*argv, "-des") == 0) enc = EVP_des_cbc(); else if (strcmp(*argv, "-des3") == 0) enc = EVP_des_ede3_cbc(); #endif #ifndef OPENSSL_NO_IDEA else if (strcmp(*argv, "-idea") == 0) enc = EVP_idea_cbc(); #endif #ifndef OPENSSL_NO_AES else if (strcmp(*argv, "-aes128") == 0) enc = EVP_aes_128_cbc(); else if (strcmp(*argv, "-aes192") == 0) enc = EVP_aes_192_cbc(); else if (strcmp(*argv, "-aes256") == 0) enc = EVP_aes_256_cbc(); #endif #ifndef OPENSSL_NO_CAMELLIA else if (strcmp(*argv, "-camellia128") == 0) enc = EVP_camellia_128_cbc(); else if (strcmp(*argv, "-camellia192") == 0) enc = EVP_camellia_192_cbc(); else if (strcmp(*argv, "-camellia256") == 0) enc = EVP_camellia_256_cbc(); #endif else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; passargout = *(++argv); } else break; argv++; argc--; } if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) { bad: BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n"); BIO_printf(bio_err, " -des encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err, " -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, " -idea encrypt the generated key with IDEA in cbc mode\n"); #endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err, " -out file output the key to 'file\n"); BIO_printf(bio_err, " -passout arg output file pass phrase source\n"); BIO_printf(bio_err, " -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err, " -3 use 3 for the E value\n"); goto err; } if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto err; } if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto err; } } BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", num); rsa = RSA_new(); if (!rsa) goto err; if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) goto err; /* * We need to do the following for when the base number size is < * long, esp windows 3.1 :-(. */ l = 0L; for (i = 0; i < rsa->e->top; i++) { #ifndef _LP64 l <<= BN_BITS4; l <<= BN_BITS4; #endif l += rsa->e->d[i]; } BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l); { PW_CB_DATA cb_data; cb_data.password = passout; cb_data.prompt_info = outfile; if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, password_callback, &cb_data)) goto err; } ret = 0; err: BN_free(bn); RSA_free(rsa); BIO_free_all(out); free(passout); if (ret != 0) ERR_print_errors(bio_err); return (ret); }
int MAIN(int argc, char **argv) { PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; int informat,outformat; char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0,p7_print=0; int ret=1; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; infile=NULL; outfile=NULL; informat=FORMAT_PEM; outformat=FORMAT_PEM; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-noout") == 0) noout=1; else if (TINYCLR_SSL_STRCMP(*argv,"-text") == 0) text=1; else if (TINYCLR_SSL_STRCMP(*argv,"-print") == 0) p7_print=1; else if (TINYCLR_SSL_STRCMP(*argv,"-print_certs") == 0) print_certs=1; #ifndef OPENSSL_NO_ENGINE else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif ret = 1; goto end; } ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) if (in == NULL) { TINYCLR_SSL_PERROR(infile); goto end; } } if (informat == FORMAT_ASN1) p7=d2i_PKCS7_bio(in,NULL); else if (informat == FORMAT_PEM) p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL); else { BIO_printf(bio_err,"bad input format specified for pkcs7 object\n"); goto end; } if (p7 == NULL) { BIO_printf(bio_err,"unable to load PKCS7 object\n"); ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { TINYCLR_SSL_PERROR(outfile); goto end; } } if (p7_print) PKCS7_print_ctx(out, p7, 0, NULL); if (print_certs) { STACK_OF(X509) *certs=NULL; STACK_OF(X509_CRL) *crls=NULL; i=OBJ_obj2nid(p7->type); switch (i) { case NID_pkcs7_signed: certs=p7->d.sign->cert; crls=p7->d.sign->crl; break; case NID_pkcs7_signedAndEnveloped: certs=p7->d.signed_and_enveloped->cert; crls=p7->d.signed_and_enveloped->crl; break; default: break; } if (certs != NULL) { X509 *x; for (i=0; i<sk_X509_num(certs); i++) { x=sk_X509_value(certs,i); if(text) X509_print(out, x); else dump_cert_text(out, x); if(!noout) PEM_write_bio_X509(out,x); BIO_puts(out,"\n"); } } if (crls != NULL) { X509_CRL *crl; for (i=0; i<sk_X509_CRL_num(crls); i++) { crl=sk_X509_CRL_value(crls,i); X509_CRL_print(out, crl); if(!noout)PEM_write_bio_X509_CRL(out,crl); BIO_puts(out,"\n"); } } ret=0; goto end; } if(!noout) { if (outformat == FORMAT_ASN1) i=i2d_PKCS7_bio(out,p7); else if (outformat == FORMAT_PEM) i=PEM_write_bio_PKCS7(out,p7); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write pkcs7 object\n"); ERR_print_errors(bio_err); goto end; } } ret=0; end: if (p7 != NULL) PKCS7_free(p7); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); apps_shutdown(); OPENSSL_EXIT(ret); }
static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) { char *buf = NULL, *p; MS_STATIC char buf2[1024]; ASN1_INTEGER *bs = NULL, *bs2 = NULL; BIO *io = NULL; BIGNUM *serial = NULL; buf=OPENSSL_malloc( ((serialfile == NULL) ?(strlen(CAfile)+strlen(POSTFIX)+1) :(strlen(serialfile)))+1); if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; } if (serialfile == NULL) { strcpy(buf,CAfile); for (p=buf; *p; p++) if (*p == '.') { *p='\0'; break; } strcat(buf,POSTFIX); } else strcpy(buf,serialfile); serial=BN_new(); bs=ASN1_INTEGER_new(); if ((serial == NULL) || (bs == NULL)) { ERR_print_errors(bio_err); goto end; } io=BIO_new(BIO_s_file()); if (io == NULL) { ERR_print_errors(bio_err); goto end; } if (BIO_read_filename(io,buf) <= 0) { if (!create) { perror(buf); goto end; } else { ASN1_INTEGER_set(bs,1); BN_one(serial); } } else { if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2)) { BIO_printf(bio_err,"unable to load serial number from %s\n",buf); ERR_print_errors(bio_err); goto end; } else { serial=BN_bin2bn(bs->data,bs->length,serial); if (serial == NULL) { BIO_printf(bio_err,"error converting bin 2 bn"); goto end; } } } if (!BN_add_word(serial,1)) { BIO_printf(bio_err,"add_word failure\n"); goto end; } if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL))) { BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; } if (BIO_write_filename(io,buf) <= 0) { BIO_printf(bio_err,"error attempting to write serial number file\n"); perror(buf); goto end; } i2a_ASN1_INTEGER(io,bs2); BIO_puts(io,"\n"); BIO_free(io); if (buf) OPENSSL_free(buf); ASN1_INTEGER_free(bs2); BN_free(serial); io=NULL; return bs; end: if (buf) OPENSSL_free(buf); BIO_free(io); ASN1_INTEGER_free(bs); BN_free(serial); return NULL; }
int gendh_main(int argc, char **argv) { BN_GENCB cb; DH *dh = NULL; int ret = 1, num = DEFBITS; int g = 2; char *outfile = NULL; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif BIO *out = NULL; BN_GENCB_set(&cb, dh_cb, bio_err); argv++; argc--; for (;;) { if (argc <= 0) break; if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (strcmp(*argv, "-2") == 0) g = 2; /* * else if (strcmp(*argv,"-3") == 0) g=3; */ else if (strcmp(*argv, "-5") == 0) g = 5; #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } #endif else break; argv++; argc--; } if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) { bad: BIO_printf(bio_err, "usage: gendh [args] [numbits]\n"); BIO_printf(bio_err, " -out file - output the key to 'file\n"); BIO_printf(bio_err, " -2 - use 2 as the generator value\n"); /* * BIO_printf(bio_err," -3 - use 3 as the generator * value\n"); */ BIO_printf(bio_err, " -5 - use 5 as the generator value\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e - use engine e, possibly a hardware device.\n"); #endif goto end; } #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif out = BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; } } BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g); BIO_printf(bio_err, "This is going to take a long time\n"); if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) goto end; if (!PEM_write_bio_DHparams(out, dh)) goto end; ret = 0; end: if (ret != 0) ERR_print_errors(bio_err); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); return (ret); }
int rand_main(int argc, char **argv) { char *num_bytes = NULL; int ret = 1; int badopt = 0; int num = -1; int i, r; BIO *out = NULL; memset(&rand_config, 0, sizeof(rand_config)); if (options_parse(argc, argv, rand_options, &num_bytes, NULL) != 0) { rand_usage(); return (1); } if (num_bytes != NULL) { r = sscanf(num_bytes, "%d", &num); if (r == 0 || num < 0) badopt = 1; } else badopt = 1; if (rand_config.hex && rand_config.base64) badopt = 1; if (badopt) { rand_usage(); goto err; } #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, rand_config.engine, 0); #endif out = BIO_new(BIO_s_file()); if (out == NULL) goto err; if (rand_config.outfile != NULL) r = BIO_write_filename(out, rand_config.outfile); else r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); if (r <= 0) goto err; if (rand_config.base64) { BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) goto err; out = BIO_push(b64, out); } while (num > 0) { unsigned char buf[4096]; int chunk; chunk = num; if (chunk > (int) sizeof(buf)) chunk = sizeof(buf); arc4random_buf(buf, chunk); if (rand_config.hex) { for (i = 0; i < chunk; i++) BIO_printf(out, "%02x", buf[i]); } else BIO_write(out, buf, chunk); num -= chunk; } if (rand_config.hex) BIO_puts(out, "\n"); (void) BIO_flush(out); ret = 0; err: ERR_print_errors(bio_err); if (out) BIO_free_all(out); return (ret); }
int MAIN(int argc, char **argv) { ENGINE *e = NULL; int ret=1; RSA *rsa=NULL; int i,badops=0, sgckey=0; const EVP_CIPHER *enc=NULL; BIO *out=NULL; int informat,outformat,text=0,check=0,noout=0; int pubin = 0, pubout = 0; char *infile,*outfile,*prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif int modulus=0; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; infile=NULL; outfile=NULL; informat=FORMAT_PEM; outformat=FORMAT_PEM; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; passargin= *(++argv); } else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; passargout= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (strcmp(*argv,"-sgckey") == 0) sgckey=1; else if (strcmp(*argv,"-pubin") == 0) pubin=1; else if (strcmp(*argv,"-pubout") == 0) pubout=1; else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-modulus") == 0) modulus=1; else if (strcmp(*argv,"-check") == 0) check=1; else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n"); BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -sgckey Use IIS SGC key format\n"); BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_SEED BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); #endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); BIO_printf(bio_err," -modulus print the RSA key modulus\n"); BIO_printf(bio_err," -check verify key consistency\n"); BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err," -pubout output a public key\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif goto end; } ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } if(check && pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; } out=BIO_new(BIO_s_file()); { EVP_PKEY *pkey; if (pubin) pkey = load_pubkey(bio_err, infile, (informat == FORMAT_NETSCAPE && sgckey ? FORMAT_IISSGC : informat), 1, passin, e, "Public Key"); else pkey = load_key(bio_err, infile, (informat == FORMAT_NETSCAPE && sgckey ? FORMAT_IISSGC : informat), 1, passin, e, "Private Key"); if (pkey != NULL) rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); } if (rsa == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } if (text) if (!RSA_print(out,rsa,0)) { perror(outfile); ERR_print_errors(bio_err); goto end; } if (modulus) { BIO_printf(out,"Modulus="); BN_print(out,rsa->n); BIO_printf(out,"\n"); } if (check) { int r = RSA_check_key(rsa); if (r == 1) BIO_printf(out,"RSA key ok\n"); else if (r == 0) { unsigned long err; while ((err = ERR_peek_error()) != 0 && ERR_GET_LIB(err) == ERR_LIB_RSA && ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) { BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); ERR_get_error(); /* remove e from error stack */ } } if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */ { ERR_print_errors(bio_err); goto end; } } if (noout) { ret = 0; goto end; } BIO_printf(bio_err,"writing RSA key\n"); if (outformat == FORMAT_ASN1) { if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa); else i=i2d_RSAPrivateKey_bio(out,rsa); } #ifndef OPENSSL_NO_RC4 else if (outformat == FORMAT_NETSCAPE) { unsigned char *p,*pp; int size; i=1; size=i2d_RSA_NET(rsa,NULL,NULL, sgckey); if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL) { BIO_printf(bio_err,"Memory allocation failure\n"); goto end; } pp=p; i2d_RSA_NET(rsa,&p,NULL, sgckey); BIO_write(out,(char *)pp,size); OPENSSL_free(pp); } #endif else if (outformat == FORMAT_PEM) { if(pubout || pubin) i=PEM_write_bio_RSA_PUBKEY(out,rsa); else i=PEM_write_bio_RSAPrivateKey(out,rsa, enc,NULL,0,NULL,passout); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write key\n"); ERR_print_errors(bio_err); } else ret=0; end: if(out != NULL) BIO_free_all(out); if(rsa != NULL) RSA_free(rsa); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { ENGINE *e = NULL; int ret = 1; DSA *dsa = NULL; int i, badops = 0; const EVP_CIPHER *enc = NULL; BIO *in = NULL, *out = NULL; int informat, outformat, text = 0, noout = 0; int pubin = 0, pubout = 0; char *infile, *outfile, *prog; char *engine; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus = 0; int pvk_encr = 2; apps_startup(); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; engine = NULL; infile = NULL; outfile = NULL; informat = FORMAT_PEM; outformat = FORMAT_PEM; prog = argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv, "-inform") == 0) { if (--argc < 1) goto bad; informat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) { if (--argc < 1) goto bad; outformat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (strcmp(*argv, "-passin") == 0) { if (--argc < 1) goto bad; passargin = *(++argv); } else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; passargout = *(++argv); } # ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } # endif else if (strcmp(*argv, "-pvk-strong") == 0) pvk_encr = 2; else if (strcmp(*argv, "-pvk-weak") == 0) pvk_encr = 1; else if (strcmp(*argv, "-pvk-none") == 0) pvk_encr = 0; else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-modulus") == 0) modulus = 1; else if (strcmp(*argv, "-pubin") == 0) pubin = 1; else if (strcmp(*argv, "-pubout") == 0) pubout = 1; else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, " -inform arg input format - DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -passin arg input file pass phrase source\n"); BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -passout arg output file pass phrase source\n"); # ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); # endif BIO_printf(bio_err, " -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err, " -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); # ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, " -idea encrypt PEM output with cbc idea\n"); # endif # ifndef OPENSSL_NO_AES BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); # endif # ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); # endif # ifndef OPENSSL_NO_SEED BIO_printf(bio_err, " -seed encrypt PEM output with cbc seed\n"); # endif BIO_printf(bio_err, " -text print the key in text\n"); BIO_printf(bio_err, " -noout don't print key out\n"); BIO_printf(bio_err, " -modulus print the DSA public value\n"); goto end; } ERR_load_crypto_strings(); e = setup_engine(bio_err, engine, 0); if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename(in, infile) <= 0) { perror(infile); goto end; } } BIO_printf(bio_err, "read DSA key\n"); { EVP_PKEY *pkey; if (pubin) pkey = load_pubkey(bio_err, infile, informat, 1, passin, e, "Public Key"); else pkey = load_key(bio_err, infile, informat, 1, passin, e, "Private Key"); if (pkey) { dsa = EVP_PKEY_get1_DSA(pkey); EVP_PKEY_free(pkey); } } if (dsa == NULL) { BIO_printf(bio_err, "unable to load Key\n"); ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); # ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } # endif } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; } } if (text) if (!DSA_print(out, dsa, 0)) { perror(outfile); ERR_print_errors(bio_err); goto end; } if (modulus) { fprintf(stdout, "Public Key="); BN_print(out, dsa->pub_key); fprintf(stdout, "\n"); } if (noout) goto end; BIO_printf(bio_err, "writing DSA key\n"); if (outformat == FORMAT_ASN1) { if (pubin || pubout) i = i2d_DSA_PUBKEY_bio(out, dsa); else i = i2d_DSAPrivateKey_bio(out, dsa); } else if (outformat == FORMAT_PEM) { if (pubin || pubout) i = PEM_write_bio_DSA_PUBKEY(out, dsa); else i = PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout); # if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); EVP_PKEY_set1_DSA(pk, dsa); if (outformat == FORMAT_PVK) i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); else if (pubin || pubout) i = i2b_PublicKey_bio(out, pk); else i = i2b_PrivateKey_bio(out, pk); EVP_PKEY_free(pk); # endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (i <= 0) { BIO_printf(bio_err, "unable to write private key\n"); ERR_print_errors(bio_err); } else ret = 0; end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); release_engine(e); if (passin) OPENSSL_free(passin); if (passout) OPENSSL_free(passout); apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; char *inrand=NULL,*dsaparams=NULL; char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; const EVP_CIPHER *enc=NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; argv++; argc--; for (;;) { if (argc <= 0) break; if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; passargout= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); } else if (strcmp(*argv,"-") == 0) goto bad; #ifndef OPENSSL_NO_DES else if (strcmp(*argv,"-des") == 0) enc=EVP_des_cbc(); else if (strcmp(*argv,"-des3") == 0) enc=EVP_des_ede3_cbc(); #endif #ifndef OPENSSL_NO_IDEA else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); #endif #ifndef OPENSSL_NO_AES else if (strcmp(*argv,"-aes128") == 0) enc=EVP_aes_128_cbc(); else if (strcmp(*argv,"-aes192") == 0) enc=EVP_aes_192_cbc(); else if (strcmp(*argv,"-aes256") == 0) enc=EVP_aes_256_cbc(); #endif else if (**argv != '-' && dsaparams == NULL) { dsaparams = *argv; } else goto bad; argv++; argc--; } if (dsaparams == NULL) { bad: BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n"); BIO_printf(bio_err," -out file - output the key to 'file'\n"); #ifndef OPENSSL_NO_DES BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); #endif #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); #endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); #endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," dsaparam-file\n"); BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n"); goto end; } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } in=BIO_new(BIO_s_file()); if (!(BIO_read_filename(in,dsaparams))) { perror(dsaparams); goto end; } if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) { BIO_printf(bio_err,"unable to load DSA parameter file\n"); goto end; } BIO_free(in); in = NULL; out=BIO_new(BIO_s_file()); if (out == NULL) goto end; if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); BIO_printf(bio_err,"Generating DSA key, %d bits\n", BN_num_bits(dsa->p)); if (!DSA_generate_key(dsa)) goto end; app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout)) goto end; ret=0; end: if (ret != 0) ERR_print_errors(bio_err); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); if(passout) OPENSSL_free(passout); apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { ENGINE *e = NULL; DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; char *outfile=NULL; char *inrand=NULL; char *engine=NULL; BIO *out=NULL; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; argv++; argc--; for (;;) { if (argc <= 0) break; if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-2") == 0) g=2; /* else if (strcmp(*argv,"-3") == 0) g=3; */ else if (strcmp(*argv,"-5") == 0) g=5; else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); } else break; argv++; argc--; } if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) { bad: BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); BIO_printf(bio_err," -out file - output the key to 'file\n"); BIO_printf(bio_err," -2 - use 2 as the generator value\n"); /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ BIO_printf(bio_err," -5 - use 5 as the generator value\n"); BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); goto end; } e = setup_engine(bio_err, engine, 0); out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); dh=DH_generate_parameters(num,g,dh_cb,bio_err); if (dh == NULL) goto end; app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DHparams(out,dh)) goto end; ret=0; end: if (ret != 0) ERR_print_errors(bio_err); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif int i, r, ret = 1; int badopt; char *outfile = NULL; char *inrand = NULL; int base64 = 0; BIO *out = NULL; int num = -1; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif apps_startup(); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto err; badopt = 0; i = 0; while (!badopt && argv[++i] != NULL) { if (strcmp(argv[i], "-out") == 0) { if ((argv[i+1] != NULL) && (outfile == NULL)) outfile = argv[++i]; else badopt = 1; } #ifndef OPENSSL_NO_ENGINE else if (strcmp(argv[i], "-engine") == 0) { if ((argv[i+1] != NULL) && (engine == NULL)) engine = argv[++i]; else badopt = 1; } #endif else if (strcmp(argv[i], "-rand") == 0) { if ((argv[i+1] != NULL) && (inrand == NULL)) inrand = argv[++i]; else badopt = 1; } else if (strcmp(argv[i], "-base64") == 0) { if (!base64) base64 = 1; else badopt = 1; } else if (isdigit((unsigned char)argv[i][0])) { if (num < 0) { r = sscanf(argv[i], "%d", &num); if (r == 0 || num < 0) badopt = 1; } else badopt = 1; } else badopt = 1; } if (num < 0) badopt = 1; if (badopt) { BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-out file - write to file\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); #endif BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-base64 - encode output\n"); goto err; } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); out = BIO_new(BIO_s_file()); if (out == NULL) goto err; if (outfile != NULL) r = BIO_write_filename(out, outfile); else { r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } if (r <= 0) goto err; if (base64) { BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) goto err; out = BIO_push(b64, out); } while (num > 0) { unsigned char buf[4096]; int chunk; chunk = num; if (chunk > (int)sizeof(buf)) chunk = sizeof buf; r = RAND_bytes(buf, chunk); if (r <= 0) goto err; BIO_write(out, buf, chunk); num -= chunk; } BIO_flush(out); app_RAND_write_file(NULL, bio_err); ret = 0; err: ERR_print_errors(bio_err); if (out) BIO_free_all(out); apps_shutdown(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; unsigned char *buff=NULL,*bufsize=NULL; int bsize=BSIZE,verbose=0; int ret=1,inl; int nopad = 0; unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH]; unsigned char salt[PKCS5_SALT_LEN]; char *str=NULL, *passarg = NULL, *pass = NULL; char *hkey=NULL,*hiv=NULL,*hsalt = NULL; char *md=NULL; int enc=1,printkey=0,i,base64=0; int debug=0,olb64=0,nosalt=0; const EVP_CIPHER *cipher=NULL,*c; EVP_CIPHER_CTX *ctx = NULL; char *inf=NULL,*outf=NULL; BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif const EVP_MD *dgst=NULL; int non_fips_allow = 0; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; /* first check the program name */ program_name(argv[0],pname,sizeof pname); if (strcmp(pname,"base64") == 0) base64=1; cipher=EVP_get_cipherbyname(pname); if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) { BIO_printf(bio_err,"%s is an unknown cipher\n",pname); goto bad; } argc--; argv++; while (argc >= 1) { if (strcmp(*argv,"-e") == 0) enc=1; else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; inf= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outf= *(++argv); } else if (strcmp(*argv,"-pass") == 0) { if (--argc < 1) goto bad; passarg= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (strcmp(*argv,"-d") == 0) enc=0; else if (strcmp(*argv,"-p") == 0) printkey=1; else if (strcmp(*argv,"-v") == 0) verbose=1; else if (strcmp(*argv,"-nopad") == 0) nopad=1; else if (strcmp(*argv,"-salt") == 0) nosalt=0; else if (strcmp(*argv,"-nosalt") == 0) nosalt=1; else if (strcmp(*argv,"-debug") == 0) debug=1; else if (strcmp(*argv,"-P") == 0) printkey=2; else if (strcmp(*argv,"-A") == 0) olb64=1; else if (strcmp(*argv,"-a") == 0) base64=1; else if (strcmp(*argv,"-base64") == 0) base64=1; else if (strcmp(*argv,"-bufsize") == 0) { if (--argc < 1) goto bad; bufsize=(unsigned char *)*(++argv); } else if (strcmp(*argv,"-k") == 0) { if (--argc < 1) goto bad; str= *(++argv); } else if (strcmp(*argv,"-kfile") == 0) { static char buf[128]; FILE *infile; char *file; if (--argc < 1) goto bad; file= *(++argv); infile=fopen(file,"r"); if (infile == NULL) { BIO_printf(bio_err,"unable to read key from '%s'\n", file); goto bad; } buf[0]='\0'; if (!fgets(buf,sizeof buf,infile)) { BIO_printf(bio_err,"unable to read key from '%s'\n", file); goto bad; } fclose(infile); i=strlen(buf); if ((i > 0) && ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) buf[--i]='\0'; if ((i > 0) && ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) buf[--i]='\0'; if (i < 1) { BIO_printf(bio_err,"zero length password\n"); goto bad; } str=buf; } else if (strcmp(*argv,"-K") == 0) { if (--argc < 1) goto bad; hkey= *(++argv); } else if (strcmp(*argv,"-S") == 0) { if (--argc < 1) goto bad; hsalt= *(++argv); } else if (strcmp(*argv,"-iv") == 0) { if (--argc < 1) goto bad; hiv= *(++argv); } else if (strcmp(*argv,"-md") == 0) { if (--argc < 1) goto bad; md= *(++argv); } else if (strcmp(*argv,"-non-fips-allow") == 0) non_fips_allow = 1; else if ((argv[0][0] == '-') && ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { cipher=c; } else if (strcmp(*argv,"-none") == 0) cipher=NULL; else { BIO_printf(bio_err,"unknown option '%s'\n",*argv); bad: BIO_printf(bio_err,"options are\n"); BIO_printf(bio_err,"%-14s input file\n","-in <file>"); BIO_printf(bio_err,"%-14s output file\n","-out <file>"); BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>"); BIO_printf(bio_err,"%-14s encrypt\n","-e"); BIO_printf(bio_err,"%-14s decrypt\n","-d"); BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64"); BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); #endif BIO_printf(bio_err,"Cipher Types\n"); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, bio_err); BIO_printf(bio_err,"\n"); goto end; } argc--; argv++; } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if (md && (dgst=EVP_get_digestbyname(md)) == NULL) { BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); goto end; } if (dgst == NULL) { if (in_FIPS_mode) dgst = EVP_sha1(); else dgst = EVP_md5(); } if (bufsize != NULL) { unsigned long n; for (n=0; *bufsize; bufsize++) { i= *bufsize; if ((i <= '9') && (i >= '0')) n=n*10+i-'0'; else if (i == 'k') { n*=1024; bufsize++; break; } } if (*bufsize != '\0') { BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); goto end; } /* It must be large enough for a base64 encoded line */ if (base64 && n < 80) n=80; bsize=(int)n; if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); } strbuf=OPENSSL_malloc(SIZE); buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize)); if ((buff == NULL) || (strbuf == NULL)) { BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize)); goto end; } in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (debug) { BIO_set_callback(in,BIO_debug_callback); BIO_set_callback(out,BIO_debug_callback); BIO_set_callback_arg(in,(char *)bio_err); BIO_set_callback_arg(out,(char *)bio_err); } if (inf == NULL) { if (bufsize != NULL) setvbuf(stdin, (char *)NULL, _IONBF, 0); BIO_set_fp(in,stdin,BIO_NOCLOSE); } else { if (BIO_read_filename(in,inf) <= 0) { perror(inf); goto end; } } if(!str && passarg) { if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } str = pass; } if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) { for (;;) { char buf[200]; BIO_snprintf(buf,sizeof buf,"enter %s %s password:"******"encryption":"decryption"); strbuf[0]='\0'; i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc); if (i == 0) { if (strbuf[0] == '\0') { ret=1; goto end; } str=strbuf; break; } if (i < 0) { BIO_printf(bio_err,"bad password read\n"); goto end; } } } if (outf == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); if (bufsize != NULL) setvbuf(stdout, (char *)NULL, _IONBF, 0); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outf) <= 0) { perror(outf); goto end; } } rbio=in; wbio=out; if (base64) { if ((b64=BIO_new(BIO_f_base64())) == NULL) goto end; if (debug) { BIO_set_callback(b64,BIO_debug_callback); BIO_set_callback_arg(b64,(char *)bio_err); } if (olb64) BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); if (enc) wbio=BIO_push(b64,wbio); else rbio=BIO_push(b64,rbio); } if (cipher != NULL) { /* Note that str is NULL if a key was passed on the command * line, so we get no salt in that case. Is this a bug? */ if (str != NULL) { /* Salt handling: if encrypting generate a salt and * write to output BIO. If decrypting read salt from * input BIO. */ unsigned char *sptr; if(nosalt) sptr = NULL; else { if(enc) { if(hsalt) { if(!set_hex(hsalt,salt,sizeof salt)) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) goto end; /* If -P option then don't bother writing */ if((printkey != 2) && (BIO_write(wbio,magic, sizeof magic-1) != sizeof magic-1 || BIO_write(wbio, (char *)salt, sizeof salt) != sizeof salt)) { BIO_printf(bio_err,"error writing output file\n"); goto end; } } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf || BIO_read(rbio, (unsigned char *)salt, sizeof salt) != sizeof salt) { BIO_printf(bio_err,"error reading input file\n"); goto end; } else if(memcmp(mbuf,magic,sizeof magic-1)) { BIO_printf(bio_err,"bad magic number\n"); goto end; } sptr = salt; } EVP_BytesToKey(cipher,dgst,sptr, (unsigned char *)str, strlen(str),1,key,iv); /* zero the complete buffer or the string * passed from the command line * bug picked up by * Larry J. Hughes Jr. <*****@*****.**> */ if (str == strbuf) OPENSSL_cleanse(str,SIZE); else OPENSSL_cleanse(str,strlen(str)); } if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) { BIO_printf(bio_err,"invalid hex iv value\n"); goto end; } if ((hiv == NULL) && (str == NULL) && EVP_CIPHER_iv_length(cipher) != 0) { /* No IV was explicitly set and no IV was generated * during EVP_BytesToKey. Hence the IV is undefined, * making correct decryption impossible. */ BIO_printf(bio_err, "iv undefined\n"); goto end; } if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) { BIO_printf(bio_err,"invalid hex key value\n"); goto end; } if ((benc=BIO_new(BIO_f_cipher())) == NULL) goto end; /* Since we may be changing parameters work on the encryption * context rather than calling BIO_set_cipher(). */ BIO_get_cipher_ctx(benc, &ctx); if (non_fips_allow) EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", EVP_CIPHER_name(cipher)); ERR_print_errors(bio_err); goto end; } if (nopad) EVP_CIPHER_CTX_set_padding(ctx, 0); if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", EVP_CIPHER_name(cipher)); ERR_print_errors(bio_err); goto end; } if (debug) { BIO_set_callback(benc,BIO_debug_callback); BIO_set_callback_arg(benc,(char *)bio_err); } if (printkey) { if (!nosalt) { printf("salt="); for (i=0; i<(int)sizeof(salt); i++) printf("%02X",salt[i]); printf("\n"); } if (cipher->key_len > 0) { printf("key="); for (i=0; i<cipher->key_len; i++) printf("%02X",key[i]); printf("\n"); } if (cipher->iv_len > 0) { printf("iv ="); for (i=0; i<cipher->iv_len; i++) printf("%02X",iv[i]); printf("\n"); } if (printkey == 2) { ret=0; goto end; } } } /* Only encrypt/decrypt as we write the file */ if (benc != NULL) wbio=BIO_push(benc,wbio); for (;;) { inl=BIO_read(rbio,(char *)buff,bsize); if (inl <= 0) break; if (BIO_write(wbio,(char *)buff,inl) != inl) { BIO_printf(bio_err,"error writing output file\n"); goto end; } } if (!BIO_flush(wbio)) { BIO_printf(bio_err,"bad decrypt\n"); goto end; } ret=0; if (verbose) { BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in)); BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out)); } end: ERR_print_errors(bio_err); if (strbuf != NULL) OPENSSL_free(strbuf); if (buff != NULL) OPENSSL_free(buff); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (benc != NULL) BIO_free(benc); if (b64 != NULL) BIO_free(b64); if(pass) OPENSSL_free(pass); apps_shutdown(); OPENSSL_EXIT(ret); }
int main(int argc, char **argv) { BIO* in=NULL; BIO* out=NULL; char *outfile = NULL; char *infile = NULL; int tabLength=100; char *binaryptr; char *mimetype; char *mimetypeaccept=NULL; char *contenttype; const char **pp; unsigned char *hostporturl = NULL; BIO *p12bio; char **args = argv + 1; unsigned char *serverurl; sslctxparm p; char *response; CURLcode res; struct curl_slist *headers=NULL; int badarg=0; binaryptr = malloc(tabLength); p.verbose = 0; p.errorbio = BIO_new_fp(stderr, BIO_NOCLOSE); curl_global_init(CURL_GLOBAL_DEFAULT); /* we need some more for the P12 decoding */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); while(*args && *args[0] == '-') { if(!strcmp (*args, "-in")) { if(args[1]) { infile=*(++args); } else badarg=1; } else if(!strcmp (*args, "-out")) { if(args[1]) { outfile=*(++args); } else badarg=1; } else if(!strcmp (*args, "-p12")) { if(args[1]) { p.p12file = *(++args); } else badarg=1; } else if(strcmp(*args, "-envpass") == 0) { if(args[1]) { p.pst = getenv(*(++args)); } else badarg=1; } else if(strcmp(*args, "-connect") == 0) { if(args[1]) { hostporturl = *(++args); } else badarg=1; } else if(strcmp(*args, "-mimetype") == 0) { if(args[1]) { mimetype = *(++args); } else badarg=1; } else if(strcmp(*args, "-acceptmime") == 0) { if(args[1]) { mimetypeaccept = *(++args); } else badarg=1; } else if(strcmp(*args, "-accesstype") == 0) { if(args[1]) { p.accesstype = OBJ_obj2nid(OBJ_txt2obj(*++args, 0)); if(p.accesstype == 0) badarg=1; } else badarg=1; } else if(strcmp(*args, "-verbose") == 0) { p.verbose++; } else badarg=1; args++; } if(mimetype==NULL || mimetypeaccept == NULL) badarg = 1; if(badarg) { for(pp=curlx_usage; (*pp != NULL); pp++) BIO_printf(p.errorbio, "%s\n", *pp); BIO_printf(p.errorbio, "\n"); goto err; } /* set input */ if((in=BIO_new(BIO_s_file())) == NULL) { BIO_printf(p.errorbio, "Error setting input bio\n"); goto err; } else if(infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE|BIO_FP_TEXT); else if(BIO_read_filename(in, infile) <= 0) { BIO_printf(p.errorbio, "Error opening input file %s\n", infile); BIO_free(in); goto err; } /* set output */ if((out=BIO_new(BIO_s_file())) == NULL) { BIO_printf(p.errorbio, "Error setting output bio.\n"); goto err; } else if(outfile == NULL) BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT); else if(BIO_write_filename(out, outfile) <= 0) { BIO_printf(p.errorbio, "Error opening output file %s\n", outfile); BIO_free(out); goto err; } p.errorbio = BIO_new_fp(stderr, BIO_NOCLOSE); p.curl = curl_easy_init(); if(!p.curl) { BIO_printf(p.errorbio, "Cannot init curl lib\n"); goto err; } p12bio = BIO_new_file(p.p12file, "rb"); if(!p12bio) { BIO_printf(p.errorbio, "Error opening P12 file %s\n", p.p12file); goto err; } p.p12 = d2i_PKCS12_bio(p12bio, NULL); if(!p.p12) { BIO_printf(p.errorbio, "Cannot decode P12 structure %s\n", p.p12file); goto err; } p.ca= NULL; if(!(PKCS12_parse (p.p12, p.pst, &(p.pkey), &(p.usercert), &(p.ca) ) )) { BIO_printf(p.errorbio, "Invalid P12 structure in %s\n", p.p12file); goto err; } if(sk_X509_num(p.ca) <= 0) { BIO_printf(p.errorbio, "No trustworthy CA given.%s\n", p.p12file); goto err; } if(p.verbose > 1) X509_print_ex(p.errorbio, p.usercert, 0, 0); /* determine URL to go */ if(hostporturl) { size_t len = strlen(hostporturl) + 9; serverurl = malloc(len); snprintf(serverurl, len, "https://%s", hostporturl); } else if(p.accesstype != 0) { /* see whether we can find an AIA or SIA for a given access type */ serverurl = my_get_ext(p.usercert, p.accesstype, NID_info_access); if(!serverurl) { int j=0; BIO_printf(p.errorbio, "no service URL in user cert " "cherching in others certificats\n"); for(j=0; j<sk_X509_num(p.ca); j++) { serverurl = my_get_ext(sk_X509_value(p.ca, j), p.accesstype, NID_info_access); if(serverurl) break; serverurl = my_get_ext(sk_X509_value(p.ca, j), p.accesstype, NID_sinfo_access); if(serverurl) break; } } } if(!serverurl) { BIO_printf(p.errorbio, "no service URL in certificats," " check '-accesstype (AD_DVCS | ad_timestamping)'" " or use '-connect'\n"); goto err; } if(p.verbose) BIO_printf(p.errorbio, "Service URL: <%s>\n", serverurl); curl_easy_setopt(p.curl, CURLOPT_URL, serverurl); /* Now specify the POST binary data */ curl_easy_setopt(p.curl, CURLOPT_POSTFIELDS, binaryptr); curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE, (long)tabLength); /* pass our list of custom made headers */ contenttype = malloc(15+strlen(mimetype)); snprintf(contenttype, 15+strlen(mimetype), "Content-type: %s", mimetype); headers = curl_slist_append(headers, contenttype); curl_easy_setopt(p.curl, CURLOPT_HTTPHEADER, headers); if(p.verbose) BIO_printf(p.errorbio, "Service URL: <%s>\n", serverurl); { FILE *outfp; BIO_get_fp(out, &outfp); curl_easy_setopt(p.curl, CURLOPT_WRITEDATA, outfp); } res = curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun); if(res != CURLE_OK) BIO_printf(p.errorbio, "%d %s=%d %d\n", __LINE__, "CURLOPT_SSL_CTX_FUNCTION", CURLOPT_SSL_CTX_FUNCTION, res); curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_DATA, &p); { int lu; int i=0; while((lu = BIO_read(in, &binaryptr[i], tabLength-i)) >0) { i+=lu; if(i== tabLength) { tabLength+=100; binaryptr=realloc(binaryptr, tabLength); /* should be more careful */ } } tabLength = i; } /* Now specify the POST binary data */ curl_easy_setopt(p.curl, CURLOPT_POSTFIELDS, binaryptr); curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE, (long)tabLength); /* Perform the request, res will get the return code */ BIO_printf(p.errorbio, "%d %s %d\n", __LINE__, "curl_easy_perform", res = curl_easy_perform(p.curl)); { int result =curl_easy_getinfo(p.curl, CURLINFO_CONTENT_TYPE, &response); if(mimetypeaccept && p.verbose) if(!strcmp(mimetypeaccept, response)) BIO_printf(p.errorbio, "the response has a correct mimetype : %s\n", response); else BIO_printf(p.errorbio, "the response doesn\'t have an acceptable " "mime type, it is %s instead of %s\n", response, mimetypeaccept); } /*** code d'erreur si accept mime ***, egalement code return HTTP != 200 ***/ /* free the header list*/ curl_slist_free_all(headers); /* always cleanup */ curl_easy_cleanup(p.curl); BIO_free(in); BIO_free(out); return (EXIT_SUCCESS); err: BIO_printf(p.errorbio, "error"); exit(1); }
int main(int argc, char *argv[]) { int c, poll = 0, reqversion = 0, rc = -1; char *cacertfile = NULL, *keyfile = NULL, *challenge = NULL, *savedrequestfile = NULL, *requestfile = NULL, *dn = NULL, *spkacfile = NULL, *endrequest = NULL; scep_t scep; BIO *repbio; char *url = "http://localhost/cgi-bin"; scepmsg_t *msg; unsigned char *checkNonce = NULL; /* initialize what you can */ scepinit(); scep_clear(&scep); /* we are a client */ scep.client = 1; /* parse command line */ while (EOF != (c = getopt(argc, argv, "dc:e:r:s:k:w:pu:2a:q:"))) switch (c) { case 'd': debug++; break; case 'e': endrequest = optarg; break; case 'c': cacertfile = optarg; break; case 's': savedrequestfile = optarg; case 'r': /* the request file will also contain the self */ /* signed certificate */ requestfile = optarg; break; case 'k': keyfile = optarg; break; case 'w': challenge = optarg; break; case 'p': poll = 1; break; case 'q': scep.community = optarg; break; case 'u': url = optarg; break; case '2': reqversion = 1; break; case 'a': spkacfile = optarg; break; } /* stop immediately if request or key is missing */ /* (even in the case of a version 2 proxied request, we need */ /* a request as the carrier of the proxy entities public key) */ if (keyfile == NULL) { BIO_printf(bio_err, "%s:%d: key file is required argument\n", __FILE__, __LINE__); goto err; } if (requestfile == NULL) { BIO_printf(bio_err, "%s:%d: request file is required " "argument\n", __FILE__, __LINE__); goto err; } /* we are preparing the request message */ msg = &scep.request; /* decode the URL */ if (parseurl(&scep, url) < 0) { BIO_printf(bio_err, "%s:%d: cannot parse url\n", __FILE__, __LINE__); goto err; } if (debug) BIO_printf(bio_err, "%s:%d: decoded URL %s|%d|%s\n", __FILE__, __LINE__, scep.h.httphost, scep.h.httpport, scep.h.httppath); /* read the client key and request information */ if (read_clientstuff(&scep, requestfile, keyfile) < 0) { BIO_printf(bio_err, "%s:%d: failed to read client stuff\n", __FILE__, __LINE__); goto err; } /* now we have to decide about the payload we want to have */ /* with our scep request: */ /* - for a version 1 request, this will always be the original */ /* certificate signing request */ /* - for a version 2 request, it will be a payload structure */ switch (reqversion) { case 0: /* for a version 1 client, client pubkey and client req */ /* coincide */ scep.requestorpubkey = scep.clientpubkey; scep.requestorreq = scep.clientreq; if (debug) BIO_printf(bio_err, "%s:%d: end request coincides " "with SCEP client\n", __FILE__, __LINE__); break; case 1: msg->rd.payload = payload_new(); rc = -1; if (spkacfile) { if (debug) BIO_printf(bio_err, "%s:%d: reading spki " "from %s\n", __FILE__, __LINE__, spkacfile); rc = read_requestorstuff(&scep, 1, spkacfile); } else if (endrequest) { if (debug) BIO_printf(bio_err, "%s:%d: reading X509 req " "from %s\n", __FILE__, __LINE__, endrequest); rc = read_requestorstuff(&scep, 0, endrequest); } if (rc < 0) { BIO_printf(bio_err, "%s:%d: could not read end " "request data\n", __FILE__, __LINE__); goto err; } if (debug) BIO_printf(bio_err, "%s:%d: end request read\n", __FILE__, __LINE__); break; } /* set the transaction id value */ scep.transId = key_fingerprint(scep.requestorpubkey); if (debug) BIO_printf(bio_err, "%s:%d: transaction ID is %s\n", __FILE__, __LINE__, scep.transId); /* read the CA certificate file */ if (read_castuff(&scep, cacertfile) < 0) { BIO_printf(bio_err, "%s:%d: read CA certificate info\n", __FILE__, __LINE__); } if (debug) BIO_printf(bio_err, "%s:%d: CA certificate read\n", __FILE__, __LINE__); /* for SPKI requests, there should be exactly one more argument */ /* namely the distinguished name */ if (spkacfile) { if ((argc - optind) != 1) { BIO_printf(bio_err, "%s:%d: DN argument needed\n", __FILE__, __LINE__); goto err; } dn = argv[optind]; if (debug) BIO_printf(bio_err, "%s:%d: DN argument is '%s'\n", __FILE__, __LINE__, dn); /* convert the DN into attributes and add them to the */ /* payload */ if (payload_dn_to_attrs(msg->rd.payload, dn) < 0) { BIO_printf(bio_err, "%s:%d: failed to add DN attrs\n", __FILE__, __LINE__); goto err; } } /* skip creation of a request message when polling */ if (poll) goto pollinginit; /* pack the request as a PKSCReq message, of type PKCSReq */ switch (reqversion) { case 0: msg->messageType = SCEP_MESSAGE_TYPE_PKCSREQ; msg->rd.req = scep.clientreq; break; case 1: /* build a version 2 payload */ if (debug) BIO_printf(bio_err, "%s:%d: building version 2 " "payload\n", __FILE__, __LINE__); if (scep.requestorreq) payload_set_req(msg->rd.payload, scep.requestorreq); if (scep.requestorspki) payload_set_spki(msg->rd.payload, scep.requestorspki); /* set the correct message type */ if (scep.community) { /* compute the authenticator from the original */ /* request and the community */ msg->messageType = SCEP_MESSAGE_TYPE_V2PROXY; } else { msg->messageType = SCEP_MESSAGE_TYPE_V2REQUEST; } break; } /* write the request to the request file, for later perusal */ if (savedrequestfile) { BIO *reqbio; reqbio = BIO_new(BIO_s_file()); BIO_write_filename(reqbio, savedrequestfile); switch (reqversion) { case 0: /* version 1 request has a X509_REQ payload */ PEM_write_bio_X509_REQ(reqbio, msg->rd.req); break; case 1: /* version 2 requests have a "real" payload */ i2d_payload_bio(reqbio, msg->rd.payload); break; } BIO_free(reqbio); } goto common; pollinginit: /* when polling, the request is a GetCertInitial message */ msg->messageType = SCEP_MESSAGE_TYPE_GETCERTINITIAL; /* the contents is the pair issuer and subject */ msg->rd.is = (issuer_and_subject_t *)malloc( sizeof(issuer_and_subject_t)); msg->rd.is->issuer = X509_get_subject_name(scep.cacert); msg->rd.is->subject = NULL; /* when polling we should read the request from request file */ /* (only needed for the distinguished name of the client) */ if (debug) BIO_printf(bio_err, "%s:%d: getting subject X509_NAME\n", __FILE__, __LINE__); switch (reqversion) { case 0: msg->rd.is->subject = X509_REQ_get_subject_name(scep.clientreq); break; case 1: if (scep.requestorreq) msg->rd.is->subject = X509_REQ_get_subject_name(scep.requestorreq); if (scep.requestorspki) { if (debug) BIO_printf(bio_err, "%s:%d: converting DN '%s' " "to X509_NAME\n", __FILE__, __LINE__, dn); msg->rd.is->subject = ldap_to_x509(dn); } break; } if (msg->rd.is->subject == NULL) { BIO_printf(bio_err, "%s:%d: no subject found\n", __FILE__, __LINE__); goto err; } if (debug) BIO_printf(bio_err, "%s:%d: issuer and subject found\n", __FILE__, __LINE__); common: /* create a self signed certificate for use with SCEP */ if (selfsigned(&scep) < 0) { BIO_printf(bio_err, "%s:%d: failed to create self signed " "certificate\n", __FILE__, __LINE__); goto err; } if (debug) BIO_printf(bio_err, "%s:%d: self signed certificate created\n", __FILE__, __LINE__); /* set the senderNonce */ scep.senderNonceLength = 16; scep.senderNonce = (unsigned char *)malloc(scep.senderNonceLength); RAND_bytes(scep.senderNonce, scep.senderNonceLength); if (debug) BIO_printf(bio_err, "%s:%d: senderNonce set\n", __FILE__, __LINE__); checkNonce = scep.senderNonce; /* all messages sent from the client are base 64 encoded */ msg->base64 = 1; /* encode */ if (encode(&scep) < 0) { BIO_printf(bio_err, "%s:%d: encoding the request failed\n", __FILE__, __LINE__); goto err; } if (debug) BIO_printf(bio_err, "%s:%d: encoded bytes: %d\n", __FILE__, __LINE__, scep.request.length); /* send the request to the server, read the reply */ repbio = getrequest(&scep); if (repbio == NULL) { BIO_printf(bio_err, "%s:%d: failed to read correct reply\n", __FILE__, __LINE__); goto err; } /* analyze the reply */ if (decode(&scep, repbio) < 0) { BIO_printf(bio_err, "%s:%d: decoding the reply failed\n", __FILE__, __LINE__); goto err; } /* display some information about the reply */ printf("transaction id: %s\n", scep.transId); printf("PKIstatus: %s\n", (scep.reply.pkiStatus) ? scep.reply.pkiStatus : "(null)"); printf("reply message type: %s\n", scep.reply.messageType); if (scep.reply.failinfo) { printf("failinfo: %s\n", scep.reply.failinfo); } /* make sure we get a CertRep message back */ if (strcmp(scep.reply.messageType, SCEP_MESSAGE_TYPE_CERTREP)) { BIO_printf(bio_err, "%s:%d: only CertRep message acceptable " " in response to PKCSReq/GetCertInitial\n", __FILE__, __LINE__); goto err; } /* check for the Nonces */ if (memcmp(checkNonce, scep.recipientNonce, 16)) { BIO_printf(bio_err, "%s:%d: recipientNonce != sent " "senderNonce\n", __FILE__, __LINE__); goto err; } if (debug) BIO_printf(bio_err, "%s:%d: Nonce check OK\n", __FILE__, __LINE__); if (scep.reply.pkiStatus == NULL) { BIO_printf(bio_err, "no pkiStatus returned\n"); exit(1); } switch (atoi(scep.reply.pkiStatus)) { case PKI_SUCCESS: /* Success */ scep.clientcert = extract_cert(&scep); if (debug) BIO_printf(bio_err, "%s:%d: certificate returned %p\n", __FILE__, __LINE__, scep.clientcert); if (scep.clientcert) { BIO *cb; cb = BIO_new(BIO_s_file()); BIO_set_fp(cb, stdout, BIO_NOCLOSE); PEM_write_bio_X509(cb, scep.clientcert); BIO_free(cb); } exit(EXIT_SUCCESS); break; case PKI_FAILURE: /* Failure */ if (debug) BIO_printf(bio_err, "%s:%d: request failed: %s\n", __FILE__, __LINE__, scep.reply.failinfo); exit(1); break; case PKI_PENDING: /* Pending */ if (debug) BIO_printf(bio_err, "%s:%d: request still pending\n", __FILE__, __LINE__); exit(2); break; } /* error return */ err: ERR_print_errors(bio_err); exit(EXIT_FAILURE); }
int MAIN(int argc, char **argv) { X509_CRL *x=NULL; char *CAfile = NULL, *CApath = NULL; int ret=1,i,num,badops=0; BIO *out=NULL; int informat,outformat; char *infile=NULL,*outfile=NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; int fingerprint = 0; char **pp,buf[256]; X509_STORE *store = NULL; X509_STORE_CTX ctx; X509_LOOKUP *lookup = NULL; X509_OBJECT xobj; EVP_PKEY *pkey; int do_ver = 0; const EVP_MD *md_alg,*digest=EVP_md5(); apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (bio_out == NULL) if ((bio_out=BIO_new(BIO_s_file())) != NULL) { BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); bio_out = BIO_push(tmpbio, bio_out); } #endif } informat=FORMAT_PEM; outformat=FORMAT_PEM; argc--; argv++; num=0; while (argc >= 1) { #ifdef undef if (strcmp(*argv,"-p") == 0) { if (--argc < 1) goto bad; if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ } #endif if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-CApath") == 0) { if (--argc < 1) goto bad; CApath = *(++argv); do_ver = 1; } else if (strcmp(*argv,"-CAfile") == 0) { if (--argc < 1) goto bad; CAfile = *(++argv); do_ver = 1; } else if (strcmp(*argv,"-verify") == 0) do_ver = 1; else if (strcmp(*argv,"-text") == 0) text = 1; else if (strcmp(*argv,"-hash") == 0) hash= ++num; else if (strcmp(*argv,"-issuer") == 0) issuer= ++num; else if (strcmp(*argv,"-lastupdate") == 0) lastupdate= ++num; else if (strcmp(*argv,"-nextupdate") == 0) nextupdate= ++num; else if (strcmp(*argv,"-noout") == 0) noout= ++num; else if (strcmp(*argv,"-fingerprint") == 0) fingerprint= ++num; else if ((md_alg=EVP_get_digestbyname(*argv + 1))) { /* ok */ digest=md_alg; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: for (pp=crl_usage; (*pp != NULL); pp++) BIO_printf(bio_err,*pp); goto end; } ERR_load_crypto_strings(); x=load_crl(infile,informat); if (x == NULL) { goto end; } if(do_ver) { store = X509_STORE_new(); lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); if (lookup == NULL) goto end; if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); if (lookup == NULL) goto end; if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); ERR_clear_error(); X509_STORE_CTX_init(&ctx, store, NULL, NULL); i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, X509_CRL_get_issuer(x), &xobj); if(i <= 0) { BIO_printf(bio_err, "Error getting CRL issuer certificate\n"); goto end; } pkey = X509_get_pubkey(xobj.data.x509); X509_OBJECT_free_contents(&xobj); if(!pkey) { BIO_printf(bio_err, "Error getting CRL issuer public key\n"); goto end; } i = X509_CRL_verify(x, pkey); EVP_PKEY_free(pkey); if(i < 0) goto end; if(i == 0) BIO_printf(bio_err, "verify failure\n"); else BIO_printf(bio_err, "verify OK\n"); } if (num) { for (i=1; i<=num; i++) { if (issuer == i) { X509_NAME_oneline(X509_CRL_get_issuer(x), buf,256); BIO_printf(bio_out,"issuer= %s\n",buf); } if (hash == i) { BIO_printf(bio_out,"%08lx\n", X509_NAME_hash(X509_CRL_get_issuer(x))); } if (lastupdate == i) { BIO_printf(bio_out,"lastUpdate="); ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x)); BIO_printf(bio_out,"\n"); } if (nextupdate == i) { BIO_printf(bio_out,"nextUpdate="); if (X509_CRL_get_nextUpdate(x)) ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x)); else BIO_printf(bio_out,"NONE"); BIO_printf(bio_out,"\n"); } if (fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; if (!X509_CRL_digest(x,digest,md,&n)) { BIO_printf(bio_err,"out of memory\n"); goto end; } BIO_printf(bio_out,"%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(digest))); for (j=0; j<(int)n; j++) { BIO_printf(bio_out,"%02X%c",md[j], (j+1 == (int)n) ?'\n':':'); } } } } out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } if (text) X509_CRL_print(out, x); if (noout) goto end; if (outformat == FORMAT_ASN1) i=(int)i2d_X509_CRL_bio(out,x); else if (outformat == FORMAT_PEM) i=PEM_write_bio_X509_CRL(out,x); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } ret=0; end: BIO_free_all(out); BIO_free_all(bio_out); bio_out=NULL; X509_CRL_free(x); if(store) { X509_STORE_CTX_cleanup(&ctx); X509_STORE_free(store); } EXIT(ret); }
int dsaparam_main(int argc, char **argv) { DSA *dsa = NULL; int i, badops = 0, text = 0; BIO *in = NULL, *out = NULL; int informat, outformat, noout = 0, C = 0, ret = 1; char *infile, *outfile, *prog; int numbits = -1, num, genkey = 0; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif #ifdef GENCB_TEST const char *errstr = NULL; int timebomb = 0; #endif if (!load_config(bio_err, NULL)) goto end; infile = NULL; outfile = NULL; informat = FORMAT_PEM; outformat = FORMAT_PEM; prog = argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv, "-inform") == 0) { if (--argc < 1) goto bad; informat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-outform") == 0) { if (--argc < 1) goto bad; outformat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } #endif #ifdef GENCB_TEST else if (strcmp(*argv, "-timebomb") == 0) { if (--argc < 1) goto bad; timebomb = strtonum(*(++argv), 0, INT_MAX, &errstr); if (errstr) goto bad; } #endif else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-C") == 0) C = 1; else if (strcmp(*argv, "-genkey") == 0) { genkey = 1; } else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (sscanf(*argv, "%d", &num) == 1) { /* generate a key */ numbits = num; } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err, "%s [options] [bits] <infile >outfile\n", prog); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, " -inform arg input format - DER or PEM\n"); BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -out arg output file\n"); BIO_printf(bio_err, " -text print as text\n"); BIO_printf(bio_err, " -C Output C code\n"); BIO_printf(bio_err, " -noout no output\n"); BIO_printf(bio_err, " -genkey generate a DSA key\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); #endif #ifdef GENCB_TEST BIO_printf(bio_err, " -timebomb n interrupt keygen after <n> seconds\n"); #endif BIO_printf(bio_err, " number number of bits to use for generating private key\n"); goto end; } ERR_load_crypto_strings(); in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename(in, infile) <= 0) { perror(infile); goto end; } } if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto end; } } #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif if (numbits > 0) { BN_GENCB cb; BN_GENCB_set(&cb, dsa_cb, bio_err); dsa = DSA_new(); if (!dsa) { BIO_printf(bio_err, "Error allocating DSA object\n"); goto end; } BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); BIO_printf(bio_err, "This could take some time\n"); #ifdef GENCB_TEST if (timebomb > 0) { struct sigaction act; act.sa_handler = timebomb_sigalarm; act.sa_flags = 0; BIO_printf(bio_err, "(though I'll stop it if not done within %d secs)\n", timebomb); if (sigaction(SIGALRM, &act, NULL) != 0) { BIO_printf(bio_err, "Error, couldn't set SIGALRM handler\n"); goto end; } alarm(timebomb); } #endif if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, &cb)) { #ifdef GENCB_TEST if (stop_keygen_flag) { BIO_printf(bio_err, "DSA key generation time-stopped\n"); /* This is an asked-for behaviour! */ ret = 0; goto end; } #endif ERR_print_errors(bio_err); BIO_printf(bio_err, "Error, DSA key generation failed\n"); goto end; } } else if (informat == FORMAT_ASN1) dsa = d2i_DSAparams_bio(in, NULL); else if (informat == FORMAT_PEM) dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); else { BIO_printf(bio_err, "bad input format specified\n"); goto end; } if (dsa == NULL) { BIO_printf(bio_err, "unable to load DSA parameters\n"); ERR_print_errors(bio_err); goto end; } if (text) { DSAparams_print(out, dsa); } if (C) { unsigned char *data; int l, len, bits_p; len = BN_num_bytes(dsa->p); bits_p = BN_num_bits(dsa->p); data = malloc(len + 20); if (data == NULL) { perror("malloc"); goto end; } l = BN_bn2bin(dsa->p, data); printf("static unsigned char dsa%d_p[] = {", bits_p); for (i = 0; i < l; i++) { if ((i % 12) == 0) printf("\n\t"); printf("0x%02X, ", data[i]); } printf("\n\t};\n"); l = BN_bn2bin(dsa->q, data); printf("static unsigned char dsa%d_q[] = {", bits_p); for (i = 0; i < l; i++) { if ((i % 12) == 0) printf("\n\t"); printf("0x%02X, ", data[i]); } printf("\n\t};\n"); l = BN_bn2bin(dsa->g, data); printf("static unsigned char dsa%d_g[] = {", bits_p); for (i = 0; i < l; i++) { if ((i % 12) == 0) printf("\n\t"); printf("0x%02X, ", data[i]); } free(data); printf("\n\t};\n\n"); printf("DSA *get_dsa%d()\n\t{\n", bits_p); printf("\tDSA *dsa;\n\n"); printf("\tif ((dsa = DSA_new()) == NULL) return(NULL);\n"); printf("\tdsa->p = BN_bin2bn(dsa%d_p, sizeof(dsa%d_p), NULL);\n", bits_p, bits_p); printf("\tdsa->q = BN_bin2bn(dsa%d_q, sizeof(dsa%d_q), NULL);\n", bits_p, bits_p); printf("\tdsa->g = BN_bin2bn(dsa%d_g, sizeof(dsa%d_g), NULL);\n", bits_p, bits_p); printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); printf("\t\t{ DSA_free(dsa); return(NULL); }\n"); printf("\treturn(dsa);\n\t}\n"); } if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_DSAparams_bio(out, dsa); else if (outformat == FORMAT_PEM) i = PEM_write_bio_DSAparams(out, dsa); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write DSA parameters\n"); ERR_print_errors(bio_err); goto end; } } if (genkey) { DSA *dsakey; if ((dsakey = DSAparams_dup(dsa)) == NULL) goto end; if (!DSA_generate_key(dsakey)) { ERR_print_errors(bio_err); DSA_free(dsakey); goto end; } if (outformat == FORMAT_ASN1) i = i2d_DSAPrivateKey_bio(out, dsakey); else if (outformat == FORMAT_PEM) i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL, NULL); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); DSA_free(dsakey); goto end; } DSA_free(dsakey); } ret = 0; end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); return (ret); }
int dhparam_main(int argc, char **argv) { BIO *in = NULL, *out = NULL; char *num_bits = NULL; DH *dh = NULL; int num = 0; int ret = 1; int i; if (single_execution) { if (pledge("stdio rpath wpath cpath", NULL) == -1) { perror("pledge"); exit(1); } } memset(&dhparam_config, 0, sizeof(dhparam_config)); dhparam_config.informat = FORMAT_PEM; dhparam_config.outformat = FORMAT_PEM; if (options_parse(argc, argv, dhparam_options, &num_bits, NULL) != 0) { dhparam_usage(); return (1); } if (num_bits != NULL) { if(sscanf(num_bits, "%d", &num) == 0 || num <= 0) { BIO_printf(bio_err, "invalid number of bits: %s\n", num_bits); return (1); } } if (dhparam_config.g && !num) num = DEFBITS; if (dhparam_config.dsaparam) { if (dhparam_config.g) { BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); goto end; } } else { /* DH parameters */ if (num && !dhparam_config.g) dhparam_config.g = 2; } if (num) { BN_GENCB cb; BN_GENCB_set(&cb, dh_cb, bio_err); if (dhparam_config.dsaparam) { DSA *dsa = DSA_new(); BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); if (!dsa || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, &cb)) { if (dsa) DSA_free(dsa); ERR_print_errors(bio_err); goto end; } dh = DSA_dup_DH(dsa); DSA_free(dsa); if (dh == NULL) { ERR_print_errors(bio_err); goto end; } } else { dh = DH_new(); BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, dhparam_config.g); BIO_printf(bio_err, "This is going to take a long time\n"); if (!dh || !DH_generate_parameters_ex(dh, num, dhparam_config.g, &cb)) { ERR_print_errors(bio_err); goto end; } } } else { in = BIO_new(BIO_s_file()); if (in == NULL) { ERR_print_errors(bio_err); goto end; } if (dhparam_config.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename(in, dhparam_config.infile) <= 0) { perror(dhparam_config.infile); goto end; } } if (dhparam_config.informat != FORMAT_ASN1 && dhparam_config.informat != FORMAT_PEM) { BIO_printf(bio_err, "bad input format specified\n"); goto end; } if (dhparam_config.dsaparam) { DSA *dsa; if (dhparam_config.informat == FORMAT_ASN1) dsa = d2i_DSAparams_bio(in, NULL); else /* informat == FORMAT_PEM */ dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); if (dsa == NULL) { BIO_printf(bio_err, "unable to load DSA parameters\n"); ERR_print_errors(bio_err); goto end; } dh = DSA_dup_DH(dsa); DSA_free(dsa); if (dh == NULL) { ERR_print_errors(bio_err); goto end; } } else { if (dhparam_config.informat == FORMAT_ASN1) dh = d2i_DHparams_bio(in, NULL); else /* informat == FORMAT_PEM */ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); if (dh == NULL) { BIO_printf(bio_err, "unable to load DH parameters\n"); ERR_print_errors(bio_err); goto end; } } /* dh != NULL */ } out = BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (dhparam_config.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, dhparam_config.outfile) <= 0) { perror(dhparam_config.outfile); goto end; } } if (dhparam_config.text) { DHparams_print(out, dh); } if (dhparam_config.check) { if (!DH_check(dh, &i)) { ERR_print_errors(bio_err); goto end; } if (i & DH_CHECK_P_NOT_PRIME) printf("p value is not prime\n"); if (i & DH_CHECK_P_NOT_SAFE_PRIME) printf("p value is not a safe prime\n"); if (i & DH_UNABLE_TO_CHECK_GENERATOR) printf("unable to check the generator value\n"); if (i & DH_NOT_SUITABLE_GENERATOR) printf("the g value is not a generator\n"); if (i == 0) printf("DH parameters appear to be ok.\n"); } if (dhparam_config.C) { unsigned char *data; int len, l, bits; len = BN_num_bytes(dh->p); bits = BN_num_bits(dh->p); data = malloc(len); if (data == NULL) { perror("malloc"); goto end; } printf("#ifndef HEADER_DH_H\n" "#include <openssl/dh.h>\n" "#endif\n"); printf("DH *get_dh%d()\n\t{\n", bits); l = BN_bn2bin(dh->p, data); printf("\tstatic unsigned char dh%d_p[] = {", bits); for (i = 0; i < l; i++) { if ((i % 12) == 0) printf("\n\t\t"); printf("0x%02X, ", data[i]); } printf("\n\t\t};\n"); l = BN_bn2bin(dh->g, data); printf("\tstatic unsigned char dh%d_g[] = {", bits); for (i = 0; i < l; i++) { if ((i % 12) == 0) printf("\n\t\t"); printf("0x%02X, ", data[i]); } printf("\n\t\t};\n"); printf("\tDH *dh;\n\n"); printf("\tif ((dh = DH_new()) == NULL) return(NULL);\n"); printf("\tdh->p = BN_bin2bn(dh%d_p, sizeof(dh%d_p), NULL);\n", bits, bits); printf("\tdh->g = BN_bin2bn(dh%d_g, sizeof(dh%d_g), NULL);\n", bits, bits); printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n"); printf("\t\t{ DH_free(dh); return(NULL); }\n"); if (dh->length) printf("\tdh->length = %ld;\n", dh->length); printf("\treturn(dh);\n\t}\n"); free(data); } if (!dhparam_config.noout) { if (dhparam_config.outformat == FORMAT_ASN1) i = i2d_DHparams_bio(out, dh); else if (dhparam_config.outformat == FORMAT_PEM) i = PEM_write_bio_DHparams(out, dh); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write DH parameters\n"); ERR_print_errors(bio_err); goto end; } } ret = 0; end: BIO_free(in); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); return (ret); }
int MAIN(int argc, char **argv) { SSL_SESSION *x=NULL; X509 *peer = NULL; int ret=1,i,num,badops=0; BIO *out=NULL; int informat,outformat; char *infile=NULL,*outfile=NULL,*context=NULL; int cert=0,noout=0,text=0; const char **pp; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); informat=FORMAT_PEM; outformat=FORMAT_PEM; argc--; argv++; num=0; while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-text") == 0) text= ++num; else if (strcmp(*argv,"-cert") == 0) cert= ++num; else if (strcmp(*argv,"-noout") == 0) noout= ++num; else if (strcmp(*argv,"-context") == 0) { if(--argc < 1) goto bad; context=*++argv; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: for (pp=sess_id_usage; (*pp != NULL); pp++) BIO_printf(bio_err,"%s",*pp); goto end; } ERR_load_crypto_strings(); x=load_sess_id(infile,informat); if (x == NULL) { goto end; } peer = SSL_SESSION_get0_peer(x); if(context) { size_t ctx_len = strlen(context); if(ctx_len > SSL_MAX_SID_CTX_LENGTH) { BIO_printf(bio_err,"Context too long\n"); goto end; } SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len); } #ifdef undef /* just testing for memory leaks :-) */ { SSL_SESSION *s; char buf[1024*10],*p; int i; s=SSL_SESSION_new(); p= &buf; i=i2d_SSL_SESSION(x,&p); p= &buf; d2i_SSL_SESSION(&s,&p,(long)i); p= &buf; d2i_SSL_SESSION(&s,&p,(long)i); p= &buf; d2i_SSL_SESSION(&s,&p,(long)i); SSL_SESSION_free(s); } #endif if (!noout || text) { out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } } if (text) { SSL_SESSION_print(out,x); if (cert) { if (peer == NULL) BIO_puts(out,"No certificate present\n"); else X509_print(out,peer); } } if (!noout && !cert) { if (outformat == FORMAT_ASN1) i=i2d_SSL_SESSION_bio(out,x); else if (outformat == FORMAT_PEM) i=PEM_write_bio_SSL_SESSION(out,x); else if (outformat == FORMAT_NSS) i=SSL_SESSION_print_keylog(out,x); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write SSL_SESSION\n"); goto end; } } else if (!noout && (peer != NULL)) /* just print the certificate */ { if (outformat == FORMAT_ASN1) i=(int)i2d_X509_bio(out,peer); else if (outformat == FORMAT_PEM) i=PEM_write_bio_X509(out,peer); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write X509\n"); goto end; } } ret=0; end: if (out != NULL) BIO_free_all(out); if (x != NULL) SSL_SESSION_free(x); apps_shutdown(); OPENSSL_EXIT(ret); }
int main(int argc, char *argv[]) { BN_CTX *ctx; BIO *out; char *outfile=NULL; results = 0; argc--; argv++; while (argc >= 1) { if (strcmp(*argv,"-results") == 0) results=1; else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) break; outfile= *(++argv); } argc--; argv++; } ctx=BN_CTX_new(); if (ctx == NULL) exit(1); out=BIO_new(BIO_s_file()); if (out == NULL) exit(1); if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); } else { if (!BIO_write_filename(out,outfile)) { perror(outfile); exit(1); } } if (!results) BIO_puts(out,"obase=16\nibase=16\n"); message(out,"BN_add"); if (!test_add(out)) goto err; (void)BIO_flush(out); message(out,"BN_sub"); if (!test_sub(out)) goto err; (void)BIO_flush(out); message(out,"BN_lshift1"); if (!test_lshift1(out)) goto err; (void)BIO_flush(out); message(out,"BN_lshift (fixed)"); if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL))) goto err; (void)BIO_flush(out); message(out,"BN_lshift"); if (!test_lshift(out,ctx,NULL)) goto err; (void)BIO_flush(out); message(out,"BN_rshift1"); if (!test_rshift1(out)) goto err; (void)BIO_flush(out); message(out,"BN_rshift"); if (!test_rshift(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_sqr"); if (!test_sqr(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_mul"); if (!test_mul(out)) goto err; (void)BIO_flush(out); message(out,"BN_div"); if (!test_div(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_div_word"); if (!test_div_word(out)) goto err; (void)BIO_flush(out); message(out,"BN_div_recp"); if (!test_div_recp(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_mod"); if (!test_mod(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_mod_mul"); if (!test_mod_mul(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_mont"); if (!test_mont(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_mod_exp"); if (!test_mod_exp(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_mod_exp_mont_consttime"); if (!test_mod_exp_mont_consttime(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_exp"); if (!test_exp(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_kronecker"); if (!test_kron(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_mod_sqrt"); if (!test_sqrt(out,ctx)) goto err; (void)BIO_flush(out); #ifndef OPENSSL_NO_EC2M message(out,"BN_GF2m_add"); if (!test_gf2m_add(out)) goto err; (void)BIO_flush(out); message(out,"BN_GF2m_mod"); if (!test_gf2m_mod(out)) goto err; (void)BIO_flush(out); message(out,"BN_GF2m_mod_mul"); if (!test_gf2m_mod_mul(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_GF2m_mod_sqr"); if (!test_gf2m_mod_sqr(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_GF2m_mod_inv"); if (!test_gf2m_mod_inv(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_GF2m_mod_div"); if (!test_gf2m_mod_div(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_GF2m_mod_exp"); if (!test_gf2m_mod_exp(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_GF2m_mod_sqrt"); if (!test_gf2m_mod_sqrt(out,ctx)) goto err; (void)BIO_flush(out); message(out,"BN_GF2m_mod_solve_quad"); if (!test_gf2m_mod_solve_quad(out,ctx)) goto err; (void)BIO_flush(out); #endif BN_CTX_free(ctx); BIO_free(out); /**/ exit(0); err: BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices * the failure, see test_bn in test/Makefile.ssl*/ (void)BIO_flush(out); ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); exit(1); }
int pkcs7_main(int argc, char **argv) { PKCS7 *p7 = NULL; BIO *in = NULL, *out = NULL; int ret = 1; int i; memset(&pkcs7_config, 0, sizeof(pkcs7_config)); pkcs7_config.informat = FORMAT_PEM; pkcs7_config.outformat = FORMAT_PEM; if (options_parse(argc, argv, pkcs7_options, NULL, NULL) != 0) { pkcs7_usage(); goto end; } #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, pkcs7_config.engine, 0); #endif in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (pkcs7_config.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename(in, pkcs7_config.infile) <= 0) { perror(pkcs7_config.infile); goto end; } } if (pkcs7_config.informat == FORMAT_ASN1) p7 = d2i_PKCS7_bio(in, NULL); else if (pkcs7_config.informat == FORMAT_PEM) p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); else { BIO_printf(bio_err, "bad input format specified for pkcs7 object\n"); goto end; } if (p7 == NULL) { BIO_printf(bio_err, "unable to load PKCS7 object\n"); ERR_print_errors(bio_err); goto end; } if (pkcs7_config.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, pkcs7_config.outfile) <= 0) { perror(pkcs7_config.outfile); goto end; } } if (pkcs7_config.p7_print) PKCS7_print_ctx(out, p7, 0, NULL); if (pkcs7_config.print_certs) { STACK_OF(X509) * certs = NULL; STACK_OF(X509_CRL) * crls = NULL; i = OBJ_obj2nid(p7->type); switch (i) { case NID_pkcs7_signed: certs = p7->d.sign->cert; crls = p7->d.sign->crl; break; case NID_pkcs7_signedAndEnveloped: certs = p7->d.signed_and_enveloped->cert; crls = p7->d.signed_and_enveloped->crl; break; default: break; } if (certs != NULL) { X509 *x; for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); if (pkcs7_config.text) X509_print(out, x); else dump_cert_text(out, x); if (!pkcs7_config.noout) PEM_write_bio_X509(out, x); BIO_puts(out, "\n"); } } if (crls != NULL) { X509_CRL *crl; for (i = 0; i < sk_X509_CRL_num(crls); i++) { crl = sk_X509_CRL_value(crls, i); X509_CRL_print(out, crl); if (!pkcs7_config.noout) PEM_write_bio_X509_CRL(out, crl); BIO_puts(out, "\n"); } } ret = 0; goto end; } if (!pkcs7_config.noout) { if (pkcs7_config.outformat == FORMAT_ASN1) i = i2d_PKCS7_bio(out, p7); else if (pkcs7_config.outformat == FORMAT_PEM) i = PEM_write_bio_PKCS7(out, p7); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write pkcs7 object\n"); ERR_print_errors(bio_err); goto end; } } ret = 0; end: if (p7 != NULL) PKCS7_free(p7); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); return (ret); }