ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.0f

Browse Source
This commit is contained in:
Steve Dower
2017-09-07 16:27:43 -07:00
committed by Steve Dower
parent ccd3ab4aff
commit f4b81cb7c9
3340 changed files with 325158 additions and 557542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
demos/asn1/README.ASN1
View File

@@ -1,7 +0,0 @@
This is a demo of the new ASN1 code. Its an OCSP ASN1 module. Doesn't
do much yet other than demonstrate what the new ASN1 modules might look
like.
It wont even compile yet: the new code isn't in place.

361
demos/asn1/ocsp.c
View File

@@ -1,361 +0,0 @@
/* ocsp.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
/*-
Example of new ASN1 code, OCSP request
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL }
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
Signature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
Version ::= INTEGER { v1(0) }
Request ::= SEQUENCE {
reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
OCSPResponseStatus ::= ENUMERATED {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
ResponseBytes ::= SEQUENCE {
responseType OBJECT IDENTIFIER,
response OCTET STRING }
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
ResponseData ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
ResponderID ::= CHOICE {
byName [1] Name, --EXPLICIT
byKey [2] KeyHash }
KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
--(excluding the tag and length fields)
SingleResponse ::= SEQUENCE {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
UnknownInfo ::= NULL -- this can be replaced with an enumeration
ArchiveCutoff ::= GeneralizedTime
AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
ServiceLocator ::= SEQUENCE {
issuer Name,
locator AuthorityInfoAccessSyntax }
-- Object Identifiers
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
*/
/* Request Structures */
DECLARE_STACK_OF(Request)
typedef struct {
ASN1_INTEGER *version;
GENERAL_NAME *requestorName;
STACK_OF(Request) *requestList;
STACK_OF(X509_EXTENSION) *requestExtensions;
} TBSRequest;
typedef struct {
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} Signature;
typedef struct {
TBSRequest *tbsRequest;
Signature *optionalSignature;
} OCSPRequest;
typedef struct {
X509_ALGOR *hashAlgorithm;
ASN1_OCTET_STRING *issuerNameHash;
ASN1_OCTET_STRING *issuerKeyHash;
ASN1_INTEGER *certificateSerialNumber;
} CertID;
typedef struct {
CertID *reqCert;
STACK_OF(X509_EXTENSION) *singleRequestExtensions;
} Request;
/* Response structures */
typedef struct {
ASN1_OBJECT *responseType;
ASN1_OCTET_STRING *response;
} ResponseBytes;
typedef struct {
ASN1_ENUMERATED *responseStatus;
ResponseBytes *responseBytes;
} OCSPResponse;
typedef struct {
int type;
union {
X509_NAME *byName;
ASN1_OCTET_STRING *byKey;
} d;
} ResponderID;
typedef struct {
ASN1_INTEGER *version;
ResponderID *responderID;
ASN1_GENERALIZEDTIME *producedAt;
STACK_OF(SingleResponse) *responses;
STACK_OF(X509_EXTENSION) *responseExtensions;
} ResponseData;
typedef struct {
ResponseData *tbsResponseData;
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} BasicOCSPResponse;
typedef struct {
ASN1_GENERALIZEDTIME *revocationTime;
ASN1_ENUMERATED *revocationReason;
} RevokedInfo;
typedef struct {
int type;
union {
ASN1_NULL *good;
RevokedInfo *revoked;
ASN1_NULL *unknown;
} d;
} CertStatus;
typedef struct {
CertID *certID;
CertStatus *certStatus;
ASN1_GENERALIZEDTIME *thisUpdate;
ASN1_GENERALIZEDTIME *nextUpdate;
STACK_OF(X509_EXTENSION) *singleExtensions;
} SingleResponse;
typedef struct {
X509_NAME *issuer;
STACK_OF(ACCESS_DESCRIPTION) *locator;
} ServiceLocator;
/* Now the ASN1 templates */
IMPLEMENT_COMPAT_ASN1(X509);
IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
// IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
IMPLEMENT_COMPAT_ASN1(X509_NAME);
ASN1_SEQUENCE(X509_EXTENSION) = {
ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(X509_EXTENSION);
ASN1_SEQUENCE(Signature) = {
ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
ASN1_SEQUENCE_OF(Signature, certs, X509)
} ASN1_SEQUENCE_END(Signature);
ASN1_SEQUENCE(CertID) = {
ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
} ASN1_SEQUENCE_END(CertID);
ASN1_SEQUENCE(Request) = {
ASN1_SIMPLE(Request, reqCert, CertID),
ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
} ASN1_SEQUENCE_END(Request);
ASN1_SEQUENCE(TBSRequest) = {
ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
} ASN1_SEQUENCE_END(TBSRequest);
ASN1_SEQUENCE(OCSPRequest) = {
ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
} ASN1_SEQUENCE_END(OCSPRequest);
/* Response templates */
ASN1_SEQUENCE(ResponseBytes) = {
ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(ResponseBytes);
ASN1_SEQUENCE(OCSPResponse) = {
ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
} ASN1_SEQUENCE_END(OCSPResponse);
ASN1_CHOICE(ResponderID) = {
ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
} ASN1_CHOICE_END(ResponderID);
ASN1_SEQUENCE(RevokedInfo) = {
ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
} ASN1_SEQUENCE_END(RevokedInfo);
ASN1_CHOICE(CertStatus) = {
ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
} ASN1_CHOICE_END(CertStatus);
ASN1_SEQUENCE(SingleResponse) = {
ASN1_SIMPLE(SingleResponse, certID, CertID),
ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(SingleResponse);
ASN1_SEQUENCE(ResponseData) = {
ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(ResponseData, responderID, ResponderID),
ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(ResponseData);
ASN1_SEQUENCE(BasicOCSPResponse) = {
ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
} ASN1_SEQUENCE_END(BasicOCSPResponse);

255
demos/b64.c
View File

@@ -1,255 +0,0 @@
/* demos/b64.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "../apps/apps.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#undef SIZE
#undef BSIZE
#undef PROG
#define SIZE (512)
#define BSIZE (8*1024)
#define PROG enc_main
int main(argc, argv)
int argc;
char **argv;
{
char *strbuf = NULL;
unsigned char *buff = NULL, *bufsize = NULL;
int bsize = BSIZE, verbose = 0;
int ret = 1, inl;
char *str = NULL;
char *hkey = NULL, *hiv = NULL;
int enc = 1, printkey = 0, i, base64 = 0;
int debug = 0;
EVP_CIPHER *cipher = NULL, *c;
char *inf = NULL, *outf = NULL;
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
NULL, *wbio = NULL;
#define PROG_NAME_SIZE 39
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE);
base64 = 1;
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-e") == 0)
enc = 1;
if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
inf = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outf = *(++argv);
} else if (strcmp(*argv, "-d") == 0)
enc = 0;
else if (strcmp(*argv, "-v") == 0)
verbose = 1;
else if (strcmp(*argv, "-debug") == 0)
debug = 1;
else if (strcmp(*argv, "-bufsize") == 0) {
if (--argc < 1)
goto bad;
bufsize = (unsigned char *)*(++argv);
} else {
BIO_printf(bio_err, "unknown option '%s'\n", *argv);
bad:
BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
BIO_printf(bio_err, "%-14s encode\n", "-e");
BIO_printf(bio_err, "%-14s decode\n", "-d");
BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
goto end;
}
argc--;
argv++;
}
if (bufsize != NULL) {
int i;
unsigned long n;
for (n = 0; *bufsize; bufsize++) {
i = *bufsize;
if ((i <= '9') && (i >= '0'))
n = n * 10 + i - '0';
else if (i == 'k') {
n *= 1024;
bufsize++;
break;
}
}
if (*bufsize != '\0') {
BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
goto end;
}
/* It must be large enough for a base64 encoded line */
if (n < 80)
n = 80;
bsize = (int)n;
if (verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
}
strbuf = OPENSSL_malloc(SIZE);
buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
if ((buff == NULL) || (strbuf == NULL)) {
BIO_printf(bio_err, "OPENSSL_malloc failure\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
BIO_set_callback(out, BIO_debug_callback);
BIO_set_callback_arg(in, bio_err);
BIO_set_callback_arg(out, bio_err);
}
if (inf == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, inf) <= 0) {
perror(inf);
goto end;
}
}
if (outf == NULL)
BIO_set_fp(out, stdout, BIO_NOCLOSE);
else {
if (BIO_write_filename(out, outf) <= 0) {
perror(outf);
goto end;
}
}
rbio = in;
wbio = out;
if (base64) {
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
if (debug) {
BIO_set_callback(b64, BIO_debug_callback);
BIO_set_callback_arg(b64, bio_err);
}
if (enc)
wbio = BIO_push(b64, wbio);
else
rbio = BIO_push(b64, rbio);
}
for (;;) {
inl = BIO_read(rbio, (char *)buff, bsize);
if (inl <= 0)
break;
if (BIO_write(wbio, (char *)buff, inl) != inl) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
}
BIO_flush(wbio);
ret = 0;
if (verbose) {
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
}
end:
if (strbuf != NULL)
OPENSSL_free(strbuf);
if (buff != NULL)
OPENSSL_free(buff);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free(out);
if (benc != NULL)
BIO_free(benc);
if (b64 != NULL)
BIO_free(b64);
EXIT(ret);
}

20
demos/b64.pl
View File

@@ -1,20 +0,0 @@
#!/usr/local/bin/perl
#
# Make PEM encoded data have lines of 64 bytes of data
#
while (<>)
{
if (/^-----BEGIN/ .. /^-----END/)
{
if (/^-----BEGIN/) { $first=$_; next; }
if (/^-----END/) { $last=$_; next; }
$out.=$_;
}
}
$out =~ s/\s//g;
$out =~ s/(.{64})/$1\n/g;
print "$first$out\n$last\n";

40
demos/bio/Makefile
View File

@@ -1,22 +1,30 @@
CC=cc
CFLAGS= -g -I../../include
LIBS= -L../.. ../../libssl.a ../../libcrypto.a -ldl
EXAMPLES=saccept sconnect client-arg client-conf
# Quick instruction:
# To build against an OpenSSL built in the source tree, do this:
#
# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
#
# To run the demos when linked with a shared library (default):
#
# LD_LIBRARY_PATH=../.. ./server-arg
# LD_LIBRARY_PATH=../.. ./server-cmod
# LD_LIBRARY_PATH=../.. ./server-conf
# LD_LIBRARY_PATH=../.. ./client-arg
# LD_LIBRARY_PATH=../.. ./client-conf
# LD_LIBRARY_PATH=../.. ./saccept
# LD_LIBRARY_PATH=../.. ./sconnect
all: $(EXAMPLES)
CFLAGS = $(OPENSSL_INCS_LOCATION)
LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS)
saccept: saccept.o
$(CC) -o saccept saccept.o $(LIBS)
sconnect: sconnect.o
$(CC) -o sconnect sconnect.o $(LIBS)
all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf
client-arg: client-arg.o
$(CC) -o client-arg client-arg.o $(LIBS)
client-conf: client-conf.o
$(CC) -o client-conf client-conf.o $(LIBS)
clean:
rm -f $(EXAMPLES) *.o
saccept: saccept.o
sconnect: sconnect.o
server-arg: server-arg.o
server-cmod: server-cmod.o
server-conf: server-conf.o
client-arg client-conf saccept sconnect server-arg server-cmod server-conf:
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<

8
demos/bio/accept.cnf
View File

@@ -5,9 +5,13 @@ Port = 4433
# Protocol = ALL, -TLSv1.2
# Only support 3 curves
Curves = P-521:P-384:P-256
# Automatic curve selection
ECDHParameters = Automatic
# Restricted signature algorithms
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
Certificate=server.pem
PrivateKey=server.pem
ChainCAFile=root.pem
VerifyCAFile=root.pem
# Request certificate
VerifyMode=Request
ClientCAFile=root.pem

20
demos/bio/client-arg.c
View File

@@ -1,3 +1,13 @@
/*
* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -13,11 +23,7 @@ int main(int argc, char **argv)
const char *connect_str = "localhost:4433";
int nargs = argc - 1;
ERR_load_crypto_strings();
ERR_load_SSL_strings();
SSL_library_init();
ctx = SSL_CTX_new(SSLv23_client_method());
ctx = SSL_CTX_new(TLS_client_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
@@ -38,7 +44,7 @@ int main(int argc, char **argv)
if (rv > 0)
continue;
/* Otherwise application specific argument processing */
if (!strcmp(*args, "-connect")) {
if (strcmp(*args, "-connect") == 0) {
connect_str = args[1];
if (connect_str == NULL) {
fprintf(stderr, "Missing -connect argument\n");
@@ -56,7 +62,7 @@ int main(int argc, char **argv)
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
goto err;
goto end;
}
/*

20
demos/bio/client-conf.c
View File

@@ -1,3 +1,13 @@
/*
* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>
@@ -16,10 +26,6 @@ int main(int argc, char **argv)
const char *connect_str = "localhost:4433";
long errline = -1;
ERR_load_crypto_strings();
ERR_load_SSL_strings();
SSL_library_init();
conf = NCONF_new(NULL);
if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
@@ -37,7 +43,7 @@ int main(int argc, char **argv)
goto end;
}
ctx = SSL_CTX_new(SSLv23_client_method());
ctx = SSL_CTX_new(TLS_client_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
@@ -53,7 +59,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
goto end;
}
if (!strcmp(cnf->name, "Connect")) {
if (strcmp(cnf->name, "Connect") == 0) {
connect_str = cnf->value;
} else {
fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
@@ -64,7 +70,7 @@ int main(int argc, char **argv)
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
goto err;
goto end;
}
/*

24
demos/bio/cmod.cnf Normal file
View File

@@ -0,0 +1,24 @@
# Example config module configuration
# Name supplied by application to CONF_modules_load_file
# and section containing configuration
testapp = test_sect
[test_sect]
# list of confuration modules
# SSL configuration module
ssl_conf = ssl_sect
[ssl_sect]
# list of SSL configurations
server = server_sect
[server_sect]
# Only support 3 curves
Curves = P-521:P-384:P-256
# Restricted signature algorithms
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
# Certificates and keys
RSA.Certificate=server.pem
ECDSA.Certificate=server-ec.pem

47
demos/bio/descrip.mms Normal file
View File

@@ -0,0 +1,47 @@
# This build description trusts that the following logical names are defined:
#
# For compilation: OPENSSL
# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR
# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL
#
# These are normally defined with the OpenSSL startup procedure
# By default, we link with the shared libraries
SHARED = TRUE
# Alternative, for linking with static libraries
#SHARED = FALSE
.FIRST :
IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt
IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt
.LAST :
DEASSIGN OPT
.DEFAULT :
@ !
# Because we use an option file, we need to redefine this
.obj.exe :
$(LINK) $(LINKFLAGS) $<,OPT:/OPT
all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
server-arg.exe server-cmod.exe server-conf.exe
client-arg.exe : client-arg.obj
client-conf.exe : client-conf.obj
saccept.exe : saccept.obj
sconnect.exe : sconnect.obj
server-arg.exe : server-arg.obj
server-cmod.exe : server-cmod.obj
server-conf.exe : server-conf.obj
# Stoopid MMS doesn't infer this automatically...
client-arg.obj : client-arg.c
client-conf.obj : client-conf.c
saccept.obj : saccept.c
sconnect.obj : sconnect.c
server-arg.obj : server-arg.c
server-cmod.obj : server-cmod.c
server-conf.obj : server-conf.c

23
demos/bio/intca.pem Normal file
View File

@@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL
MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz
audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg
j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt
CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR
gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I
RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN
thI=
-----END CERTIFICATE-----

22
demos/bio/root.pem Normal file
View File

@@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDtjCCAp6gAwIBAgIJAKkg71CjIAovMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
QTAeFw0xNDAyMjMxMzA1MTNaFw0yNDAyMjExMzA1MTNaMGgxCzAJBgNVBAYTAlVL
MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs
vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H
q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG
juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu
R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r
77WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA
AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA
FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCsoxVi49anYZ1aI/2rVJ5bvEd3ZvGn
wx1Y+l75SQVYU2qX9CHNBVg1t8reIBN8yPEfBM1WcFPEg7Vy3zFaklMPm/oYXwVI
/lX/LsfPUxdnQmONxLw4x/0booN1LV/dtRcebewUSqog6W9Z2fbTEe6srIBE4M5G
Wa943lthlmQM6HzlU4D606PQ3zQbX08mue4eqQB813r4uSoI1MpGLqxkziBRFGGN
T4VNYp8DeSVr3jHjNBmKCAPZxJIYElnLEK027OG00RH7sF7SGFDNsCjN1NmCvuRz
9AHnjVIBNzIvI3uiOn9tngRDXBRIcUBsdYG19tal8yWBgrr9SdlqFy/Y
-----END CERTIFICATE-----

61
demos/bio/saccept.c
View File

@@ -1,5 +1,11 @@
/* NOCW */
/* demos/bio/saccept.c */
/*
* Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*-
* A minimal program to serve an SSL connection.
@@ -18,22 +24,32 @@
#define CERT_FILE "server.pem"
BIO *in = NULL;
static int done = 0;
void close_up()
void interrupt(int sig)
{
if (in != NULL)
BIO_free(in);
done = 1;
}
int main(argc, argv)
int argc;
char *argv[];
void sigsetup(void)
{
struct sigaction sa;
/*
* Catch at most once, and don't restart the accept system call.
*/
sa.sa_flags = SA_RESETHAND;
sa.sa_handler = interrupt;
sigemptyset(&sa.sa_mask);
sigaction(SIGINT, &sa, NULL);
}
int main(int argc, char *argv[])
{
char *port = NULL;
BIO *in = NULL;
BIO *ssl_bio, *tmp;
SSL_CTX *ctx;
SSL *ssl;
char buf[512];
int ret = 1, i;
@@ -42,20 +58,8 @@ char *argv[];
else
port = argv[1];
signal(SIGINT, close_up);
SSL_load_error_strings();
#ifdef WATT32
dbug_init();
sock_init();
#endif
/* Add ciphers and message digests */
OpenSSL_add_ssl_algorithms();
ctx = SSL_CTX_new(SSLv23_server_method());
if (!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
ctx = SSL_CTX_new(TLS_server_method());
if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))
goto err;
if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
goto err;
@@ -63,7 +67,6 @@ char *argv[];
goto err;
/* Setup server side SSL bio */
ssl = SSL_new(ctx);
ssl_bio = BIO_new_ssl(ctx, 0);
if ((in = BIO_new_accept(port)) == NULL)
@@ -76,6 +79,9 @@ char *argv[];
*/
BIO_set_accept_bios(in, ssl_bio);
/* Arrange to leave server loop on interrupt */
sigsetup();
again:
/*
* The first call will setup the accept socket, and the second will get a
@@ -86,7 +92,7 @@ char *argv[];
if (BIO_do_accept(in) <= 0)
goto err;
for (;;) {
while (!done) {
i = BIO_read(in, buf, 512);
if (i == 0) {
/*
@@ -110,8 +116,7 @@ char *argv[];
if (ret) {
ERR_print_errors_fp(stderr);
}
if (in != NULL)
BIO_free(in);
BIO_free(in);
exit(ret);
return (!ret);
}

68
demos/bio/sconnect.c
View File

@@ -1,5 +1,11 @@
/* NOCW */
/* demos/bio/sconnect.c */
/*
* Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*-
* A minimal program to do SSL to a passed host and port.
@@ -11,51 +17,65 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#define HOSTPORT "localhost:4433"
#define CAFILE "root.pem"
extern int errno;
int main(argc, argv)
int argc;
char *argv[];
{
char *host;
BIO *out;
const char *hostport = HOSTPORT;
const char *CAfile = CAFILE;
char *hostname;
char *cp;
BIO *out = NULL;
char buf[1024 * 10], *p;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl;
BIO *ssl_bio;
int i, len, off, ret = 1;
if (argc <= 1)
host = "localhost:4433";
else
host = argv[1];
if (argc > 1)
hostport = argv[1];
if (argc > 2)
CAfile = argv[2];
hostname = OPENSSL_strdup(hostport);
if ((cp = strchr(hostname, ':')) != NULL)
*cp = 0;
#ifdef WATT32
dbug_init();
sock_init();
#endif
/* Lets get nice error messages */
SSL_load_error_strings();
ssl_ctx = SSL_CTX_new(TLS_client_method());
/* Setup all the global SSL stuff */
OpenSSL_add_ssl_algorithms();
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
/* Enable trust chain verification */
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL);
/* Lets make a SSL structure */
ssl = SSL_new(ssl_ctx);
SSL_set_connect_state(ssl);
/* Enable peername verification */
if (SSL_set1_host(ssl, hostname) <= 0)
goto err;
/* Use it inside an SSL BIO */
ssl_bio = BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
/* Lets use a connect BIO under the SSL BIO */
out = BIO_new(BIO_s_connect());
BIO_set_conn_hostname(out, host);
BIO_set_conn_hostname(out, hostport);
BIO_set_nbio(out, 1);
out = BIO_push(ssl_bio, out);
@@ -96,18 +116,16 @@ char *argv[];
}
ret = 1;
goto done;
if (0) {
err:
if (ERR_peek_error() == 0) { /* system call error */
fprintf(stderr, "errno=%d ", errno);
perror("error");
} else
ERR_print_errors_fp(stderr);
}
if (ERR_peek_error() == 0) { /* system call error */
fprintf(stderr, "errno=%d ", errno);
perror("error");
} else
ERR_print_errors_fp(stderr);
done:
BIO_free_all(out);
if (ssl_ctx != NULL)
SSL_CTX_free(ssl_ctx);
exit(!ret);
return (ret);
SSL_CTX_free(ssl_ctx);
return (ret == 1);
}

25
demos/bio/server-arg.c
View File

@@ -1,5 +1,11 @@
/* NOCW */
/* demos/bio/server-arg.c */
/*
* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* A minimal program to serve an SSL connection. It uses blocking. It use the
@@ -8,6 +14,7 @@
*/
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -24,12 +31,7 @@ int main(int argc, char *argv[])
char **args = argv + 1;
int nargs = argc - 1;
SSL_load_error_strings();
/* Add ciphers and message digests */
OpenSSL_add_ssl_algorithms();
ctx = SSL_CTX_new(SSLv23_server_method());
ctx = SSL_CTX_new(TLS_server_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
@@ -52,7 +54,7 @@ int main(int argc, char *argv[])
if (rv > 0)
continue;
/* Otherwise application specific argument processing */
if (!strcmp(*args, "-port")) {
if (strcmp(*args, "-port") == 0) {
port = args[1];
if (port == NULL) {
fprintf(stderr, "Missing -port argument\n");
@@ -72,7 +74,7 @@ int main(int argc, char *argv[])
ERR_print_errors_fp(stderr);
goto err;
}
#if 0
#ifdef ITERATE_CERTS
/*
* Demo of how to iterate over all certificates in an SSL_CTX structure.
*/
@@ -137,8 +139,7 @@ int main(int argc, char *argv[])
if (ret) {
ERR_print_errors_fp(stderr);
}
if (in != NULL)
BIO_free(in);
BIO_free(in);
exit(ret);
return (!ret);
}

95
demos/bio/server-cmod.c Normal file
View File

@@ -0,0 +1,95 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* A minimal TLS server it ses SSL_CTX_config and a configuration file to
* set most server parameters.
*/
#include <stdio.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>
int main(int argc, char *argv[])
{
unsigned char buf[512];
char *port = "*:4433";
BIO *in = NULL;
BIO *ssl_bio, *tmp;
SSL_CTX *ctx;
int ret = 1, i;
ctx = SSL_CTX_new(TLS_server_method());
if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) {
fprintf(stderr, "Error processing config file\n");
goto err;
}
if (SSL_CTX_config(ctx, "server") == 0) {
fprintf(stderr, "Error configuring server.\n");
goto err;
}
/* Setup server side SSL bio */
ssl_bio = BIO_new_ssl(ctx, 0);
if ((in = BIO_new_accept(port)) == NULL)
goto err;
/*
* This means that when a new connection is accepted on 'in', The ssl_bio
* will be 'duplicated' and have the new socket BIO push into it.
* Basically it means the SSL BIO will be automatically setup
*/
BIO_set_accept_bios(in, ssl_bio);
again:
/*
* The first call will setup the accept socket, and the second will get a
* socket. In this loop, the first actual accept will occur in the
* BIO_read() function.
*/
if (BIO_do_accept(in) <= 0)
goto err;
for (;;) {
i = BIO_read(in, buf, sizeof(buf));
if (i == 0) {
/*
* If we have finished, remove the underlying BIO stack so the
* next time we call any function for this BIO, it will attempt
* to do an accept
*/
printf("Done\n");
tmp = BIO_pop(in);
BIO_free_all(tmp);
goto again;
}
if (i < 0) {
if (BIO_should_retry(in))
continue;
goto err;
}
fwrite(buf, 1, i, stdout);
fflush(stdout);
}
ret = 0;
err:
if (ret) {
ERR_print_errors_fp(stderr);
}
BIO_free(in);
exit(ret);
return (!ret);
}

22
demos/bio/server-conf.c
View File

@@ -1,5 +1,11 @@
/* NOCW */
/* demos/bio/saccept-conf.c */
/*
* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* A minimal program to serve an SSL connection. It uses blocking. It uses
@@ -8,6 +14,7 @@
*/
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -27,10 +34,7 @@ int main(int argc, char *argv[])
char buf[512];
int ret = 1, i;
SSL_load_error_strings();
/* Add ciphers and message digests */
OpenSSL_add_ssl_algorithms();
ctx = SSL_CTX_new(TLS_server_method());
conf = NCONF_new(NULL);
@@ -49,7 +53,6 @@ int main(int argc, char *argv[])
goto err;
}
ctx = SSL_CTX_new(SSLv23_server_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
@@ -67,7 +70,7 @@ int main(int argc, char *argv[])
ERR_print_errors_fp(stderr);
goto err;
}
if (!strcmp(cnf->name, "Port")) {
if (strcmp(cnf->name, "Port") == 0) {
port = cnf->value;
} else {
fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
@@ -131,8 +134,7 @@ int main(int argc, char *argv[])
if (ret) {
ERR_print_errors_fp(stderr);
}
if (in != NULL)
BIO_free(in);
BIO_free(in);
exit(ret);
return (!ret);
}

17
demos/bio/server-ec.pem Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/5kYU3PUlHwfdjEN
lC1xTZEx3o55RgtSOuOCTryDfomhRANCAARW/qUFg+qZzjcFWrST4bmkRCFu8/rn
KTHjW2vpBXYGXKDn4AbAfYXYhM9J7v1HkkrZBPPGx53eVzs61/Pgr6Rc
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIBsTCCAVegAwIBAgIJALChLe0vZzgoMAoGCCqGSM49BAMCMDUxHzAdBgNVBAsM
FlRlc3QgRUNEU0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x
NTEyMjIxNDUxMDRaFw00NDAxMDQxNDUxMDRaMDUxHzAdBgNVBAsMFlRlc3QgRUNE
U0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABFb+pQWD6pnONwVatJPhuaREIW7z+ucpMeNba+kFdgZcoOfg
BsB9hdiEz0nu/UeSStkE88bHnd5XOzrX8+CvpFyjUDBOMB0GA1UdDgQWBBROhkTJ
lsm8Qd8pEgrrapccfFY5gjAfBgNVHSMEGDAWgBROhkTJlsm8Qd8pEgrrapccfFY5
gjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFhyU/WZRcihilTpwFVm
fly1JhwisouiZjLnPkRYZVzHAiEAgqxXfRQl1/phnEgO9gRcv2nFp9xvJiDgKPse
VktDYjE=
-----END CERTIFICATE-----

65
demos/bio/server.pem
View File

@@ -1,27 +1,52 @@
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
-----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
MIIDyTCCArGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVSzEW
MBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcgUFVS
UE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0ZSBD
QTAgFw0xNjAxMDQwODU0NDZaGA8yMTE2MDEwNTA4NTQ0NlowZDELMAkGA1UEBhMC
VUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNUSU5H
IFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJKCLTuf7g
3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfiR7bfSdI/
+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMvvPQGuI+O
EAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7TVcGVSEi
Jdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU41NEWAsu
/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8RAgMBAAGj
eDB2MB0GA1UdDgQWBBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2
w2yI55X+sL3szj49hqshgYfa2jAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUF
BwMBMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAC78R
sAr4uvkYOu/pSwQ3MYOFqZ0BnPuP0/AZW2zF7TLNy8g36GyH9rKxz2ffQEHRmPQN
Z11Ohg3z03jw/sVzkgt2U5Ipv923sSeCZcu0nuNex3v9/x72ldYikZNhQOsw+2kr
hx3OvE9R7xl9eyjz7BknsbY7PC3kiUY8SDdc5Fr/XMkHm3ge65oWYOHBjC5tAr5K
FGCEjM3syxS+Li5X6yfDGiVSjOU4gJuZDCYbl7cEQexU2deds8EmpJJrrI7s4JcQ
rraHI8+Hu8X9VLpZE1jl/fKJw3D0i53PoN2WhukIOg1Zv+ajMKQ4ubVfISH2ebox
+ybAZO8hxL6/I08/GQ==
-----END CERTIFICATE-----
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Root CA
-----BEGIN CERTIFICATE-----
MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL
MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz
audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg
j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt
CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR
gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I
RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN
thI=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv

2
demos/bio/shared.opt Normal file
View File

@@ -0,0 +1,2 @@
OSSL$LIBSSL_SHR/SHARE
OSSL$LIBCRYPTO_SHR/SHARE

2
demos/bio/static.opt Normal file
View File

@@ -0,0 +1,2 @@
OSSL$LIBSSL/LIB
OSSL$LIBCRYPTO/LIB

21
demos/certs/README Normal file
View File

@@ -0,0 +1,21 @@
There is often a need to generate test certificates automatically using
a script. This is often a cause for confusion which can result in incorrect
CA certificates, obsolete V1 certificates or duplicate serial numbers.
The range of command line options can be daunting for a beginner.
The mkcerts.sh script is an example of how to generate certificates
automatically using scripts. Example creates a root CA, an intermediate CA
signed by the root and several certificates signed by the intermediate CA.
The script then creates an empty index.txt file and adds entries for the
certificates and generates a CRL. Then one certificate is revoked and a
second CRL generated.
The script ocsprun.sh runs the test responder on port 8888 covering the
client certificates.
The script ocspquery.sh queries the status of the certificates using the
test responder.

69
demos/certs/apps/apps.cnf Normal file
View File

@@ -0,0 +1,69 @@
#
# OpenSSL configuration file to create apps directory certificates
#
# This definition stops the following lines choking if HOME or CN
# is undefined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
CN = "Not Defined"
####################################################################
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
# Don't prompt for fields: use those in section directly
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = UK
organizationName = OpenSSL Group
organizationalUnitName = FOR TESTING PURPOSES ONLY
# Take CN from environment so it can come from a script.
commonName = $ENV::CN
[ usr_cert ]
# These extensions are added when 'ca' signs a request for an end entity
# certificate
basicConstraints=critical, CA:FALSE
keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
[ ec_cert ]
# These extensions are added when 'ca' signs a request for an end entity
# certificate
basicConstraints=critical, CA:FALSE
keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
basicConstraints = critical,CA:true
keyUsage = critical, cRLSign, keyCertSign

27
demos/certs/apps/ckey.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
-----END RSA PRIVATE KEY-----

27
demos/certs/apps/intkey.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAsErw75CmLYD6pkrGW/YhAl/K8L5wJYxDjqu2FghxjD8K308W
3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VLIdurBEAIEUdbzx0so74FPawgz5EW2CTq
oJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJGNXND2ip0TcyTSPLROXOyQakcVfIGJmd
Sa1wHKi+c2gMA4emADudZUOYLrg80gr2ldePm07ynbVsKKzCcStw8MdmoW9Qt3fL
nPJn2TFUUBNWj+4kvL+88edWCVQXKNdsysD/CDrH4W/hjyPDStVsM6XpiNU0+L2Z
Y6fcj3OP8d0goOx45xotMn9m8hNkCGsrVXx9IwIDAQABAoIBACg3wIV2o2KIJSZg
sqXyHY+0GNEZMO5v9E2NAMo//N941lshaN6wrww5FbK39qH9yNylfxmFLe6sgJhA
fLZprbcXgH+onto+Fpv4UqvCI+4WdHa03U3sJ+70SvxzSy1Gtrbc8FUPJl7qgrFf
Nn5S8CgOwYb4J6KPguTh5G3Z9RPiCKObwOwEM34hrZUlgPS88wmzu9H6L2GM8A1v
YBtEr0msBnlJBJOgStyUEfHW2KspNQ+VllQ6c0cedgFXUpl9EoKTLxP+WXwFI1sx
jFCFzSrMqPcPz1PxU6bXoZE0WH6r+3c8WAW4xR/HVu04BrBDu0CGwn6zAXDy6wCU
pWogDlkCgYEA4o+nIu2CTzqUlgc22pj+hjenfS5lnCtJfAdrXOJHmnuL+J9h8Nzz
9kkL+/Y0Xg9bOM6xXPm+81UNpDvOLbUahSSQsfB+LNVEkthJIL4XIk083LsHjFaJ
9SiCFRbf2OgWrEhe/c1drySwz9u/0f4Q7B6VGqxMnTDjzS5JacZ1pE8CgYEAxzMn
/n/Dpdn+c4rf14BRNKCv1qBXngPNylKJCmiRpKRJAn+B+Msdwtggk/1Ihju21wSo
IGy0Gw7WQd1Iq7V85cB2G5PAFY6ybpSV6G3QrzmzuvjHmKvXgUAuuaN+7Pp1YkMY
rLVjUOcdP5JbXG6XnaCkHYJR8uapPwWPkDt+oO0CgYBI4yZGGlr92j7LNW70TJw1
2dnMcAzIfTSa7lgf/bxDetPBHKWJs8vYxA9S9BZM3Gvgjr6IxuAjsI0+9O6TzdvG
UckrNc+h5Mq241ZDbmRK6MZXzOPUxlKDyJBw8Hb7dU82BeJpjJRDMG6hsHS5vh77
l6sodZ4ARCZFcEq1+N8ICQKBgDeBHJLAXO6YmFrvhkGQ4o+senJuSRuhabUHXGIH
ExXyJNnKV5fQWOGSwTkbKRsmBmNRS9uFDoY/kxnVI8ucjUmjYAV9HNek5DkFs+OI
vc4lYNwnN85li23bSWm2kcZMX2ra0URGYn8HdtHg4Q4XTq3ANhp21oi9FsmVrhP9
T+JdAoGBAK2ebwZ7CXFavDFo4mzLKkGitBjrSi/udFhZECXZWEbNzWlVc3Y3q0cU
drDqUtbVm+/Xb5CMU044Gqq6SKdObAb3JElKmFylFL9fp2rfL/foUr2sdb87Vqdp
2j5jZyvt1DKnNaJ7JaFbUdRxlvHQRiqKlZpafN/SMQ0jCs1bSgCg
-----END RSA PRIVATE KEY-----

45
demos/certs/apps/mkacerts.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/bin/sh
# Recreate the demo certificates in the apps directory.
OPENSSL=openssl
# Root CA: create certificate directly
CN="OpenSSL Test Root CA" $OPENSSL req -config apps.cnf -x509 -nodes \
-keyout root.pem -out root.pem -key rootkey.pem -new -days 3650
# Intermediate CA: request first
CN="OpenSSL Test Intermediate CA" $OPENSSL req -config apps.cnf -nodes \
-key intkey.pem -out intreq.pem -new
# Sign request: CA extensions
$OPENSSL x509 -req -in intreq.pem -CA root.pem -CAkey rootkey.pem -days 3630 \
-extfile apps.cnf -extensions v3_ca -CAcreateserial -out intca.pem
# Client certificate: request first
CN="Test Client Cert" $OPENSSL req -config apps.cnf -nodes \
-key ckey.pem -out creq.pem -new
# Sign using intermediate CA
$OPENSSL x509 -req -in creq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
-extfile apps.cnf -extensions usr_cert -CAcreateserial | \
$OPENSSL x509 -nameopt oneline -subject -issuer >client.pem
# Server certificate: request first
CN="Test Server Cert" $OPENSSL req -config apps.cnf -nodes \
-key skey.pem -out sreq.pem -new
# Sign using intermediate CA
$OPENSSL x509 -req -in sreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
-extfile apps.cnf -extensions usr_cert -CAcreateserial | \
$OPENSSL x509 -nameopt oneline -subject -issuer >server.pem
# Server certificate #2: request first
CN="Test Server Cert #2" $OPENSSL req -config apps.cnf -nodes \
-key skey2.pem -out sreq2.pem -new
# Sign using intermediate CA
$OPENSSL x509 -req -in sreq2.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
-extfile apps.cnf -extensions usr_cert -CAcreateserial | \
$OPENSSL x509 -nameopt oneline -subject -issuer >server2.pem
# Append keys to file.
cat skey.pem >>server.pem
cat skey2.pem >>server2.pem
cat ckey.pem >>client.pem
$OPENSSL verify -CAfile root.pem -untrusted intca.pem \
server2.pem server.pem client.pem

29
demos/certs/apps/mkxcerts.sh Normal file
View File

@@ -0,0 +1,29 @@
# Create certificates using various algorithms to test multi-certificate
# functionality.
OPENSSL=../../../apps/openssl
CN="OpenSSL Test RSA SHA-1 cert" $OPENSSL req \
-config apps.cnf -extensions usr_cert -x509 -nodes \
-keyout tsha1.pem -out tsha1.pem -new -days 3650 -sha1
CN="OpenSSL Test RSA SHA-256 cert" $OPENSSL req \
-config apps.cnf -extensions usr_cert -x509 -nodes \
-keyout tsha256.pem -out tsha256.pem -new -days 3650 -sha256
CN="OpenSSL Test RSA SHA-512 cert" $OPENSSL req \
-config apps.cnf -extensions usr_cert -x509 -nodes \
-keyout tsha512.pem -out tsha512.pem -new -days 3650 -sha512
# Create EC parameters
$OPENSSL ecparam -name P-256 -out ecp256.pem
$OPENSSL ecparam -name P-384 -out ecp384.pem
CN="OpenSSL Test P-256 SHA-256 cert" $OPENSSL req \
-config apps.cnf -extensions ec_cert -x509 -nodes \
-nodes -keyout tecp256.pem -out tecp256.pem -newkey ec:ecp256.pem \
-days 3650 -sha256
CN="OpenSSL Test P-384 SHA-384 cert" $OPENSSL req \
-config apps.cnf -extensions ec_cert -x509 -nodes \
-nodes -keyout tecp384.pem -out tecp384.pem -newkey ec:ecp384.pem \
-days 3650 -sha384

27
demos/certs/apps/rootkey.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEA0xpquKAoY6trkxz8uuE6RyYfMOy+Rgvt19pqG3x8sEpFNjDN
IG873HniShNaOrseRtrGRgCDcecNOQ0LLOQYo10zz0er8+0YgUWVx5Ag5q3cqN3T
kjDc+0sRZMONPoUwD0ySOT9dumbJypEjA0q2AgKgWwaO4ilzg/fWTEruLeuL4meX
K9WZFmMnGuF4kHSocZeKWs5UM86WIOf/+NdtzLNd6a5HwqAB5Azggiz2Ngck6Aet
Mi0inBr3A1MSn0oIaQ7rGvbQ2QrIOnpdHJ36GadQHuvvtZOm28o8UVONMMWoS1yJ
/1TaRWQJ+faZJE7yegJtUf75+5HwsxaUP32C3wIDAQABAoIBAQCEybEnwVamm0Vn
nGw9AT+vUYN9Ou3VEdviUzk7YOrt2Un/9GKTbGSzItf80H+JQfqhhywBDIGiPDxN
Dq9g5Xm6CP51/BdlsFYhuqukhDyt3d9XOXHEG4hlaarfP0KxeQXqGbhA2mMSxWVZ
TkI/59blHNHRcCagjIJlGJhsFRYNO1/ApfA5zN7fWCFvH1XWZhuvsPDgUXKm4BS0
p3ol67MVJHRfYcLb/txBO5rBhSXinK0jEBiljRcE0rWzRycSedmDgG3SNV17wvA0
UWgMNpPcJ1b7Satr0nM7A8+siV8FRcfvPqCuGPKCYTrNn71hGJEhKXKwlURj9+95
O5yzRxjBAoGBAPtTRYN40/piRB0XLpi+zNh+4Ba4TGfXSymbaozgC/pI5wfgGXrz
IpT9ujjV42r8TABHvXa6uiGm0cbxcUgq2n6Y8rf6iHxmn23ezCEBUs7rd6jtt11b
m58T8o0XWyOgAovaH0UgzMtrlsZYR2fli5254oRkTWwaUTuO38z6CVddAoGBANcH
nvdu3RniIYStsr5/deu7l81ZQ9rSiR1m3H6Wy8ryMIfkYfa0WqXhwNHrLrhvhLIQ
7mGnJ+jAkJyVQULE6UdbmVW8tC58Dfrgz/1s7RMeUYPnOmRpx79c/LqZ2IunfFWx
IvBvFu7vidEHA+1tU2N+oXNsU+B9XpfsJ+/d2QtrAoGBAJTuP58tFtClMp/agO5b
AqC4bqqIBB704cGCK53XlsF2OhHcprzJH5ES2iub8+wOHit8V7Xn6SzP4jf2E58k
Zd3nXM3RVNgDKC6/fE+CrUOZHYupcqOMCag29eDOGl/+DgQ5+ZXJXhKdaveWkJns
2NNat/SkS4zn+4NDozOgZ7CxAoGBAIuXjfJRTUXNUDci0APtGO9U1AJiLbOzs4Gb
0g539IqmWS0O7S3L/YDsolFkXOsssjcq2KYabsUhpX+RQVGIJWzGoS9QlqQKssSo
Bz4c5Xbg2shHZtfi9+JaClNVJofazdOPcAAoDfpFFPHWnQ0YSOcxQLx+maEFok/7
5h1IputLAoGBAKGBWDPwskgRRfCAIFpCJLOu/9D30M/akMtO0kJYQpBjOaKuigUy
ic7pthFVse/pMUljXHAd1hs2CTjMW1ukEusU3x1Ei6wvnHHqn0Hs+6D5NQFQkcMn
7rejJ+bpJPRAn40AAV5hGBYI12XycB8ZgyPC4hTUK6unGVK06DC4qvdv
-----END RSA PRIVATE KEY-----

27
demos/certs/apps/skey.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
-----END RSA PRIVATE KEY-----

27
demos/certs/apps/skey2.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f
UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq
2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi
92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33
DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k
KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5
x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A
DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD
F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd
rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb
+znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb
Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a
E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs
Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL
8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf
rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq
bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX
5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG
3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0
5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP
5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng
38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k
z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok
kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ
NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk
-----END RSA PRIVATE KEY-----

86
demos/certs/ca.cnf Normal file
View File

@@ -0,0 +1,86 @@
#
# OpenSSL example configuration file for automated certificate creation.
#
# This definition stops the following lines choking if HOME or CN
# is undefined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
CN = "Not Defined"
default_ca = ca
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
# Don't prompt for fields: use those in section directly
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = UK
organizationName = OpenSSL Group
# Take CN from environment so it can come from a script.
commonName = $ENV::CN
[ usr_cert ]
# These extensions are added when 'ca' signs a request for an end entity
# certificate
basicConstraints=critical, CA:FALSE
keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
# OCSP responder certificate
[ ocsp_cert ]
basicConstraints=critical, CA:FALSE
keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
extendedKeyUsage=OCSPSigning
[ dh_cert ]
# These extensions are added when 'ca' signs a request for an end entity
# DH certificate
basicConstraints=critical, CA:FALSE
keyUsage=critical, keyAgreement
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
basicConstraints = critical,CA:true
keyUsage = critical, cRLSign, keyCertSign
# Minimal CA entry to allow generation of CRLs.
[ca]
database=index.txt
crlnumber=crlnum.txt

96
demos/certs/mkcerts.sh Normal file
View File

@@ -0,0 +1,96 @@
#!/bin/sh
OPENSSL=../../apps/openssl
OPENSSL_CONF=../../apps/openssl.cnf
export OPENSSL_CONF
# Root CA: create certificate directly
CN="Test Root CA" $OPENSSL req -config ca.cnf -x509 -nodes \
-keyout root.pem -out root.pem -newkey rsa:2048 -days 3650
# Intermediate CA: request first
CN="Test Intermediate CA" $OPENSSL req -config ca.cnf -nodes \
-keyout intkey.pem -out intreq.pem -newkey rsa:2048
# Sign request: CA extensions
$OPENSSL x509 -req -in intreq.pem -CA root.pem -days 3600 \
-extfile ca.cnf -extensions v3_ca -CAcreateserial -out intca.pem
# Server certificate: create request first
CN="Test Server Cert" $OPENSSL req -config ca.cnf -nodes \
-keyout skey.pem -out req.pem -newkey rsa:1024
# Sign request: end entity extensions
$OPENSSL x509 -req -in req.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial -out server.pem
# Client certificate: request first
CN="Test Client Cert" $OPENSSL req -config ca.cnf -nodes \
-keyout ckey.pem -out creq.pem -newkey rsa:1024
# Sign using intermediate CA
$OPENSSL x509 -req -in creq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial -out client.pem
# Revoked certificate: request first
CN="Test Revoked Cert" $OPENSSL req -config ca.cnf -nodes \
-keyout revkey.pem -out rreq.pem -newkey rsa:1024
# Sign using intermediate CA
$OPENSSL x509 -req -in rreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial -out rev.pem
# OCSP responder certificate: request first
CN="Test OCSP Responder Cert" $OPENSSL req -config ca.cnf -nodes \
-keyout respkey.pem -out respreq.pem -newkey rsa:1024
# Sign using intermediate CA and responder extensions
$OPENSSL x509 -req -in respreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \
-extfile ca.cnf -extensions ocsp_cert -CAcreateserial -out resp.pem
# Example creating a PKCS#3 DH certificate.
# First DH parameters
[ -f dhp.pem ] || $OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_prime_len:1024 -out dhp.pem
# Now a DH private key
$OPENSSL genpkey -paramfile dhp.pem -out dhskey.pem
# Create DH public key file
$OPENSSL pkey -in dhskey.pem -pubout -out dhspub.pem
# Certificate request, key just reuses old one as it is ignored when the
# request is signed.
CN="Test Server DH Cert" $OPENSSL req -config ca.cnf -new \
-key skey.pem -out dhsreq.pem
# Sign request: end entity DH extensions
$OPENSSL x509 -req -in dhsreq.pem -CA root.pem -days 3600 \
-force_pubkey dhspub.pem \
-extfile ca.cnf -extensions dh_cert -CAcreateserial -out dhserver.pem
# DH client certificate
$OPENSSL genpkey -paramfile dhp.pem -out dhckey.pem
$OPENSSL pkey -in dhckey.pem -pubout -out dhcpub.pem
CN="Test Client DH Cert" $OPENSSL req -config ca.cnf -new \
-key skey.pem -out dhcreq.pem
$OPENSSL x509 -req -in dhcreq.pem -CA root.pem -days 3600 \
-force_pubkey dhcpub.pem \
-extfile ca.cnf -extensions dh_cert -CAcreateserial -out dhclient.pem
# Examples of CRL generation without the need to use 'ca' to issue
# certificates.
# Create zero length index file
>index.txt
# Create initial crl number file
echo 01 >crlnum.txt
# Add entries for server and client certs
$OPENSSL ca -valid server.pem -keyfile root.pem -cert root.pem \
-config ca.cnf -md sha1
$OPENSSL ca -valid client.pem -keyfile root.pem -cert root.pem \
-config ca.cnf -md sha1
$OPENSSL ca -valid rev.pem -keyfile root.pem -cert root.pem \
-config ca.cnf -md sha1
# Generate a CRL.
$OPENSSL ca -gencrl -keyfile root.pem -cert root.pem -config ca.cnf \
-md sha1 -crldays 1 -out crl1.pem
# Revoke a certificate
openssl ca -revoke rev.pem -crl_reason superseded \
-keyfile root.pem -cert root.pem -config ca.cnf -md sha1
# Generate another CRL
$OPENSSL ca -gencrl -keyfile root.pem -cert root.pem -config ca.cnf \
-md sha1 -crldays 1 -out crl2.pem

21
demos/certs/ocspquery.sh Normal file
View File

@@ -0,0 +1,21 @@
# Example querying OpenSSL test responder. Assumes ocsprun.sh has been
# called.
OPENSSL=../../apps/openssl
OPENSSL_CONF=../../apps/openssl.cnf
export OPENSSL_CONF
# Send responder queries for each certificate.
echo "Requesting OCSP status for each certificate"
$OPENSSL ocsp -issuer intca.pem -cert client.pem -CAfile root.pem \
-url http://127.0.0.1:8888/
$OPENSSL ocsp -issuer intca.pem -cert server.pem -CAfile root.pem \
-url http://127.0.0.1:8888/
$OPENSSL ocsp -issuer intca.pem -cert rev.pem -CAfile root.pem \
-url http://127.0.0.1:8888/
# One query for all three certificates.
echo "Requesting OCSP status for three certificates in one request"
$OPENSSL ocsp -issuer intca.pem \
-cert client.pem -cert server.pem -cert rev.pem \
-CAfile root.pem -url http://127.0.0.1:8888/

14
demos/certs/ocsprun.sh Normal file
View File

@@ -0,0 +1,14 @@
# Example of running an querying OpenSSL test OCSP responder.
# This assumes "mkcerts.sh" or similar has been run to set up the
# necessary file structure.
OPENSSL=../../apps/openssl
OPENSSL_CONF=../../apps/openssl.cnf
export OPENSSL_CONF
# Run OCSP responder.
PORT=8888
$OPENSSL ocsp -port $PORT -index index.txt -CA intca.pem \
-rsigner resp.pem -rkey respkey.pem -rother intca.pem $*

20
demos/cms/cms_comp.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Simple S/MIME compress example */
#include <openssl/pem.h>
#include <openssl/cms.h>
@@ -48,13 +57,8 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
CMS_ContentInfo_free(cms);
BIO_free(in);
BIO_free(out);
return ret;
}

33
demos/cms/cms_ddec.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* S/MIME detached data decrypt example: rarely done but should the need
* arise this is an example....
@@ -68,22 +77,12 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (dcont)
BIO_free(dcont);
CMS_ContentInfo_free(cms);
X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
BIO_free(dcont);
return ret;
}

30
demos/cms/cms_dec.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Simple S/MIME decryption example */
#include <openssl/pem.h>
#include <openssl/cms.h>
@@ -59,20 +68,11 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
CMS_ContentInfo_free(cms);
X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;
}

33
demos/cms/cms_denc.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* S/MIME detached data encrypt example: rarely done but should the need
* arise this is an example....
@@ -77,22 +86,12 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (dout)
BIO_free(dout);
if (tbio)
BIO_free(tbio);
CMS_ContentInfo_free(cms);
X509_free(rcert);
sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);
BIO_free(dout);
BIO_free(tbio);
return ret;
}

30
demos/cms/cms_enc.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Simple S/MIME encrypt example */
#include <openssl/pem.h>
#include <openssl/cms.h>
@@ -73,20 +82,11 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
CMS_ContentInfo_free(cms);
X509_free(rcert);
sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;
}

30
demos/cms/cms_sign.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Simple S/MIME signing example */
#include <openssl/pem.h>
#include <openssl/cms.h>
@@ -69,20 +78,11 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
CMS_ContentInfo_free(cms);
X509_free(scert);
EVP_PKEY_free(skey);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;
}

38
demos/cms/cms_sign2.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* S/MIME signing example: 2 signers */
#include <openssl/pem.h>
#include <openssl/cms.h>
@@ -77,26 +86,13 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
if (skey)
EVP_PKEY_free(skey2);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
CMS_ContentInfo_free(cms);
X509_free(scert);
EVP_PKEY_free(skey);
X509_free(scert2);
EVP_PKEY_free(skey2);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;
}

21
demos/cms/cms_uncomp.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Simple S/MIME uncompression example */
#include <openssl/pem.h>
#include <openssl/cms.h>
@@ -42,14 +51,8 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
CMS_ContentInfo_free(cms);
BIO_free(in);
BIO_free(out);
return ret;
}

28
demos/cms/cms_ver.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Simple S/MIME verification example */
#include <openssl/pem.h>
#include <openssl/cms.h>
@@ -67,19 +76,10 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (cacert)
X509_free(cacert);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
CMS_ContentInfo_free(cms);
X509_free(cacert);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;
}

123
demos/easy_tls/Makefile
View File

@@ -1,123 +0,0 @@
# Makefile for easy-tls example application (rudimentary client and server)
# $Id: Makefile,v 1.2 2001/09/18 09:15:40 bodo Exp $
SOLARIS_CFLAGS=-Wall -pedantic -g -O2
SOLARIS_LIBS=-lxnet
LINUX_CFLAGS=-Wall -pedantic -g -O2
LINUX_LIBS=
auto-all:
case `uname -s` in \
SunOS) echo Using SunOS configuration; \
make SYSCFLAGS="$(SOLARIS_CFLAGS)" SYSLIBS="$(SOLARIS_LIBS)" all;; \
Linux) echo Using Linux configuration; \
make SYSCFLAGS="$(LINUX_CFLAGS)" SYSLIBS="$(LINUX_LIBS)" all;; \
*) echo "unknown system"; exit 1;; \
esac
all: test TAGS
# For adapting this Makefile to a different system, only the following
# definitions should need customizing:
OPENSSLDIR=../..
CC=gcc
SYSCFLAGS=whatever
SYSLIBS=whatever
#############################################################################
#
# SSLeay/OpenSSL imports
#
# OPENSSLDIR (set above) can be either the directory where OpenSSL is
# installed or the directory where it was compiled.
# We rely on having a new OpenSSL release where include files
# have names like <openssl/ssl.h> (not just <ssl.h>).
OPENSSLINCLUDES=-I$(OPENSSLDIR)/include
# libcrypto.a and libssl.a are directly in $(OPENSSLDIR) if this is
# the compile directory, or in $(OPENSSLDIR)/lib if we use an installed
# library. With the following definition, we can handle either case.
OPENSSLLIBS=-L$(OPENSSLDIR) -L$(OPENSSLDIR)/lib -lssl -lcrypto
#############################################################################
#
# Stuff for handling the source files
#
SOURCES=easy-tls.c test.c
HEADERS=easy-tls.h test.h
DOCSandEXAMPLESetc=Makefile cert.pem cacerts.pem
EVERYTHING=$(SOURCES) $(HEADERS) $(DOCSandEXAMPLESetc)
ls: ls-l
ls-l:
ls -l $(EVERYTHING)
# For RCS:
tag:
-rcs -n_`date +%y%m%d`: $(EVERYTHING)
rcs -nMYTAG $(EVERYTHING)
rcs -nMYTAG: $(EVERYTHING)
diff:
-rcsdiff -rMYTAG -u $(EVERYTHING)
today:
-rcsdiff -r_`date +%y%m%d` -u $(EVERYTHING)
ident:
for a in $(EVERYTHING); do ident $$a; done
# Distribution .tar:
easy-tls.tar.gz: $(EVERYTHING)
tar cvf - $(EVERYTHING) | \
gzip -9 > easy-tls.tar.gz
# Working .tar:
tls.tgz: $(EVERYTHING)
tar cfv - `find . -type f -a ! -name '*.tgz' -a ! -name '*.tar.gz'` | \
gzip -9 > tls.tgz
# For emacs:
etags: TAGS
TAGS: $(SOURCES) $(HEADERS)
-etags $(SOURCES) $(HEADERS)
#############################################################################
#
# Compilation
#
# The following definitions are system dependent (and hence defined
# at the beginning of this Makefile, where they are more easily found):
### CC=gcc
### SYSCFLAGS=-Wall -pedantic -g -O2
### SYSLIBS=-lxnet
EXTRACFLAGS=-DTLS_APP=\"test.h\"
# EXTRACFLAGS=-DTLS_APP=\"test.h\" -DDEBUG_TLS
#
# The rest shouldn't need to be touched.
#
LDFLAGS=$(SYSLIBS) $(OPENSSLLIBS)
INCLUDES=$(OPENSSLINCLUDES)
CFLAGS=$(SYSCFLAGS) $(EXTRACFLAGS) $(INCLUDES)
OBJS=easy-tls.o test.o
clean:
@rm -f test
@rm -f TAGS
@rm -f *.o
@rm -f core
test: $(OBJS)
$(CC) $(OBJS) $(LDFLAGS) -o test
test.o: $(HEADERS)
easy-tls.o: $(HEADERS)

65
demos/easy_tls/README
View File

@@ -1,65 +0,0 @@
easy_tls - generic SSL/TLS proxy
========
(... and example for non-blocking SSL/TLS I/O multiplexing.)
easy_tls.c, easy_tls.h:
Small generic SSL/TLS proxy library: With a few function calls,
an application socket will be replaced by a pipe handled by a
separate SSL/TLS proxy process. This allows easily adding
SSL/TLS support to many programs not originally designed for it.
[Actually easy_tls.c is not a proper library: Customization
requires defining preprocessor macros while compiling it.
This is quite confusing, so I'll probably change it.]
These files may be used under the OpenSSL license.
test.c, test.h, Makefile, cert.pem, cacerts.pem:
Rudimentary example program using the easy_tls library, and
example key and certificates for it. Usage examples:
$ ./test 8443 # create server listening at port 8443
$ ./test 127.0.0.1 8443 # create client, connect to port 8443
# at IP address 127.0.0.1
'test' will not automatically do SSL/TLS, or even read or write
data -- it must be told to do so on input lines starting
with a command letter. 'W' means write a line, 'R' means
read a line, 'C' means close the connection, 'T' means
start an SSL/TLS proxy. E.g. (user input tagged with '*'):
* R
<<< 220 mail.example.net
* WSTARTTLS
>>> STARTTLS
* R
<<< 220 Ready to start TLS
* T
test_process_init(fd = 3, client_p = 1, apparg = (nil))
+++ `E:self signed certificate in certificate chain'
+++ `<... certificate info ...>'
* WHELO localhost
>>> HELO localhost
R
<<< 250 mail.example.net
You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using
'T' multiple times. I have no idea why you would want to though.
This code is rather old. When I find time I will update anything that
should be changed, and improve code comments. To compile the sample
program 'test' on platforms other then Linux or Solaris, you will have
to edit the Makefile.
As noted above, easy_tls.c will be changed to become a library one
day, which means that future revisions will not be fully compatible to
the current version.
Bodo Möller <bodo@openssl.org>

18
demos/easy_tls/cacerts.pem
View File

@@ -1,18 +0,0 @@
$Id: cacerts.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-----BEGIN CERTIFICATE-----
MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
-----END CERTIFICATE-----

31
demos/easy_tls/cert.pem
View File

@@ -1,31 +0,0 @@
$Id: cert.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
Example certificate and key.
-----BEGIN CERTIFICATE-----
MIIB1jCCAT8CAQEwDQYJKoZIhvcNAQEEBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw05OTA1MDEwMTI2MzVaFw05OTA1MzEwMTI2MzVaMCIxCzAJBgNVBAYTAkRF
MRMwEQYDVQQDEwpUZXN0c2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68/8MbT3ou0pdF
AcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2ai7emdjMjXVL
tzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQABMA0GCSqGSIb3
DQEBBAUAA4GBAMgM+sbAk8DfjSfa+Rf2gcGXmbrvZAzKzC+5RU3kaq/NyxIXAGco
9dZjozzWfN/xuGup5boFk+KrP+xdgsaqGHsyzlgEoqz4ekqLjQeVbnoj339hVFU9
MhPi6JULPxjXKumjfX2LLNkikW5puz8Df3UiX0EiaJvd7EwP8J75tiUT
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68
/8MbT3ou0pdFAcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2
ai7emdjMjXVLtzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQAB
AoGANST8c1etf1MU19oIO5aqaE19OCXIG7oakNLCCtVTPMfvnE+vffBJH7BPIUuU
4BBzwRv1nQrkvk72TPjVjOAu81B1SStKQueun2flVuYxp9NyupNWCBley4QdohlP
I92ml2tzTSPmNIoA6jdGyNzFcGchapRRmejsC39F1RUbHQECQQD9KX81Wt8ZOrri
dWiEXja1L3X8Bkb9vvUjVMQDTJJPxBJjehC6eurgE6PP6SJD5p/f3RHPCcLr8tSM
D4P/OpKhAkEA/PFNlhIZUDKK6aTvG2mn7qQ5phbadOoyN1Js3ttWG5OMOZ6b/QlC
Wvp84h44506BIlv+Tg2YAI0AdBUrf7oEowJAM4joAVd/ROaEtqbJ4PBA2L9RmD06
5FqkEk4mHLnQqvYx/BgUIbH18ClvVlqSBBqFfw/EmU3WZSuogt6Bs0ocIQJBAOxB
AoPiYcxbeQ5kZIVJOXaX49SzUdaUDNVJYrEBUzsspHQJJo/Avz606kJVkjbSR6Ft
JWmIHuqcyMikIV4KxFsCQQCU2evoVjVsqkkbHi7W28f73PGBsyu0KIwlK7nu4h08
Daf7TAI+A6jW/WRUsJ6dFhUYi7/Jvkcdrlnbgm2fxziX
-----END RSA PRIVATE KEY-----

1312
demos/easy_tls/easy-tls.c
View File

File diff suppressed because it is too large Load Diff

60
demos/easy_tls/easy-tls.h
View File

@@ -1,60 +0,0 @@
/* */
/*-
* easy-tls.h -- generic TLS proxy.
* $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
*/
/*
* (c) Copyright 1999 Bodo Moeller. All rights reserved.
*/
#ifndef HEADER_TLS_H
# define HEADER_TLS_H
# ifndef HEADER_SSL_H
typedef struct ssl_ctx_st SSL_CTX;
# endif
# define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */
void tls_set_dhe1024(int i, void *apparg);
/*
* Generate DHE parameters: i >= 0 deterministic (i selects seed), i < 0
* random (may take a while). tls_create_ctx calls this with random
* non-negative i if the application has never called it.
*/
void tls_rand_seed(void);
int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
void tls_rand_seed_from_memory(const void *buf, size_t n);
struct tls_create_ctx_args {
int client_p;
const char *certificate_file;
const char *key_file;
const char *ca_file;
int verify_depth;
int fail_unless_verified;
int export_p;
};
struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
/*
* struct tls_create_ctx_args is similar to a conventional argument list, but
* it can provide default values and allows for future extension.
*/
SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
struct tls_start_proxy_args {
int fd;
int client_p;
SSL_CTX *ctx;
pid_t *pid;
int *infofd;
};
struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
/*
* tls_start_proxy return value *MUST* be checked! 0 means ok, otherwise
* we've probably run out of some resources.
*/
int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
#endif

248
demos/easy_tls/test.c
View File

@@ -1,248 +0,0 @@
/* test.c */
/* $Id: test.c,v 1.1 2001/09/17 19:06:59 bodo Exp $ */
#define L_PORT 9999
#define C_PORT 443
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <unistd.h>
#include "test.h"
#include "easy-tls.h"
void test_process_init(int fd, int client_p, void *apparg)
{
fprintf(stderr,
"test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd,
client_p, apparg);
}
void test_errflush(int child_p, char *errbuf, size_t num, void *apparg)
{
fputs(errbuf, stderr);
}
int main(int argc, char *argv[])
{
int s, fd, r;
FILE *conn_in;
FILE *conn_out;
char buf[256];
SSL_CTX *ctx;
int client_p = 0;
int port;
int tls = 0;
char infobuf[TLS_INFO_SIZE + 1];
if (argc > 1 && argv[1][0] == '-') {
fputs("Usage: test [port] -- server\n"
" test num.num.num.num [port] -- client\n", stderr);
exit(1);
}
if (argc > 1) {
if (strchr(argv[1], '.')) {
client_p = 1;
}
}
fputs(client_p ? "Client\n" : "Server\n", stderr);
{
struct tls_create_ctx_args a = tls_create_ctx_defaultargs();
a.client_p = client_p;
a.certificate_file = "cert.pem";
a.key_file = "cert.pem";
a.ca_file = "cacerts.pem";
ctx = tls_create_ctx(a, NULL);
if (ctx == NULL)
exit(1);
}
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (s == -1) {
perror("socket");
exit(1);
}
if (client_p) {
struct sockaddr_in addr;
size_t addr_len = sizeof addr;
addr.sin_family = AF_INET;
assert(argc > 1);
if (argc > 2)
sscanf(argv[2], "%d", &port);
else
port = C_PORT;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(argv[1]);
r = connect(s, &addr, addr_len);
if (r != 0) {
perror("connect");
exit(1);
}
fd = s;
fprintf(stderr, "Connect (fd = %d).\n", fd);
} else {
/* server */
{
int i = 1;
r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&i, sizeof i);
if (r == -1) {
perror("setsockopt");
exit(1);
}
}
{
struct sockaddr_in addr;
size_t addr_len = sizeof addr;
if (argc > 1)
sscanf(argv[1], "%d", &port);
else
port = L_PORT;
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
r = bind(s, &addr, addr_len);
if (r != 0) {
perror("bind");
exit(1);
}
}
r = listen(s, 1);
if (r == -1) {
perror("listen");
exit(1);
}
fprintf(stderr, "Listening at port %i.\n", port);
fd = accept(s, NULL, 0);
if (fd == -1) {
perror("accept");
exit(1);
}
fprintf(stderr, "Accept (fd = %d).\n", fd);
}
conn_in = fdopen(fd, "r");
if (conn_in == NULL) {
perror("fdopen");
exit(1);
}
conn_out = fdopen(fd, "w");
if (conn_out == NULL) {
perror("fdopen");
exit(1);
}
setvbuf(conn_in, NULL, _IOLBF, 256);
setvbuf(conn_out, NULL, _IOLBF, 256);
while (fgets(buf, sizeof buf, stdin) != NULL) {
if (buf[0] == 'W') {
fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1),
buf + 1);
fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1),
buf + 1);
} else if (buf[0] == 'C') {
fprintf(stderr, "Closing.\n");
fclose(conn_in);
fclose(conn_out);
exit(0);
} else if (buf[0] == 'R') {
int lines = 0;
sscanf(buf + 1, "%d", &lines);
do {
if (fgets(buf, sizeof buf, conn_in) == NULL) {
if (ferror(conn_in)) {
fprintf(stderr, "ERROR\n");
exit(1);
}
fprintf(stderr, "CLOSED\n");
return 0;
}
fprintf(stderr, "<<< %s", buf);
} while (--lines > 0);
} else if (buf[0] == 'T') {
int infofd;
tls++;
{
struct tls_start_proxy_args a = tls_start_proxy_defaultargs();
a.fd = fd;
a.client_p = client_p;
a.ctx = ctx;
a.infofd = &infofd;
r = tls_start_proxy(a, NULL);
}
assert(r != 1);
if (r != 0) {
fprintf(stderr, "tls_start_proxy failed: %d\n", r);
switch (r) {
case -1:
fputs("socketpair", stderr);
break;
case 2:
fputs("FD_SETSIZE exceeded", stderr);
break;
case -3:
fputs("pipe", stderr);
break;
case -4:
fputs("fork", stderr);
break;
case -5:
fputs("dup2", stderr);
break;
default:
fputs("?", stderr);
}
if (r < 0)
perror("");
else
fputc('\n', stderr);
exit(1);
}
r = read(infofd, infobuf, sizeof infobuf - 1);
if (r > 0) {
const char *info = infobuf;
const char *eol;
infobuf[r] = '\0';
while ((eol = strchr(info, '\n')) != NULL) {
fprintf(stderr, "+++ `%.*s'\n", eol - info, info);
info = eol + 1;
}
close(infofd);
}
} else {
fprintf(stderr, "W... write line to network\n"
"R[n] read line (n lines) from network\n"
"C close\n"
"T start %sTLS proxy\n", tls ? "another " : "");
}
}
return 0;
}

10
demos/easy_tls/test.h
View File

@@ -1,10 +0,0 @@
/* test.h */
/* $Id: test.h,v 1.1 2001/09/17 19:07:00 bodo Exp $ */
void test_process_init(int fd, int client_p, void *apparg);
#define TLS_APP_PROCESS_INIT test_process_init
#undef TLS_CUMULATE_ERRORS
void test_errflush(int child_p, char *errbuf, size_t num, void *apparg);
#define TLS_APP_ERRFLUSH test_errflush

114
demos/engines/cluster_labs/Makefile
View File

@@ -1,114 +0,0 @@
LIBNAME= libclabs
SRC= hw_cluster_labs.c
OBJ= hw_cluster_labs.o
HEADER= hw_cluster_labs.h
CC= gcc
PIC= -fPIC
CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
AR= ar r
RANLIB= ranlib
LIB= $(LIBNAME).a
SHLIB= $(LIBNAME).so
all:
@echo 'Please choose a system to build on:'
@echo ''
@echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
@echo 'solaris: Solaris'
@echo 'irix: IRIX'
@echo 'hpux32: 32-bit HP/UX'
@echo 'hpux64: 64-bit HP/UX'
@echo 'aix: AIX'
@echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
@echo ''
FORCE.update:
update: FORCE.update
perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
-nostatic -staticloader -write hw_cluster_labs.c
gnu: $(SHLIB).gnu
tru64: $(SHLIB).tru64
solaris: $(SHLIB).solaris
irix: $(SHLIB).irix
hpux32: $(SHLIB).hpux32
hpux64: $(SHLIB).hpux64
aix: $(SHLIB).aix
$(LIB): $(OBJ)
$(AR) $(LIB) $(OBJ)
- $(RANLIB) $(LIB)
LINK_SO= \
ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
(nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
$$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
$(SHLIB).gnu: $(LIB)
ALLSYMSFLAGS='--whole-archive' \
SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).gnu
$(SHLIB).tru64: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).tru64
$(SHLIB).solaris: $(LIB)
ALLSYMSFLAGS='-z allextract' \
SHAREDFLAGS='-G -h $(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).solaris
$(SHLIB).irix: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).irix
$(SHLIB).hpux32: $(LIB)
ALLSYMSFLAGS='-Fl' \
SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux32
$(SHLIB).hpux64: $(LIB)
ALLSYMSFLAGS='+forceload' \
SHAREDFLAGS='-b -z +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux64
$(SHLIB).aix: $(LIB)
ALLSYMSFLAGS='-bnogc' \
SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).aix
depend:
sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp Makefile
mv Makefile.new Makefile
# DO NOT DELETE THIS LINE -- make depend depends on it.
rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
rsaref.o: ../../../include/openssl/opensslconf.h
rsaref.o: ../../../include/openssl/opensslv.h
rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
rsaref.o: source/rsaref.h

33
demos/engines/cluster_labs/cluster_labs.h
View File

@@ -1,33 +0,0 @@
typedef int cl_engine_init(void);
typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *cgx);
typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx);
typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rand_bytes(unsigned char *buf, int num);
typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
static const char *CLUSTER_LABS_F1 = "hw_engine_init";
static const char *CLUSTER_LABS_F2 = "hw_mod_exp";
static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt";
static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp";
static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc";
static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec";
static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc";
static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec";
static const char *CLUSTER_LABS_F20 = "hw_rand_bytes";
static const char *CLUSTER_LABS_F30 = "hw_dsa_sign";
static const char *CLUSTER_LABS_F31 = "hw_dsa_verify";

692
demos/engines/cluster_labs/hw_cluster_labs.c
View File

@@ -1,692 +0,0 @@
/* crypto/engine/hw_cluster_labs.c */
/*
* Written by Jan Tschirschwitz (jan.tschirschwitz@cluster-labs.com for the
* OpenSSL project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define MSC_VER /* only used cryptic.h */
#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/dso.h>
#include <openssl/des.h>
#include <openssl/engine.h>
#ifndef NO_HW
# ifndef NO_HW_CLUSTER_LABS
# ifdef FLAT_INC
# include "cluster_labs.h"
# else
# include "vendor_defns/cluster_labs.h"
# endif
# define CL_LIB_NAME "cluster_labs engine"
# include "hw_cluster_labs_err.c"
static int cluster_labs_destroy(ENGINE *e);
static int cluster_labs_init(ENGINE *e);
static int cluster_labs_finish(ENGINE *e);
static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) ());
/* BIGNUM stuff */
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx);
/* RSA stuff */
# ifndef OPENSSL_NO_RSA
static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding);
static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding);
static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
# endif
/* DSA stuff */
# ifndef OPENSSL_NO_DSA
static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen,
DSA *dsa);
static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont);
static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx);
# endif
/* DH stuff */
# ifndef OPENSSL_NO_DH
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx);
# endif
/* RANDOM stuff */
static int cluster_labs_rand_bytes(unsigned char *buf, int num);
/* The definitions for control commands specific to this engine */
# define CLUSTER_LABS_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] = {
{CLUSTER_LABS_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'cluster labs' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
/* Our internal RSA_METHOD that we provide pointers to */
# ifndef OPENSSL_NO_RSA
static RSA_METHOD cluster_labs_rsa = {
"Cluster Labs RSA method",
cluster_labs_rsa_pub_enc, /* rsa_pub_enc */
cluster_labs_rsa_pub_dec, /* rsa_pub_dec */
cluster_labs_rsa_priv_enc, /* rsa_priv_enc */
cluster_labs_rsa_priv_dec, /* rsa_priv_dec */
cluster_labs_rsa_mod_exp, /* rsa_mod_exp */
cluster_labs_mod_exp_mont, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL, /* apps_data */
NULL, /* rsa_sign */
NULL /* rsa_verify */
};
# endif
/* Our internal DSA_METHOD that we provide pointers to */
# ifndef OPENSSL_NO_DSA
static DSA_METHOD cluster_labs_dsa = {
"Cluster Labs DSA method",
cluster_labs_dsa_sign, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
cluster_labs_dsa_verify, /* dsa_do_verify */
cluster_labs_dsa_mod_exp, /* dsa_mod_exp */
cluster_labs_mod_exp_dsa, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
# endif
/* Our internal DH_METHOD that we provide pointers to */
# ifndef OPENSSL_NO_DH
static DH_METHOD cluster_labs_dh = {
"Cluster Labs DH method",
NULL, /* generate key */
NULL, /* compute key */
cluster_labs_mod_exp_dh, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
# endif
static RAND_METHOD cluster_labs_rand = {
/* "Cluster Labs RAND method", */
NULL, /* seed */
cluster_labs_rand_bytes, /* bytes */
NULL, /* cleanup */
NULL, /* add */
cluster_labs_rand_bytes, /* pseudorand */
NULL, /* status */
};
static const char *engine_cluster_labs_id = "cluster_labs";
static const char *engine_cluster_labs_name =
"Cluster Labs hardware engine support";
/* engine implementation */
/* ---------------------*/
static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_cluster_labs_id) ||
!ENGINE_set_name(e, engine_cluster_labs_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &cluster_labs_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &cluster_labs_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &cluster_labs_dh) ||
# endif
!ENGINE_set_RAND(e, &cluster_labs_rand) ||
!ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
!ENGINE_set_init_function(e, cluster_labs_init) ||
!ENGINE_set_finish_function(e, cluster_labs_finish) ||
!ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
!ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
return 0;
/* Ensure the error handling is set up */
ERR_load_CL_strings();
return 1;
}
# ifndef ENGINE_DYNAMIC_SUPPORT
static ENGINE *engine_cluster_labs(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
# ifdef ENGINE_DYNAMIC_SUPPORT
static
# endif
void ENGINE_load_cluster_labs(void)
{
ENGINE *cluster_labs = engine_cluster_labs();
if (!cluster_labs)
return;
ENGINE_add(cluster_labs);
ENGINE_free(cluster_labs);
ERR_clear_error();
}
# endif /* !ENGINE_DYNAMIC_SUPPORT */
static int cluster_labs_destroy(ENGINE *e)
{
ERR_unload_CL_strings();
return 1;
}
/*
* This is a process-global DSO handle used for loading and unloading the
* Cluster Labs library. NB: This is only set (or unset) during an init() or
* finish() call (reference counts permitting) and they're operating with
* global locks, so this should be thread-safe implicitly.
*/
static DSO *cluster_labs_dso = NULL;
/*
* These are the function pointers that are (un)set when the library has
* successfully (un)loaded.
*/
static cl_engine_init *p_cl_engine_init = NULL;
static cl_mod_exp *p_cl_mod_exp = NULL;
static cl_mod_exp_crt *p_cl_mod_exp_crt = NULL;
static cl_rsa_mod_exp *p_cl_rsa_mod_exp = NULL;
static cl_rsa_priv_enc *p_cl_rsa_priv_enc = NULL;
static cl_rsa_priv_dec *p_cl_rsa_priv_dec = NULL;
static cl_rsa_pub_enc *p_cl_rsa_pub_enc = NULL;
static cl_rsa_pub_dec *p_cl_rsa_pub_dec = NULL;
static cl_rand_bytes *p_cl_rand_bytes = NULL;
static cl_dsa_sign *p_cl_dsa_sign = NULL;
static cl_dsa_verify *p_cl_dsa_verify = NULL;
int cluster_labs_init(ENGINE *e)
{
cl_engine_init *p1;
cl_mod_exp *p2;
cl_mod_exp_crt *p3;
cl_rsa_mod_exp *p4;
cl_rsa_priv_enc *p5;
cl_rsa_priv_dec *p6;
cl_rsa_pub_enc *p7;
cl_rsa_pub_dec *p8;
cl_rand_bytes *p20;
cl_dsa_sign *p30;
cl_dsa_verify *p31;
/* engine already loaded */
if (cluster_labs_dso != NULL) {
CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_ALREADY_LOADED);
goto err;
}
/* try to load engine */
cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL, 0);
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_DSO_FAILURE);
goto err;
}
/* bind functions */
if (!
(p1 =
(cl_engine_init *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F1))
|| !(p2 = (cl_mod_exp *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F2))
|| !(p3 = (cl_mod_exp_crt *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F3))
|| !(p4 = (cl_rsa_mod_exp *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F4))
|| !(p5 =
(cl_rsa_priv_enc *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F5))
|| !(p6 =
(cl_rsa_priv_dec *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F6))
|| !(p7 = (cl_rsa_pub_enc *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F7))
|| !(p8 = (cl_rsa_pub_dec *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F8))
|| !(p20 =
(cl_rand_bytes *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F20))
|| !(p30 = (cl_dsa_sign *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F30))
|| !(p31 =
(cl_dsa_verify *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F31))) {
CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_DSO_FAILURE);
goto err;
}
/* copy function pointers */
p_cl_engine_init = p1;
p_cl_mod_exp = p2;
p_cl_mod_exp_crt = p3;
p_cl_rsa_mod_exp = p4;
p_cl_rsa_priv_enc = p5;
p_cl_rsa_priv_dec = p6;
p_cl_rsa_pub_enc = p7;
p_cl_rsa_pub_dec = p8;
p_cl_rand_bytes = p20;
p_cl_dsa_sign = p30;
p_cl_dsa_verify = p31;
/* cluster labs engine init */
if (p_cl_engine_init() == 0) {
CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_INIT_FAILED);
goto err;
}
return (1);
err:
/* reset all pointers */
if (cluster_labs_dso)
DSO_free(cluster_labs_dso);
cluster_labs_dso = NULL;
p_cl_engine_init = NULL;
p_cl_mod_exp = NULL;
p_cl_mod_exp_crt = NULL;
p_cl_rsa_mod_exp = NULL;
p_cl_rsa_priv_enc = NULL;
p_cl_rsa_priv_dec = NULL;
p_cl_rsa_pub_enc = NULL;
p_cl_rsa_pub_dec = NULL;
p_cl_rand_bytes = NULL;
p_cl_dsa_sign = NULL;
p_cl_dsa_verify = NULL;
return (0);
}
static int cluster_labs_finish(ENGINE *e)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_FINISH, CL_R_NOT_LOADED);
return 0;
}
if (!DSO_free(cluster_labs_dso)) {
CLerr(CL_F_CLUSTER_LABS_FINISH, CL_R_DSO_FAILURE);
return 0;
}
cluster_labs_dso = NULL;
p_cl_engine_init = NULL;
p_cl_mod_exp = NULL;
p_cl_rsa_mod_exp = NULL;
p_cl_mod_exp_crt = NULL;
p_cl_rsa_priv_enc = NULL;
p_cl_rsa_priv_dec = NULL;
p_cl_rsa_pub_enc = NULL;
p_cl_rsa_pub_dec = NULL;
p_cl_rand_bytes = NULL;
p_cl_dsa_sign = NULL;
p_cl_dsa_verify = NULL;
return (1);
}
static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) ())
{
int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);
switch (cmd) {
case CLUSTER_LABS_CMD_SO_PATH:
if (p == NULL) {
CLerr(CL_F_CLUSTER_LABS_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
CLerr(CL_F_CLUSTER_LABS_CTRL, CL_R_ALREADY_LOADED);
return 0;
}
CLUSTER_LABS_LIB_NAME = (const char *)p;
return 1;
default:
break;
}
CLerr(CL_F_CLUSTER_LABS_CTRL, CL_R_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_MOD_EXP, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_mod_exp == NULL) {
CLerr(CL_F_CLUSTER_LABS_MOD_EXP, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_mod_exp(r, a, p, m, ctx);
}
static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_mod_exp_crt == NULL) {
CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_mod_exp_crt(r, a, p, q, dmp1, dmq1, iqmp, ctx);
}
static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_rsa_mod_exp == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rsa_mod_exp(r0, I, rsa);
}
static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen,
DSA *dsa)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_DSA_SIGN, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_dsa_sign == NULL) {
CLerr(CL_F_CLUSTER_LABS_DSA_SIGN, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_dsa_sign(dgst, dlen, dsa);
}
static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_dsa_verify == NULL) {
CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);
}
static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont)
{
BIGNUM t;
int status = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!cluster_labs_mod_exp(rr, a1, p1, m, ctx))
goto end;
/* let t = a2 ^ p2 mod m */
if (!cluster_labs_mod_exp(&t, a2, p2, m, ctx))
goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr, rr, &t, m, ctx))
goto end;
status = 1;
end:
BN_free(&t);
return (1);
}
static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return cluster_labs_mod_exp(r, a, p, m, ctx);
}
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return cluster_labs_mod_exp(r, a, p, m, ctx);
}
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return cluster_labs_mod_exp(r, a, p, m, ctx);
}
static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_rsa_priv_enc == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rsa_pub_enc(flen, from, to, rsa, padding);
}
static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_rsa_priv_enc == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rsa_pub_dec(flen, from, to, rsa, padding);
}
static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_rsa_priv_enc == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rsa_priv_enc(flen, from, to, rsa, padding);
}
static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_rsa_priv_dec == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rsa_priv_dec(flen, from, to, rsa, padding);
}
/************************************************************************************
* Symmetric algorithms
************************************************************************************/
/* this will be come soon! */
/************************************************************************************
* Random generator
************************************************************************************/
static int cluster_labs_rand_bytes(unsigned char *buf, int num)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RAND_BYTES, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_mod_exp_crt == NULL) {
CLerr(CL_F_CLUSTER_LABS_RAND_BYTES, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rand_bytes(buf, num);
}
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_fn(ENGINE *e, const char *id)
{
fprintf(stderr, "bind_fn CLUSTER_LABS\n");
if (id && (strcmp(id, engine_cluster_labs_id) != 0)) {
fprintf(stderr, "bind_fn return(0) first\n");
return 0;
}
if (!bind_helper(e)) {
fprintf(stderr, "bind_fn return(1) first\n");
return 0;
}
fprintf(stderr, "bind_fn return(1)\n");
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* ENGINE_DYNAMIC_SUPPORT */
# endif /* !NO_HW_CLUSTER_LABS */
#endif /* !NO_HW */

8
demos/engines/cluster_labs/hw_cluster_labs.ec
View File

@@ -1,8 +0,0 @@
# configuration file for util/mkerr.pl
#
# use like this:
#
# perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
# -nostatic -staticloader -write *.c
L CL hw_cluster_labs_err.h hw_cluster_labs_err.c

152
demos/engines/cluster_labs/hw_cluster_labs_err.c
View File

@@ -1,152 +0,0 @@
/* hw_cluster_labs_err.c */
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "hw_cluster_labs_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA CL_str_functs[] = {
{ERR_PACK(0, CL_F_CLUSTER_LABS_CTRL, 0), "CLUSTER_LABS_CTRL"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_DSA_SIGN, 0), "CLUSTER_LABS_DSA_SIGN"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_DSA_VERIFY, 0), "CLUSTER_LABS_DSA_VERIFY"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_FINISH, 0), "CLUSTER_LABS_FINISH"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_INIT, 0), "CLUSTER_LABS_INIT"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_MOD_EXP, 0), "CLUSTER_LABS_MOD_EXP"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_MOD_EXP_CRT, 0),
"CLUSTER_LABS_MOD_EXP_CRT"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RAND_BYTES, 0), "CLUSTER_LABS_RAND_BYTES"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_MOD_EXP, 0),
"CLUSTER_LABS_RSA_MOD_EXP"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PRIV_DEC, 0),
"CLUSTER_LABS_RSA_PRIV_DEC"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PRIV_ENC, 0),
"CLUSTER_LABS_RSA_PRIV_ENC"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PUB_DEC, 0),
"CLUSTER_LABS_RSA_PUB_DEC"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PUB_ENC, 0),
"CLUSTER_LABS_RSA_PUB_ENC"},
{0, NULL}
};
static ERR_STRING_DATA CL_str_reasons[] = {
{CL_R_ALREADY_LOADED, "already loaded"},
{CL_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
{CL_R_DSO_FAILURE, "dso failure"},
{CL_R_FUNCTION_NOT_BINDED, "function not binded"},
{CL_R_INIT_FAILED, "init failed"},
{CL_R_NOT_LOADED, "not loaded"},
{0, NULL}
};
#endif
#ifdef CL_LIB_NAME
static ERR_STRING_DATA CL_lib_name[] = {
{0, CL_LIB_NAME},
{0, NULL}
};
#endif
static int CL_lib_error_code = 0;
static int CL_error_init = 1;
static void ERR_load_CL_strings(void)
{
if (CL_lib_error_code == 0)
CL_lib_error_code = ERR_get_next_error_library();
if (CL_error_init) {
CL_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(CL_lib_error_code, CL_str_functs);
ERR_load_strings(CL_lib_error_code, CL_str_reasons);
#endif
#ifdef CL_LIB_NAME
CL_lib_name->error = ERR_PACK(CL_lib_error_code, 0, 0);
ERR_load_strings(0, CL_lib_name);
#endif
}
}
static void ERR_unload_CL_strings(void)
{
if (CL_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(CL_lib_error_code, CL_str_functs);
ERR_unload_strings(CL_lib_error_code, CL_str_reasons);
#endif
#ifdef CL_LIB_NAME
ERR_unload_strings(0, CL_lib_name);
#endif
CL_error_init = 1;
}
}
static void ERR_CL_error(int function, int reason, char *file, int line)
{
if (CL_lib_error_code == 0)
CL_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(CL_lib_error_code, function, reason, file, line);
}

100
demos/engines/cluster_labs/hw_cluster_labs_err.h
View File

@@ -1,100 +0,0 @@
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_CL_ERR_H
# define HEADER_CL_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CL_strings(void);
static void ERR_unload_CL_strings(void);
static void ERR_CL_error(int function, int reason, char *file, int line);
# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
/* Error codes for the CL functions. */
/* Function codes. */
# define CL_F_CLUSTER_LABS_CTRL 100
# define CL_F_CLUSTER_LABS_DSA_SIGN 101
# define CL_F_CLUSTER_LABS_DSA_VERIFY 102
# define CL_F_CLUSTER_LABS_FINISH 103
# define CL_F_CLUSTER_LABS_INIT 104
# define CL_F_CLUSTER_LABS_MOD_EXP 105
# define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106
# define CL_F_CLUSTER_LABS_RAND_BYTES 107
# define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108
# define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109
# define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110
# define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111
# define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112
/* Reason codes. */
# define CL_R_ALREADY_LOADED 100
# define CL_R_COMMAND_NOT_IMPLEMENTED 101
# define CL_R_DSO_FAILURE 102
# define CL_R_FUNCTION_NOT_BINDED 103
# define CL_R_INIT_FAILED 104
# define CL_R_NOT_LOADED 105
#ifdef __cplusplus
}
#endif
#endif

114
demos/engines/ibmca/Makefile
View File

@@ -1,114 +0,0 @@
LIBNAME= libibmca
SRC= hw_ibmca.c
OBJ= hw_ibmca.o
HEADER= hw_ibmca.h
CC= gcc
PIC= -fPIC
CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
AR= ar r
RANLIB= ranlib
LIB= $(LIBNAME).a
SHLIB= $(LIBNAME).so
all:
@echo 'Please choose a system to build on:'
@echo ''
@echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
@echo 'solaris: Solaris'
@echo 'irix: IRIX'
@echo 'hpux32: 32-bit HP/UX'
@echo 'hpux64: 64-bit HP/UX'
@echo 'aix: AIX'
@echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
@echo ''
FORCE.update:
update: FORCE.update
perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
-nostatic -staticloader -write hw_ibmca.c
gnu: $(SHLIB).gnu
tru64: $(SHLIB).tru64
solaris: $(SHLIB).solaris
irix: $(SHLIB).irix
hpux32: $(SHLIB).hpux32
hpux64: $(SHLIB).hpux64
aix: $(SHLIB).aix
$(LIB): $(OBJ)
$(AR) $(LIB) $(OBJ)
- $(RANLIB) $(LIB)
LINK_SO= \
ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
(nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
$$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
$(SHLIB).gnu: $(LIB)
ALLSYMSFLAGS='--whole-archive' \
SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).gnu
$(SHLIB).tru64: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).tru64
$(SHLIB).solaris: $(LIB)
ALLSYMSFLAGS='-z allextract' \
SHAREDFLAGS='-G -h $(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).solaris
$(SHLIB).irix: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).irix
$(SHLIB).hpux32: $(LIB)
ALLSYMSFLAGS='-Fl' \
SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux32
$(SHLIB).hpux64: $(LIB)
ALLSYMSFLAGS='+forceload' \
SHAREDFLAGS='-b -z +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux64
$(SHLIB).aix: $(LIB)
ALLSYMSFLAGS='-bnogc' \
SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).aix
depend:
sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp Makefile
mv Makefile.new Makefile
# DO NOT DELETE THIS LINE -- make depend depends on it.
rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
rsaref.o: ../../../include/openssl/opensslconf.h
rsaref.o: ../../../include/openssl/opensslv.h
rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
rsaref.o: source/rsaref.h

900
demos/engines/ibmca/hw_ibmca.c
View File

@@ -1,900 +0,0 @@
/* crypto/engine/hw_ibmca.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* (C) COPYRIGHT International Business Machines Corp. 2001 */
#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_IBMCA
# ifdef FLAT_INC
# include "ica_openssl_api.h"
# else
# include "vendor_defns/ica_openssl_api.h"
# endif
# define IBMCA_LIB_NAME "ibmca engine"
# include "hw_ibmca_err.c"
static int ibmca_destroy(ENGINE *e);
static int ibmca_init(ENGINE *e);
static int ibmca_finish(ENGINE *e);
static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
static const char *IBMCA_F1 = "icaOpenAdapter";
static const char *IBMCA_F2 = "icaCloseAdapter";
static const char *IBMCA_F3 = "icaRsaModExpo";
static const char *IBMCA_F4 = "icaRandomNumberGenerate";
static const char *IBMCA_F5 = "icaRsaCrt";
ICA_ADAPTER_HANDLE handle = 0;
/* BIGNUM stuff */
static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx);
# ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
# endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# ifndef OPENSSL_NO_DSA
/* DSA stuff */
static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont);
static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
# ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
# endif
/* RAND stuff */
static int ibmca_rand_bytes(unsigned char *buf, int num);
static int ibmca_rand_status(void);
/* WJH - check for more commands, like in nuron */
/* The definitions for control commands specific to this engine */
# define IBMCA_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {
{IBMCA_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'atasi' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD ibmca_rsa = {
"Ibmca RSA method",
NULL,
NULL,
NULL,
NULL,
ibmca_rsa_mod_exp,
ibmca_mod_exp_mont,
NULL,
NULL,
0,
NULL,
NULL,
NULL
};
# endif
# ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD ibmca_dsa = {
"Ibmca DSA method",
NULL, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
NULL, /* dsa_do_verify */
ibmca_dsa_mod_exp, /* dsa_mod_exp */
ibmca_mod_exp_dsa, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
# endif
# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD ibmca_dh = {
"Ibmca DH method",
NULL,
NULL,
ibmca_mod_exp_dh,
NULL,
NULL,
0,
NULL
};
# endif
static RAND_METHOD ibmca_rand = {
/* "IBMCA RAND method", */
NULL,
ibmca_rand_bytes,
NULL,
NULL,
ibmca_rand_bytes,
ibmca_rand_status,
};
/* Constants used when creating the ENGINE */
static const char *engine_ibmca_id = "ibmca";
static const char *engine_ibmca_name = "Ibmca hardware engine support";
/*
* This internal function is used by ENGINE_ibmca() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
# endif
if (!ENGINE_set_id(e, engine_ibmca_id) ||
!ENGINE_set_name(e, engine_ibmca_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &ibmca_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &ibmca_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &ibmca_dh) ||
# endif
!ENGINE_set_RAND(e, &ibmca_rand) ||
!ENGINE_set_destroy_function(e, ibmca_destroy) ||
!ENGINE_set_init_function(e, ibmca_init) ||
!ENGINE_set_finish_function(e, ibmca_finish) ||
!ENGINE_set_ctrl_function(e, ibmca_ctrl) ||
!ENGINE_set_cmd_defns(e, ibmca_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* ibmca-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
# endif
# ifndef OPENSSL_NO_DSA
/*
* Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
*/
meth2 = DSA_OpenSSL();
ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;
ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
ibmca_dh.generate_key = meth3->generate_key;
ibmca_dh.compute_key = meth3->compute_key;
# endif
/* Ensure the ibmca error handling is set up */
ERR_load_IBMCA_strings();
return 1;
}
static ENGINE *engine_ibmca(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
# ifdef ENGINE_DYNAMIC_SUPPORT
static
# endif
void ENGINE_load_ibmca(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_ibmca();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
/* Destructor (complements the "ENGINE_ibmca()" constructor) */
static int ibmca_destroy(ENGINE *e)
{
/*
* Unload the ibmca error strings so any error state including our functs
* or reasons won't lead to a segfault (they simply get displayed without
* corresponding string data because none will be found).
*/
ERR_unload_IBMCA_strings();
return 1;
}
/*
* This is a process-global DSO handle used for loading and unloading the
* Ibmca library. NB: This is only set (or unset) during an init() or
* finish() call (reference counts permitting) and they're operating with
* global locks, so this should be thread-safe implicitly.
*/
static DSO *ibmca_dso = NULL;
/*
* These are the function pointers that are (un)set when the library has
* successfully (un)loaded.
*/
static unsigned int (ICA_CALL * p_icaOpenAdapter) ();
static unsigned int (ICA_CALL * p_icaCloseAdapter) ();
static unsigned int (ICA_CALL * p_icaRsaModExpo) ();
static unsigned int (ICA_CALL * p_icaRandomNumberGenerate) ();
static unsigned int (ICA_CALL * p_icaRsaCrt) ();
/* utility function to obtain a context */
static int get_context(ICA_ADAPTER_HANDLE * p_handle)
{
unsigned int status = 0;
status = p_icaOpenAdapter(0, p_handle);
if (status != 0)
return 0;
return 1;
}
/* similarly to release one. */
static void release_context(ICA_ADAPTER_HANDLE handle)
{
p_icaCloseAdapter(handle);
}
/* (de)initialisation functions. */
static int ibmca_init(ENGINE *e)
{
void (*p1) ();
void (*p2) ();
void (*p3) ();
void (*p4) ();
void (*p5) ();
if (ibmca_dso != NULL) {
IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_ALREADY_LOADED);
goto err;
}
/*
* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be changed
* unfortunately because the Ibmca drivers don't have standard library
* names that can be platform-translated well.
*/
/*
* TODO: Work out how to actually map to the names the Ibmca drivers
* really use - for now a symbollic link needs to be created on the host
* system from libatasi.so to atasi.so on unix variants.
*/
/* WJH XXX check name translation */
ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,
/*
* DSO_FLAG_NAME_TRANSLATION
*/ 0);
if (ibmca_dso == NULL) {
IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE);
goto err;
}
if (!(p1 = DSO_bind_func(ibmca_dso, IBMCA_F1)) ||
!(p2 = DSO_bind_func(ibmca_dso, IBMCA_F2)) ||
!(p3 = DSO_bind_func(ibmca_dso, IBMCA_F3)) ||
!(p4 = DSO_bind_func(ibmca_dso, IBMCA_F4)) ||
!(p5 = DSO_bind_func(ibmca_dso, IBMCA_F5))) {
IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE);
goto err;
}
/* Copy the pointers */
p_icaOpenAdapter = (unsigned int (ICA_CALL *) ())p1;
p_icaCloseAdapter = (unsigned int (ICA_CALL *) ())p2;
p_icaRsaModExpo = (unsigned int (ICA_CALL *) ())p3;
p_icaRandomNumberGenerate = (unsigned int (ICA_CALL *) ())p4;
p_icaRsaCrt = (unsigned int (ICA_CALL *) ())p5;
if (!get_context(&handle)) {
IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_UNIT_FAILURE);
goto err;
}
return 1;
err:
if (ibmca_dso)
DSO_free(ibmca_dso);
p_icaOpenAdapter = NULL;
p_icaCloseAdapter = NULL;
p_icaRsaModExpo = NULL;
p_icaRandomNumberGenerate = NULL;
return 0;
}
static int ibmca_finish(ENGINE *e)
{
if (ibmca_dso == NULL) {
IBMCAerr(IBMCA_F_IBMCA_FINISH, IBMCA_R_NOT_LOADED);
return 0;
}
release_context(handle);
if (!DSO_free(ibmca_dso)) {
IBMCAerr(IBMCA_F_IBMCA_FINISH, IBMCA_R_DSO_FAILURE);
return 0;
}
ibmca_dso = NULL;
return 1;
}
static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ())
{
int initialised = ((ibmca_dso == NULL) ? 0 : 1);
switch (cmd) {
case IBMCA_CMD_SO_PATH:
if (p == NULL) {
IBMCAerr(IBMCA_F_IBMCA_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
IBMCAerr(IBMCA_F_IBMCA_CTRL, IBMCA_R_ALREADY_LOADED);
return 0;
}
IBMCA_LIBNAME = (const char *)p;
return 1;
default:
break;
}
IBMCAerr(IBMCA_F_IBMCA_CTRL, IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
/*
* I need somewhere to store temporary serialised values for use with the
* Ibmca API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX but
* access their arrays directly as byte arrays <grin>. This way I don't
* have to clean anything up.
*/
BIGNUM *argument = NULL;
BIGNUM *result = NULL;
BIGNUM *key = NULL;
int to_return;
int inLen, outLen, tmpLen;
ICA_KEY_RSA_MODEXPO *publKey = NULL;
unsigned int rc;
to_return = 0; /* expect failure */
if (!ibmca_dso) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_NOT_LOADED);
goto err;
}
/* Prepare the params */
BN_CTX_start(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
key = BN_CTX_get(ctx);
if (!argument || !result || !key) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_BN_CTX_FULL);
goto err;
}
if (!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||
!bn_wexpand(key, sizeof(*publKey) / BN_BYTES)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_BN_EXPAND_FAIL);
goto err;
}
publKey = (ICA_KEY_RSA_MODEXPO *)key->d;
if (publKey == NULL) {
goto err;
}
memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));
publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
publKey->expOffset = (char *)publKey->keyRecord - (char *)publKey;
/*
* A quirk of the card: the exponent length has to be the same as the
* modulus (key) length
*/
outLen = BN_num_bytes(m);
/* check for modulus length SAB*/
if (outLen > 256) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_MEXP_LENGTH_TO_LARGE);
goto err;
}
/* check for modulus length SAB*/
publKey->expLength = publKey->nLength = outLen;
/*
* SAB Check for underflow condition the size of the exponent is less
* than the size of the parameter then we have a big problem and will
* underflow the keyRecord buffer. Bad stuff could happen then
*/
if (outLen < BN_num_bytes(p)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_UNDERFLOW_KEYRECORD);
goto err;
}
/* SAB End check for underflow */
BN_bn2bin(p, &publKey->keyRecord[publKey->expLength - BN_num_bytes(p)]);
BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);
publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);
publKey->nOffset = CORRECT_ENDIANNESS(publKey->expOffset +
publKey->expLength);
publKey->expOffset = CORRECT_ENDIANNESS((char *)publKey->keyRecord -
(char *)publKey);
tmpLen = outLen;
publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);
/* Prepare the argument */
memset(argument->d, 0, outLen);
BN_bn2bin(a, (unsigned char *)argument->d + outLen - BN_num_bytes(a));
inLen = outLen;
/* Perform the operation */
if ((rc = p_icaRsaModExpo(handle, inLen, (unsigned char *)argument->d,
publKey, &outLen, (unsigned char *)result->d))
!= 0) {
printf("rc = %d\n", rc);
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_REQUEST_FAILED);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, outLen, r);
to_return = 1;
err:
BN_CTX_end(ctx);
return to_return;
}
# ifndef OPENSSL_NO_RSA
static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
int to_return = 0;
if ((ctx = BN_CTX_new()) == NULL)
goto err;
if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
if (!rsa->d || !rsa->n) {
IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,
IBMCA_R_MISSING_KEY_COMPONENTS);
goto err;
}
to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);
} else {
to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
rsa->dmq1, rsa->iqmp, ctx);
}
err:
if (ctx)
BN_CTX_free(ctx);
return to_return;
}
# endif
/* Ein kleines chinesisches "Restessen" */
static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx)
{
BIGNUM *argument = NULL;
BIGNUM *result = NULL;
BIGNUM *key = NULL;
int to_return = 0; /* expect failure */
char *pkey = NULL;
ICA_KEY_RSA_CRT *privKey = NULL;
int inLen, outLen;
int rc;
unsigned int offset, pSize, qSize;
/* SAB New variables */
unsigned int keyRecordSize;
unsigned int pbytes = BN_num_bytes(p);
unsigned int qbytes = BN_num_bytes(q);
unsigned int dmp1bytes = BN_num_bytes(dmp1);
unsigned int dmq1bytes = BN_num_bytes(dmq1);
unsigned int iqmpbytes = BN_num_bytes(iqmp);
/* Prepare the params */
BN_CTX_start(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
key = BN_CTX_get(ctx);
if (!argument || !result || !key) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_BN_CTX_FULL);
goto err;
}
if (!bn_wexpand(argument, p->top + q->top) ||
!bn_wexpand(result, p->top + q->top) ||
!bn_wexpand(key, sizeof(*privKey) / BN_BYTES)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_BN_EXPAND_FAIL);
goto err;
}
privKey = (ICA_KEY_RSA_CRT *)key->d;
/*
* SAB Add check for total size in bytes of the parms does not exceed the
* buffer space we have do this first
*/
keyRecordSize = pbytes + qbytes + dmp1bytes + dmq1bytes + iqmpbytes;
if (keyRecordSize > sizeof(privKey->keyRecord)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
goto err;
}
if ((qbytes + dmq1bytes) > 256) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
goto err;
}
if (pbytes + dmp1bytes > 256) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
goto err;
}
/* end SAB additions */
memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));
privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
privKey->modulusBitLength = CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);
/*
* p,dp & qInv are 1 QWORD Larger
*/
privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p) + 8);
privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));
privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1) + 8);
privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));
privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp) + 8);
offset = (char *)privKey->keyRecord - (char *)privKey;
qSize = BN_num_bytes(q);
pSize = qSize + 8; /* 1 QWORD larger */
/*
* SAB probably aittle redundant, but we'll verify that each of the
* components which make up a key record sent ot the card does not exceed
* the space that is allocated for it. this handles the case where even
* if the total length does not exceed keyrecord zied, if the operands are
* funny sized they could cause potential side affects on either the card
* or the result
*/
if ((pbytes > pSize) || (dmp1bytes > pSize) ||
(iqmpbytes > pSize) || (qbytes > qSize) || (dmq1bytes > qSize)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
goto err;
}
privKey->dpOffset = CORRECT_ENDIANNESS(offset);
offset += pSize;
privKey->dqOffset = CORRECT_ENDIANNESS(offset);
offset += qSize;
privKey->pOffset = CORRECT_ENDIANNESS(offset);
offset += pSize;
privKey->qOffset = CORRECT_ENDIANNESS(offset);
offset += qSize;
privKey->qInvOffset = CORRECT_ENDIANNESS(offset);
pkey = (char *)privKey->keyRecord;
/* SAB first check that we don;t under flow the buffer */
if (pSize < pbytes) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
goto err;
}
/* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */
pkey += pSize - BN_num_bytes(dmp1);
BN_bn2bin(dmp1, pkey);
pkey += BN_num_bytes(dmp1); /* move the pointer */
BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */
pkey += qSize; /* move pointer */
/* set up for zero padding of next field */
pkey += pSize - BN_num_bytes(p);
BN_bn2bin(p, pkey);
/* increment pointer by number of bytes moved */
pkey += BN_num_bytes(p);
BN_bn2bin(q, pkey);
pkey += qSize; /* move the pointer */
pkey += pSize - BN_num_bytes(iqmp); /* Adjust for padding */
BN_bn2bin(iqmp, pkey);
/* Prepare the argument and response */
/*
* Correct endianess is used because the fields were converted above
*/
outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2;
if (outLen > 256) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OUTLEN_TO_LARGE);
goto err;
}
/* SAB check for underflow here on the argeument */
if (outLen < BN_num_bytes(a)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
goto err;
}
BN_bn2bin(a, (unsigned char *)argument->d + outLen - BN_num_bytes(a));
inLen = outLen;
memset(result->d, 0, outLen);
/* Perform the operation */
if ((rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,
privKey, &outLen, (unsigned char *)result->d)) != 0)
{
printf("rc = %d\n", rc);
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_REQUEST_FAILED);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, outLen, r);
to_return = 1;
err:
BN_CTX_end(ctx);
return to_return;
}
# ifndef OPENSSL_NO_DSA
/*
* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration (it
* doesn't have a CRT form for RSA), this function means that an Ibmca system
* running with a DSA server certificate can handshake around 5 or 6 times
* faster/more than an equivalent system running with RSA. Just check out the
* "signs" statistics from the RSA and DSA parts of "openssl speed -engine
* ibmca dsa1024 rsa1024".
*/
static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
BIGNUM t;
int to_return = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!ibmca_mod_exp(rr, a1, p1, m, ctx))
goto end;
/* let t = a2 ^ p2 mod m */
if (!ibmca_mod_exp(&t, a2, p2, m, ctx))
goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr, rr, &t, m, ctx))
goto end;
to_return = 1;
end:
BN_free(&t);
return to_return;
}
static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return ibmca_mod_exp(r, a, p, m, ctx);
}
# endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return ibmca_mod_exp(r, a, p, m, ctx);
}
# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return ibmca_mod_exp(r, a, p, m, ctx);
}
# endif
/* Random bytes are good */
static int ibmca_rand_bytes(unsigned char *buf, int num)
{
int to_return = 0; /* assume failure */
unsigned int ret;
if (handle == 0) {
IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES, IBMCA_R_NOT_INITIALISED);
goto err;
}
ret = p_icaRandomNumberGenerate(handle, num, buf);
if (ret < 0) {
IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES, IBMCA_R_REQUEST_FAILED);
goto err;
}
to_return = 1;
err:
return to_return;
}
static int ibmca_rand_status(void)
{
return 1;
}
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_ibmca_id) != 0)) /* WJH XXX */
return 0;
if (!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* ENGINE_DYNAMIC_SUPPORT */
# endif /* !OPENSSL_NO_HW_IBMCA */
#endif /* !OPENSSL_NO_HW */

8
demos/engines/ibmca/hw_ibmca.ec
View File

@@ -1,8 +0,0 @@
# configuration file for util/mkerr.pl
#
# use like this:
#
# perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
# -nostatic -staticloader -write *.c
L IBMCA hw_ibmca_err.h hw_ibmca_err.c

149
demos/engines/ibmca/hw_ibmca_err.c
View File

@@ -1,149 +0,0 @@
/* hw_ibmca_err.c */
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "hw_ibmca_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA IBMCA_str_functs[] = {
{ERR_PACK(0, IBMCA_F_IBMCA_CTRL, 0), "IBMCA_CTRL"},
{ERR_PACK(0, IBMCA_F_IBMCA_FINISH, 0), "IBMCA_FINISH"},
{ERR_PACK(0, IBMCA_F_IBMCA_INIT, 0), "IBMCA_INIT"},
{ERR_PACK(0, IBMCA_F_IBMCA_MOD_EXP, 0), "IBMCA_MOD_EXP"},
{ERR_PACK(0, IBMCA_F_IBMCA_MOD_EXP_CRT, 0), "IBMCA_MOD_EXP_CRT"},
{ERR_PACK(0, IBMCA_F_IBMCA_RAND_BYTES, 0), "IBMCA_RAND_BYTES"},
{ERR_PACK(0, IBMCA_F_IBMCA_RSA_MOD_EXP, 0), "IBMCA_RSA_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA IBMCA_str_reasons[] = {
{IBMCA_R_ALREADY_LOADED, "already loaded"},
{IBMCA_R_BN_CTX_FULL, "bn ctx full"},
{IBMCA_R_BN_EXPAND_FAIL, "bn expand fail"},
{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctrl command not implemented"},
{IBMCA_R_DSO_FAILURE, "dso failure"},
{IBMCA_R_MEXP_LENGTH_TO_LARGE, "mexp length to large"},
{IBMCA_R_MISSING_KEY_COMPONENTS, "missing key components"},
{IBMCA_R_NOT_INITIALISED, "not initialised"},
{IBMCA_R_NOT_LOADED, "not loaded"},
{IBMCA_R_OPERANDS_TO_LARGE, "operands to large"},
{IBMCA_R_OUTLEN_TO_LARGE, "outlen to large"},
{IBMCA_R_REQUEST_FAILED, "request failed"},
{IBMCA_R_UNDERFLOW_CONDITION, "underflow condition"},
{IBMCA_R_UNDERFLOW_KEYRECORD, "underflow keyrecord"},
{IBMCA_R_UNIT_FAILURE, "unit failure"},
{0, NULL}
};
#endif
#ifdef IBMCA_LIB_NAME
static ERR_STRING_DATA IBMCA_lib_name[] = {
{0, IBMCA_LIB_NAME},
{0, NULL}
};
#endif
static int IBMCA_lib_error_code = 0;
static int IBMCA_error_init = 1;
static void ERR_load_IBMCA_strings(void)
{
if (IBMCA_lib_error_code == 0)
IBMCA_lib_error_code = ERR_get_next_error_library();
if (IBMCA_error_init) {
IBMCA_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(IBMCA_lib_error_code, IBMCA_str_functs);
ERR_load_strings(IBMCA_lib_error_code, IBMCA_str_reasons);
#endif
#ifdef IBMCA_LIB_NAME
IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code, 0, 0);
ERR_load_strings(0, IBMCA_lib_name);
#endif
}
}
static void ERR_unload_IBMCA_strings(void)
{
if (IBMCA_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(IBMCA_lib_error_code, IBMCA_str_functs);
ERR_unload_strings(IBMCA_lib_error_code, IBMCA_str_reasons);
#endif
#ifdef IBMCA_LIB_NAME
ERR_unload_strings(0, IBMCA_lib_name);
#endif
IBMCA_error_init = 1;
}
}
static void ERR_IBMCA_error(int function, int reason, char *file, int line)
{
if (IBMCA_lib_error_code == 0)
IBMCA_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(IBMCA_lib_error_code, function, reason, file, line);
}

103
demos/engines/ibmca/hw_ibmca_err.h
View File

@@ -1,103 +0,0 @@
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_IBMCA_ERR_H
# define HEADER_IBMCA_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_IBMCA_strings(void);
static void ERR_unload_IBMCA_strings(void);
static void ERR_IBMCA_error(int function, int reason, char *file, int line);
# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
/* Error codes for the IBMCA functions. */
/* Function codes. */
# define IBMCA_F_IBMCA_CTRL 100
# define IBMCA_F_IBMCA_FINISH 101
# define IBMCA_F_IBMCA_INIT 102
# define IBMCA_F_IBMCA_MOD_EXP 103
# define IBMCA_F_IBMCA_MOD_EXP_CRT 104
# define IBMCA_F_IBMCA_RAND_BYTES 105
# define IBMCA_F_IBMCA_RSA_MOD_EXP 106
/* Reason codes. */
# define IBMCA_R_ALREADY_LOADED 100
# define IBMCA_R_BN_CTX_FULL 101
# define IBMCA_R_BN_EXPAND_FAIL 102
# define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
# define IBMCA_R_DSO_FAILURE 104
# define IBMCA_R_MEXP_LENGTH_TO_LARGE 105
# define IBMCA_R_MISSING_KEY_COMPONENTS 106
# define IBMCA_R_NOT_INITIALISED 107
# define IBMCA_R_NOT_LOADED 108
# define IBMCA_R_OPERANDS_TO_LARGE 109
# define IBMCA_R_OUTLEN_TO_LARGE 110
# define IBMCA_R_REQUEST_FAILED 111
# define IBMCA_R_UNDERFLOW_CONDITION 112
# define IBMCA_R_UNDERFLOW_KEYRECORD 113
# define IBMCA_R_UNIT_FAILURE 114
#ifdef __cplusplus
}
#endif
#endif

183
demos/engines/ibmca/ica_openssl_api.h
View File

@@ -1,183 +0,0 @@
#ifndef __ICA_OPENSSL_API_H__
# define __ICA_OPENSSL_API_H__
/**
** abstract data types for API
**/
# define ICA_ADAPTER_HANDLE int
# if defined(linux) || defined (_AIX)
# define ICA_CALL
# endif
# if defined(WIN32) || defined(_WIN32)
# define ICA_CALL __stdcall
# endif
/* -----------------------------------------------*
| RSA defines and typedefs |
*------------------------------------------------*/
/*
* All data elements of the RSA key are in big-endian format
* Modulus-Exponent form of key
*
*/
# define MAX_EXP_SIZE 256
# define MAX_MODULUS_SIZE 256
# define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
# define MAX_OPERAND_SIZE MAX_EXP_SIZE
typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
/*
* All data elements of the RSA key are in big-endian format
* Chinese Remainder Thereom(CRT) form of key
* Used only for Decrypt, the encrypt form is typically Modulus-Exponent
*
*/
# define MAX_BP_SIZE 136
# define MAX_BQ_SIZE 128
# define MAX_NP_SIZE 136
# define MAX_NQ_SIZE 128
# define MAX_QINV_SIZE 136
# define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
# define RSA_GEN_OPERAND_MAX 256/* bytes */
typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
/* -----------------------------------------------*
| RSA key token types |
*------------------------------------------------*/
# define RSA_PUBLIC_MODULUS_EXPONENT 3
# define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
# define KEYTYPE_MODEXPO 1
# define KEYTYPE_PKCSCRT 2
/* -----------------------------------------------*
| RSA Key Token format |
*------------------------------------------------*/
/*-
* NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
*/
typedef struct _ICA_KEY_RSA_MODEXPO {
unsigned int keyType; /* RSA key type. */
unsigned int keyLength; /* Total length of the token. */
unsigned int modulusBitLength; /* Modulus n bit length. */
/* -- Start of the data length. */
unsigned int nLength; /* Modulus n = p * q */
unsigned int expLength; /* exponent (public or private) */
/* e = 1/d * mod(p-1)(q-1) */
/* -- Start of the data offsets */
unsigned int nOffset; /* Modulus n . */
unsigned int expOffset; /* exponent (public or private) */
unsigned char reserved[112]; /* reserved area */
/* -- Start of the variable -- */
/* -- length token data. -- */
ICA_KEY_RSA_MODEXPO_REC keyRecord;
} ICA_KEY_RSA_MODEXPO;
# define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
/*-
* NOTE: All the fields in the ICA_KEY_RSA_CRT structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
*/
typedef struct _ICA_KEY_RSA_CRT {
unsigned int keyType; /* RSA key type. */
unsigned int keyLength; /* Total length of the token. */
unsigned int modulusBitLength; /* Modulus n bit length. */
/* -- Start of the data length. */
# if _AIX
unsigned int nLength; /* Modulus n = p * q */
# endif
unsigned int pLength; /* Prime number p . */
unsigned int qLength; /* Prime number q . */
unsigned int dpLength; /* dp = d * mod(p-1) . */
unsigned int dqLength; /* dq = d * mod(q-1) . */
unsigned int qInvLength; /* PKCS: qInv = Ap/q */
/* -- Start of the data offsets */
# if _AIX
unsigned int nOffset; /* Modulus n . */
# endif
unsigned int pOffset; /* Prime number p . */
unsigned int qOffset; /* Prime number q . */
unsigned int dpOffset; /* dp . */
unsigned int dqOffset; /* dq . */
unsigned int qInvOffset; /* qInv for PKCS */
# if _AIX
unsigned char reserved[80]; /* reserved area */
# else
unsigned char reserved[88]; /* reserved area */
# endif
/* -- Start of the variable -- */
/* -- length token data. -- */
ICA_KEY_RSA_CRT_REC keyRecord;
} ICA_KEY_RSA_CRT;
# define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
unsigned int
icaOpenAdapter(unsigned int adapterId, ICA_ADAPTER_HANDLE * pAdapterHandle);
unsigned int icaCloseAdapter(ICA_ADAPTER_HANDLE adapterHandle);
unsigned int
icaRsaModExpo(ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int inputDataLength,
unsigned char *pInputData,
ICA_KEY_RSA_MODEXPO *pKeyModExpo,
unsigned int *pOutputDataLength, unsigned char *pOutputData);
unsigned int
icaRsaCrt(ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int inputDataLength,
unsigned char *pInputData,
ICA_KEY_RSA_CRT *pKeyCrt,
unsigned int *pOutputDataLength, unsigned char *pOutputData);
unsigned int
icaRandomNumberGenerate(ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int outputDataLength,
unsigned char *pOutputData);
/*
* Specific macros and definitions to not have IFDEF;s all over the main code
*/
# if (_AIX)
static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
# elif (WIN32)
static const char *IBMCA_LIBNAME = "cryptica";
# else
static const char *IBMCA_LIBNAME = "ica";
# endif
# if (WIN32)
/*
* The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and offsets must be in
* big-endian format.
*
*/
# define CORRECT_ENDIANNESS(b) ( \
(((unsigned long) (b) & 0x000000ff) << 24) | \
(((unsigned long) (b) & 0x0000ff00) << 8) | \
(((unsigned long) (b) & 0x00ff0000) >> 8) | \
(((unsigned long) (b) & 0xff000000) >> 24) \
)
# define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
# define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
# else
# define CORRECT_ENDIANNESS(b) (b)
# define CRT_KEY_TYPE KEYTYPE_PKCSCRT
# define ME_KEY_TYPE KEYTYPE_MODEXPO
# endif
#endif /* __ICA_OPENSSL_API_H__ */

135
demos/engines/rsaref/Makefile
View File

@@ -1,135 +0,0 @@
LIBNAME= librsaref
SRC= rsaref.c
OBJ= rsaref.o
HEADER= rsaref.h
CC= gcc
PIC= -fPIC
CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT
AR= ar r
RANLIB= ranlib
LIB= $(LIBNAME).a
SHLIB= $(LIBNAME).so
all:
@echo 'Please choose a system to build on:'
@echo ''
@echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
@echo 'solaris: Solaris'
@echo 'irix: IRIX'
@echo 'hpux32: 32-bit HP/UX'
@echo 'hpux64: 64-bit HP/UX'
@echo 'aix: AIX'
@echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
@echo ''
FORCE.install:
install: FORCE.install
cd install; \
make -f unix/makefile CFLAGS='-I. -DPROTOTYPES=1 -O -c' RSAREFLIB=librsaref.a librsaref.a
FORCE.update:
update: FORCE.update
perl ../../../util/mkerr.pl -conf rsaref.ec \
-nostatic -staticloader -write rsaref.c
darwin: install $(SHLIB).darwin
cygwin: install $(SHLIB).cygwin
gnu: install $(SHLIB).gnu
alpha-osf1: install $(SHLIB).alpha-osf1
tru64: install $(SHLIB).tru64
solaris: install $(SHLIB).solaris
irix: install $(SHLIB).irix
hpux32: install $(SHLIB).hpux32
hpux64: install $(SHLIB).hpux64
aix: install $(SHLIB).aix
reliantunix: install $(SHLIB).reliantunix
$(LIB): $(OBJ)
$(AR) $(LIB) $(OBJ)
- $(RANLIB) $(LIB)
LINK_SO= \
ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \
(nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
$$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
$(SHLIB).darwin: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-all_load' \
SHAREDFLAGS='-dynamiclib -install_name $(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).darwin
$(SHLIB).cygwin: $(LIB) install/librsaref.a
ALLSYMSFLAGS='--whole-archive' \
SHAREDFLAGS='-shared -Wl,-Bsymbolic -Wl,--out-implib,$(LIBNAME).dll.a' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).cygwin
$(SHLIB).gnu: $(LIB) install/librsaref.a
ALLSYMSFLAGS='--whole-archive' \
SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).gnu
$(SHLIB).tru64: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).tru64
$(SHLIB).solaris: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-z allextract' \
SHAREDFLAGS='-G -h $(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).solaris
$(SHLIB).irix: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).irix
$(SHLIB).hpux32: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-Fl' \
SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux32
$(SHLIB).hpux64: $(LIB) install/librsaref.a
ALLSYMSFLAGS='+forceload' \
SHAREDFLAGS='-b -z +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux64
$(SHLIB).aix: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-bnogc' \
SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).aix
depend:
sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp Makefile
mv Makefile.new Makefile
# DO NOT DELETE THIS LINE -- make depend depends on it.
rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
rsaref.o: ../../../include/openssl/opensslconf.h
rsaref.o: ../../../include/openssl/opensslv.h
rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
rsaref.o: source/rsaref.h

22
demos/engines/rsaref/README
View File

@@ -1,22 +0,0 @@
librsaref.so is a demonstration dynamic engine that does RSA
operations using the old RSAref 2.0 implementation.
To make proper use of this engine, you must download RSAref 2.0
(search the web for rsaref.tar.Z for example) and unpack it in this
directory, so you'll end up having the subdirectories "install" and
"source" among others.
To build, do the following:
make
This will list a number of available targets to choose from. Most of
them are architecture-specific. The exception is "gnu" which is to be
used on systems where GNU ld and gcc have been installed in such a way
that gcc uses GNU ld to link together programs and shared libraries.
The make file assumes you use gcc. To change that, just reassign CC:
make CC=cc
The result is librsaref.so, which you can copy to any place you wish.

105
demos/engines/rsaref/build.com
View File

@@ -1,105 +0,0 @@
$! BUILD.COM -- Building procedure for the RSAref engine
$
$ if f$search("source.dir") .eqs. "" -
.or. f$search("install.dir") .eqs. ""
$ then
$ write sys$error "RSAref 2.0 hasn't been properly extracted."
$ exit
$ endif
$
$ if (f$getsyi("cpu").lt.128)
$ then
$ arch := vax
$ else
$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if (arch .eqs. "") then arch = "UNK"
$ endif
$
$ _save_default = f$environment("default")
$ set default [.install]
$ files := desc,digit,md2c,md5c,nn,prime,-
rsa,r_encode,r_dh,r_enhanc,r_keygen,r_random,-
r_stdlib
$ delete rsaref.olb;*
$ library/create/object rsaref.olb
$ files_i = 0
$ rsaref_loop:
$ files_e = f$edit(f$element(files_i,",",files),"trim")
$ files_i = files_i + 1
$ if files_e .eqs. "," then goto rsaref_loop_end
$ cc/include=([-.source],[])/define=PROTOTYPES=1/object=[]'files_e'.obj -
[-.source]'files_e'.c
$ library/replace/object rsaref.olb 'files_e'.obj
$ goto rsaref_loop
$ rsaref_loop_end:
$
$ set default [-]
$ define/user openssl [---.include.openssl]
$ cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c
$
$ if arch .eqs. "VAX"
$ then
$ macro/object=rsaref_vec.obj sys$input:
;
; Transfer vector for VAX shareable image
;
.TITLE librsaref
;
; Define macro to assist in building transfer vector entries. Each entry
; should take no more than 8 bytes.
;
.MACRO FTRANSFER_ENTRY routine
.ALIGN QUAD
.TRANSFER routine
.MASK routine
JMP routine+2
.ENDM FTRANSFER_ENTRY
;
; Place entries in own program section.
;
.PSECT $$LIBRSAREF,QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT
LIBRSAREF_xfer:
FTRANSFER_ENTRY bind_engine
FTRANSFER_ENTRY v_check
;
; Allocate extra storage at end of vector to allow for expansion.
;
.BLKB 512-<.-LIBRSAREF_xfer> ; 1 page.
.END
$ link/share=librsaref.exe sys$input:/option
!
! Ensure transfer vector is at beginning of image
!
CLUSTER=FIRST
COLLECT=FIRST,$$LIBRSAREF
!
! make psects nonshareable so image can be installed.
!
PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
[]rsaref_vec.obj
[]rsaref.obj
[.install]rsaref.olb/lib
[---.vax.exe.crypto]libcrypto.olb/lib
$ else
$ if arch_name .eqs. "ALPHA"
$ then
$ link/share=librsaref.exe sys$input:/option
[]rsaref.obj
[.install]rsaref.olb/lib
[---.alpha.exe.crypto]libcrypto.olb/lib
symbol_vector=(bind_engine=procedure,v_check=procedure)
$ else
$ if arch_name .eqs. "IA64"
$ then
$ link /shareable=librsaref.exe sys$input: /options
[]rsaref.obj
[.install]rsaref.olb/lib
[---.ia64.exe.crypto]libcrypto.olb/lib
symbol_vector=(bind_engine=procedure,v_check=procedure)
$ endif
$ endif
$ endif
$
$ set default '_save_default'

713
demos/engines/rsaref/rsaref.c
View File

@@ -1,713 +0,0 @@
/*
* Demo of how to construct your own engine and using it. The basis of this
* engine is RSAref, an old reference of the RSA algorithm which can still be
* found a little here and there.
*/
#include <stdio.h>
#include <string.h>
#include "./source/global.h"
#include "./source/rsaref.h"
#include "./source/rsa.h"
#include "./source/des.h"
#include <openssl/err.h>
#define OPENSSL_NO_MD2
#define OPENSSL_NO_MD5
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/engine.h>
#define RSAREF_LIB_NAME "rsaref engine"
#include "rsaref_err.c"
/*****************************************************************************
*** Function declarations and global variable definitions ***
*****************************************************************************/
/*****************************************************************************
* Constants used when creating the ENGINE
**/
static const char *engine_rsaref_id = "rsaref";
static const char *engine_rsaref_name = "RSAref engine support";
/*****************************************************************************
* Functions to handle the engine
**/
static int rsaref_destroy(ENGINE *e);
static int rsaref_init(ENGINE *e);
static int rsaref_finish(ENGINE *e);
#if 0
static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
#endif
/*****************************************************************************
* Engine commands
**/
static const ENGINE_CMD_DEFN rsaref_cmd_defns[] = {
{0, NULL, NULL, 0}
};
/*****************************************************************************
* RSA functions
**/
static int rsaref_private_decrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int rsaref_private_encrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int rsaref_public_encrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int rsaref_public_decrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
/*****************************************************************************
* Our RSA method
**/
static RSA_METHOD rsaref_rsa = {
"RSAref PKCS#1 RSA",
rsaref_public_encrypt,
rsaref_public_decrypt,
rsaref_private_encrypt,
rsaref_private_decrypt,
rsaref_mod_exp,
bnref_mod_exp,
NULL,
NULL,
0,
NULL,
NULL,
NULL
};
/*****************************************************************************
* Symetric cipher and digest function registrars
**/
static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid);
static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid);
static int rsaref_cipher_nids[] =
{ NID_des_cbc, NID_des_ede3_cbc, NID_desx_cbc, 0 };
static int rsaref_digest_nids[] = { NID_md2, NID_md5, 0 };
/*****************************************************************************
* DES functions
**/
static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl);
static int cipher_des_cbc_clean(EVP_CIPHER_CTX *);
static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc);
static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in,
unsigned int inl);
static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);
static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl);
static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);
/*****************************************************************************
* Our DES ciphers
**/
static const EVP_CIPHER cipher_des_cbc = {
NID_des_cbc,
8, 8, 8,
0 | EVP_CIPH_CBC_MODE,
cipher_des_cbc_init,
cipher_des_cbc_code,
cipher_des_cbc_clean,
sizeof(DES_CBC_CTX),
NULL,
NULL,
NULL,
NULL
};
static const EVP_CIPHER cipher_des_ede3_cbc = {
NID_des_ede3_cbc,
8, 24, 8,
0 | EVP_CIPH_CBC_MODE,
cipher_des_ede3_cbc_init,
cipher_des_ede3_cbc_code,
cipher_des_ede3_cbc_clean,
sizeof(DES3_CBC_CTX),
NULL,
NULL,
NULL,
NULL
};
static const EVP_CIPHER cipher_desx_cbc = {
NID_desx_cbc,
8, 24, 8,
0 | EVP_CIPH_CBC_MODE,
cipher_desx_cbc_init,
cipher_desx_cbc_code,
cipher_desx_cbc_clean,
sizeof(DESX_CBC_CTX),
NULL,
NULL,
NULL,
NULL
};
/*****************************************************************************
* MD functions
**/
static int digest_md2_init(EVP_MD_CTX *ctx);
static int digest_md2_update(EVP_MD_CTX *ctx, const void *data,
unsigned long count);
static int digest_md2_final(EVP_MD_CTX *ctx, unsigned char *md);
static int digest_md5_init(EVP_MD_CTX *ctx);
static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
unsigned long count);
static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
/*****************************************************************************
* Our MD digests
**/
static const EVP_MD digest_md2 = {
NID_md2,
NID_md2WithRSAEncryption,
16,
0,
digest_md2_init,
digest_md2_update,
digest_md2_final,
NULL,
NULL,
EVP_PKEY_RSA_method,
16,
sizeof(MD2_CTX)
};
static const EVP_MD digest_md5 = {
NID_md5,
NID_md5WithRSAEncryption,
16,
0,
digest_md5_init,
digest_md5_update,
digest_md5_final,
NULL,
NULL,
EVP_PKEY_RSA_method,
64,
sizeof(MD5_CTX)
};
/*****************************************************************************
*** Function definitions ***
*****************************************************************************/
/*****************************************************************************
* Functions to handle the engine
**/
static int bind_rsaref(ENGINE *e)
{
const RSA_METHOD *meth1;
if (!ENGINE_set_id(e, engine_rsaref_id)
|| !ENGINE_set_name(e, engine_rsaref_name)
|| !ENGINE_set_RSA(e, &rsaref_rsa)
|| !ENGINE_set_ciphers(e, rsaref_ciphers)
|| !ENGINE_set_digests(e, rsaref_digests)
|| !ENGINE_set_destroy_function(e, rsaref_destroy)
|| !ENGINE_set_init_function(e, rsaref_init)
|| !ENGINE_set_finish_function(e, rsaref_finish)
/* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
/*
* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns)
*/ )
return 0;
/* Ensure the rsaref error handling is set up */
ERR_load_RSAREF_strings();
return 1;
}
#ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_helper(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_rsaref_id) != 0))
return 0;
if (!bind_rsaref(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
#else
static ENGINE *engine_rsaref(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_rsaref(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_rsaref(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_rsaref();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
#endif
/* Initiator which is only present to make sure this engine looks available */
static int rsaref_init(ENGINE *e)
{
return 1;
}
/* Finisher which is only present to make sure this engine looks available */
static int rsaref_finish(ENGINE *e)
{
return 1;
}
/* Destructor (complements the "ENGINE_ncipher()" constructor) */
static int rsaref_destroy(ENGINE *e)
{
ERR_unload_RSAREF_strings();
return 1;
}
/*****************************************************************************
* RSA functions
**/
static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
RSAREFerr(RSAREF_F_RSAREF_MOD_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
RSAREFerr(RSAREF_F_BNREF_MOD_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
/* unsigned char *to: [max] */
static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)
{
int i;
i = BN_num_bytes(from);
if (i > max) {
RSAREFerr(RSAREF_F_RSAREF_BN2BIN, RSAREF_R_LEN);
return (0);
}
memset(to, 0, (unsigned int)max);
if (!BN_bn2bin(from, &(to[max - i])))
return (0);
return (1);
}
#ifdef undef
/* unsigned char *from: [max] */
static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)
{
int i;
BIGNUM *ret;
for (i = 0; i < max; i++)
if (from[i])
break;
ret = BN_bin2bn(&(from[i]), max - i, to);
return (ret);
}
static int RSAref_Public_ref2eay(RSArefPublicKey * from, RSA *to)
{
to->n = RSAref_bin2bn(from->m, NULL, RSAref_MAX_LEN);
to->e = RSAref_bin2bn(from->e, NULL, RSAref_MAX_LEN);
if ((to->n == NULL) || (to->e == NULL))
return (0);
return (1);
}
#endif
static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY * to)
{
to->bits = BN_num_bits(from->n);
if (!RSAref_bn2bin(from->n, to->modulus, MAX_RSA_MODULUS_LEN))
return (0);
if (!RSAref_bn2bin(from->e, to->exponent, MAX_RSA_MODULUS_LEN))
return (0);
return (1);
}
#ifdef undef
static int RSAref_Private_ref2eay(RSArefPrivateKey * from, RSA *to)
{
if ((to->n = RSAref_bin2bn(from->m, NULL, RSAref_MAX_LEN)) == NULL)
return (0);
if ((to->e = RSAref_bin2bn(from->e, NULL, RSAref_MAX_LEN)) == NULL)
return (0);
if ((to->d = RSAref_bin2bn(from->d, NULL, RSAref_MAX_LEN)) == NULL)
return (0);
if ((to->p =
RSAref_bin2bn(from->prime[0], NULL, RSAref_MAX_PLEN)) == NULL)
return (0);
if ((to->q =
RSAref_bin2bn(from->prime[1], NULL, RSAref_MAX_PLEN)) == NULL)
return (0);
if ((to->dmp1 = RSAref_bin2bn(from->pexp[0], NULL, RSAref_MAX_PLEN))
== NULL)
return (0);
if ((to->dmq1 = RSAref_bin2bn(from->pexp[1], NULL, RSAref_MAX_PLEN))
== NULL)
return (0);
if ((to->iqmp = RSAref_bin2bn(from->coef, NULL, RSAref_MAX_PLEN)) == NULL)
return (0);
return (1);
}
#endif
static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY * to)
{
to->bits = BN_num_bits(from->n);
if (!RSAref_bn2bin(from->n, to->modulus, MAX_RSA_MODULUS_LEN))
return (0);
if (!RSAref_bn2bin(from->e, to->publicExponent, MAX_RSA_MODULUS_LEN))
return (0);
if (!RSAref_bn2bin(from->d, to->exponent, MAX_RSA_MODULUS_LEN))
return (0);
if (!RSAref_bn2bin(from->p, to->prime[0], MAX_RSA_PRIME_LEN))
return (0);
if (!RSAref_bn2bin(from->q, to->prime[1], MAX_RSA_PRIME_LEN))
return (0);
if (!RSAref_bn2bin(from->dmp1, to->primeExponent[0], MAX_RSA_PRIME_LEN))
return (0);
if (!RSAref_bn2bin(from->dmq1, to->primeExponent[1], MAX_RSA_PRIME_LEN))
return (0);
if (!RSAref_bn2bin(from->iqmp, to->coefficient, MAX_RSA_PRIME_LEN))
return (0);
return (1);
}
static int rsaref_private_decrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int i, outlen = -1;
R_RSA_PRIVATE_KEY RSAkey;
if (!RSAref_Private_eay2ref(rsa, &RSAkey))
goto err;
if ((i =
RSAPrivateDecrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
len, &RSAkey)) != 0) {
RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT, i);
outlen = -1;
}
err:
memset(&RSAkey, 0, sizeof(RSAkey));
return (outlen);
}
static int rsaref_private_encrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int i, outlen = -1;
R_RSA_PRIVATE_KEY RSAkey;
if (padding != RSA_PKCS1_PADDING) {
RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,
RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (!RSAref_Private_eay2ref(rsa, &RSAkey))
goto err;
if ((i =
RSAPrivateEncrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
len, &RSAkey)) != 0) {
RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT, i);
outlen = -1;
}
err:
memset(&RSAkey, 0, sizeof(RSAkey));
return (outlen);
}
static int rsaref_public_decrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int i, outlen = -1;
R_RSA_PUBLIC_KEY RSAkey;
if (!RSAref_Public_eay2ref(rsa, &RSAkey))
goto err;
if ((i =
RSAPublicDecrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
len, &RSAkey)) != 0) {
RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT, i);
outlen = -1;
}
err:
memset(&RSAkey, 0, sizeof(RSAkey));
return (outlen);
}
static int rsaref_public_encrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int outlen = -1;
int i;
R_RSA_PUBLIC_KEY RSAkey;
R_RANDOM_STRUCT rnd;
unsigned char buf[16];
if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING) {
RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
R_RandomInit(&rnd);
R_GetRandomBytesNeeded((unsigned int *)&i, &rnd);
while (i > 0) {
if (RAND_bytes(buf, 16) <= 0)
goto err;
R_RandomUpdate(&rnd, buf, (unsigned int)((i > 16) ? 16 : i));
i -= 16;
}
if (!RSAref_Public_eay2ref(rsa, &RSAkey))
goto err;
if ((i =
RSAPublicEncrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
len, &RSAkey, &rnd)) != 0) {
RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, i);
outlen = -1;
goto err;
}
err:
memset(&RSAkey, 0, sizeof(RSAkey));
R_RandomFinal(&rnd);
memset(&rnd, 0, sizeof(rnd));
return (outlen);
}
/*****************************************************************************
* Symetric cipher and digest function registrars
**/
static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
int ok = 1;
if (!cipher) {
/* We are returning a list of supported nids */
*nids = rsaref_cipher_nids;
return (sizeof(rsaref_cipher_nids) -
1) / sizeof(rsaref_cipher_nids[0]);
}
/* We are being asked for a specific cipher */
switch (nid) {
case NID_des_cbc:
*cipher = &cipher_des_cbc;
break;
case NID_des_ede3_cbc:
*cipher = &cipher_des_ede3_cbc;
break;
case NID_desx_cbc:
*cipher = &cipher_desx_cbc;
break;
default:
ok = 0;
*cipher = NULL;
break;
}
return ok;
}
static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
int ok = 1;
if (!digest) {
/* We are returning a list of supported nids */
*nids = rsaref_digest_nids;
return (sizeof(rsaref_digest_nids) -
1) / sizeof(rsaref_digest_nids[0]);
}
/* We are being asked for a specific digest */
switch (nid) {
case NID_md2:
*digest = &digest_md2;
break;
case NID_md5:
*digest = &digest_md5;
break;
default:
ok = 0;
*digest = NULL;
break;
}
return ok;
}
/*****************************************************************************
* DES functions
**/
#undef data
#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)
static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
return 1;
}
static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
switch (ret) {
case RE_LEN:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,
RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
break;
case 0:
break;
default:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE, RSAREF_R_UNKNOWN_FAULT);
}
return !ret;
}
static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
{
memset(data(ctx), 0, ctx->cipher->ctx_size);
return 1;
}
#undef data
#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)
static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc)
{
DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
return 1;
}
static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
switch (ret) {
case RE_LEN:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,
RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
break;
case 0:
break;
default:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE, RSAREF_R_UNKNOWN_FAULT);
}
return !ret;
}
static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
{
memset(data(ctx), 0, ctx->cipher->ctx_size);
return 1;
}
#undef data
#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)
static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
return 1;
}
static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
switch (ret) {
case RE_LEN:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,
RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
break;
case 0:
break;
default:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE, RSAREF_R_UNKNOWN_FAULT);
}
return !ret;
}
static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)
{
memset(data(ctx), 0, ctx->cipher->ctx_size);
return 1;
}
/*****************************************************************************
* MD functions
**/
#undef data
#define data(ctx) ((MD2_CTX *)(ctx)->md_data)
static int digest_md2_init(EVP_MD_CTX *ctx)
{
MD2Init(data(ctx));
return 1;
}
static int digest_md2_update(EVP_MD_CTX *ctx, const void *data,
unsigned long count)
{
MD2Update(data(ctx), (unsigned char *)data, (unsigned int)count);
return 1;
}
static int digest_md2_final(EVP_MD_CTX *ctx, unsigned char *md)
{
MD2Final(md, data(ctx));
return 1;
}
#undef data
#define data(ctx) ((MD5_CTX *)(ctx)->md_data)
static int digest_md5_init(EVP_MD_CTX *ctx)
{
MD5Init(data(ctx));
return 1;
}
static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
unsigned long count)
{
MD5Update(data(ctx), (unsigned char *)data, (unsigned int)count);
return 1;
}
static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
{
MD5Final(md, data(ctx));
return 1;
}

8
demos/engines/rsaref/rsaref.ec
View File

@@ -1,8 +0,0 @@
# configuration file for util/mkerr.pl
#
# use like this:
#
# perl ../../../util/mkerr.pl -conf rsaref.ec \
# -nostatic -staticloader -write *.c
L RSAREF rsaref_err.h rsaref_err.c

158
demos/engines/rsaref/rsaref_err.c
View File

@@ -1,158 +0,0 @@
/* rsaref_err.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "rsaref_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA RSAREF_str_functs[] = {
{ERR_PACK(0, RSAREF_F_BNREF_MOD_EXP, 0), "BNREF_MOD_EXP"},
{ERR_PACK(0, RSAREF_F_CIPHER_DES_CBC_CODE, 0), "CIPHER_DES_CBC_CODE"},
{ERR_PACK(0, RSAREF_F_RSAREF_BN2BIN, 0), "RSAREF_BN2BIN"},
{ERR_PACK(0, RSAREF_F_RSAREF_MOD_EXP, 0), "RSAREF_MOD_EXP"},
{ERR_PACK(0, RSAREF_F_RSAREF_PRIVATE_DECRYPT, 0),
"RSAREF_PRIVATE_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSAREF_PRIVATE_ENCRYPT, 0),
"RSAREF_PRIVATE_ENCRYPT"},
{ERR_PACK(0, RSAREF_F_RSAREF_PUBLIC_DECRYPT, 0), "RSAREF_PUBLIC_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSAREF_PUBLIC_ENCRYPT, 0), "RSAREF_PUBLIC_ENCRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_BN2BIN, 0), "RSA_BN2BIN"},
{ERR_PACK(0, RSAREF_F_RSA_PRIVATE_DECRYPT, 0), "RSA_PRIVATE_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_PRIVATE_ENCRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_PUBLIC_DECRYPT, 0), "RSA_PUBLIC_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_PUBLIC_ENCRYPT"},
{0, NULL}
};
static ERR_STRING_DATA RSAREF_str_reasons[] = {
{RSAREF_R_CONTENT_ENCODING, "content encoding"},
{RSAREF_R_DATA, "data"},
{RSAREF_R_DIGEST_ALGORITHM, "digest algorithm"},
{RSAREF_R_ENCODING, "encoding"},
{RSAREF_R_ENCRYPTION_ALGORITHM, "encryption algorithm"},
{RSAREF_R_KEY, "key"},
{RSAREF_R_KEY_ENCODING, "key encoding"},
{RSAREF_R_LEN, "len"},
{RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED, "length not block aligned"},
{RSAREF_R_MODULUS_LEN, "modulus len"},
{RSAREF_R_NEED_RANDOM, "need random"},
{RSAREF_R_PRIVATE_KEY, "private key"},
{RSAREF_R_PUBLIC_KEY, "public key"},
{RSAREF_R_SIGNATURE, "signature"},
{RSAREF_R_SIGNATURE_ENCODING, "signature encoding"},
{RSAREF_R_UNKNOWN_FAULT, "unknown fault"},
{0, NULL}
};
#endif
#ifdef RSAREF_LIB_NAME
static ERR_STRING_DATA RSAREF_lib_name[] = {
{0, RSAREF_LIB_NAME},
{0, NULL}
};
#endif
static int RSAREF_lib_error_code = 0;
static int RSAREF_error_init = 1;
static void ERR_load_RSAREF_strings(void)
{
if (RSAREF_lib_error_code == 0)
RSAREF_lib_error_code = ERR_get_next_error_library();
if (RSAREF_error_init) {
RSAREF_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(RSAREF_lib_error_code, RSAREF_str_functs);
ERR_load_strings(RSAREF_lib_error_code, RSAREF_str_reasons);
#endif
#ifdef RSAREF_LIB_NAME
RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code, 0, 0);
ERR_load_strings(0, RSAREF_lib_name);
#endif
}
}
static void ERR_unload_RSAREF_strings(void)
{
if (RSAREF_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(RSAREF_lib_error_code, RSAREF_str_functs);
ERR_unload_strings(RSAREF_lib_error_code, RSAREF_str_reasons);
#endif
#ifdef RSAREF_LIB_NAME
ERR_unload_strings(0, RSAREF_lib_name);
#endif
RSAREF_error_init = 1;
}
}
static void ERR_RSAREF_error(int function, int reason, char *file, int line)
{
if (RSAREF_lib_error_code == 0)
RSAREF_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(RSAREF_lib_error_code, function, reason, file, line);
}

110
demos/engines/rsaref/rsaref_err.h
View File

@@ -1,110 +0,0 @@
/* rsaref_err.h */
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_RSAREF_ERR_H
# define HEADER_RSAREF_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_RSAREF_strings(void);
static void ERR_unload_RSAREF_strings(void);
static void ERR_RSAREF_error(int function, int reason, char *file, int line);
# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
/* Error codes for the RSAREF functions. */
/* Function codes. */
# define RSAREF_F_BNREF_MOD_EXP 100
# define RSAREF_F_CIPHER_DES_CBC_CODE 112
# define RSAREF_F_RSAREF_BN2BIN 101
# define RSAREF_F_RSAREF_MOD_EXP 102
# define RSAREF_F_RSAREF_PRIVATE_DECRYPT 103
# define RSAREF_F_RSAREF_PRIVATE_ENCRYPT 104
# define RSAREF_F_RSAREF_PUBLIC_DECRYPT 105
# define RSAREF_F_RSAREF_PUBLIC_ENCRYPT 106
# define RSAREF_F_RSA_BN2BIN 107
# define RSAREF_F_RSA_PRIVATE_DECRYPT 108
# define RSAREF_F_RSA_PRIVATE_ENCRYPT 109
# define RSAREF_F_RSA_PUBLIC_DECRYPT 110
# define RSAREF_F_RSA_PUBLIC_ENCRYPT 111
/* Reason codes. */
# define RSAREF_R_CONTENT_ENCODING 100
# define RSAREF_R_DATA 101
# define RSAREF_R_DIGEST_ALGORITHM 102
# define RSAREF_R_ENCODING 103
# define RSAREF_R_ENCRYPTION_ALGORITHM 104
# define RSAREF_R_KEY 105
# define RSAREF_R_KEY_ENCODING 106
# define RSAREF_R_LEN 107
# define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED 114
# define RSAREF_R_MODULUS_LEN 108
# define RSAREF_R_NEED_RANDOM 109
# define RSAREF_R_PRIVATE_KEY 110
# define RSAREF_R_PUBLIC_KEY 111
# define RSAREF_R_SIGNATURE 112
# define RSAREF_R_SIGNATURE_ENCODING 113
# define RSAREF_R_UNKNOWN_FAULT 115
#ifdef __cplusplus
}
#endif
#endif

114
demos/engines/zencod/Makefile
View File

@@ -1,114 +0,0 @@
LIBNAME= libzencod
SRC= hw_zencod.c
OBJ= hw_zencod.o
HEADER= hw_zencod.h
CC= gcc
PIC= -fPIC
CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
AR= ar r
RANLIB= ranlib
LIB= $(LIBNAME).a
SHLIB= $(LIBNAME).so
all:
@echo 'Please choose a system to build on:'
@echo ''
@echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
@echo 'solaris: Solaris'
@echo 'irix: IRIX'
@echo 'hpux32: 32-bit HP/UX'
@echo 'hpux64: 64-bit HP/UX'
@echo 'aix: AIX'
@echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
@echo ''
FORCE.update:
update: FORCE.update
perl ../../../util/mkerr.pl -conf hw_zencod.ec \
-nostatic -staticloader -write hw_zencod.c
gnu: $(SHLIB).gnu
tru64: $(SHLIB).tru64
solaris: $(SHLIB).solaris
irix: $(SHLIB).irix
hpux32: $(SHLIB).hpux32
hpux64: $(SHLIB).hpux64
aix: $(SHLIB).aix
$(LIB): $(OBJ)
$(AR) $(LIB) $(OBJ)
- $(RANLIB) $(LIB)
LINK_SO= \
ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
(nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
$$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
$(SHLIB).gnu: $(LIB)
ALLSYMSFLAGS='--whole-archive' \
SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).gnu
$(SHLIB).tru64: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).tru64
$(SHLIB).solaris: $(LIB)
ALLSYMSFLAGS='-z allextract' \
SHAREDFLAGS='-G -h $(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).solaris
$(SHLIB).irix: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).irix
$(SHLIB).hpux32: $(LIB)
ALLSYMSFLAGS='-Fl' \
SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux32
$(SHLIB).hpux64: $(LIB)
ALLSYMSFLAGS='+forceload' \
SHAREDFLAGS='-b -z +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux64
$(SHLIB).aix: $(LIB)
ALLSYMSFLAGS='-bnogc' \
SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).aix
depend:
sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp Makefile
mv Makefile.new Makefile
# DO NOT DELETE THIS LINE -- make depend depends on it.
rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
rsaref.o: ../../../include/openssl/opensslconf.h
rsaref.o: ../../../include/openssl/opensslv.h
rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
rsaref.o: source/rsaref.h

1809
demos/engines/zencod/hw_zencod.c
View File

File diff suppressed because it is too large Load Diff

8
demos/engines/zencod/hw_zencod.ec
View File

@@ -1,8 +0,0 @@
# configuration file for util/mkerr.pl
#
# use like this:
#
# perl ../../../util/mkerr.pl -conf hw_zencod.ec \
# -nostatic -staticloader -write *.c
L ZENCOD hw_zencod_err.h hw_zencod_err.c

159
demos/engines/zencod/hw_zencod.h
View File

@@ -1,159 +0,0 @@
/* File : /crypto/engine/vendor_defns/hw_zencod.h */
/* ====================================================================
* Written by Donnat Frederic (frederic.donnat@zencod.com) from ZENCOD
* for "zencod" ENGINE integration in OpenSSL project.
*/
#ifndef _HW_ZENCOD_H_
# define _HW_ZENCOD_H_
# include <stdio.h>
# ifdef __cplusplus
extern "C" {
# endif /* __cplusplus */
# define ZENBRIDGE_MAX_KEYSIZE_RSA 2048
# define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024
# define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024
# define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024
/* Library version computation */
# define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff)
# define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff)
# define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff)
# define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z))
/*
* Memory type
*/
typedef struct zencod_number_s {
unsigned long len;
unsigned char *data;
} zen_nb_t;
# define KEY zen_nb_t
/*
* Misc
*/
typedef int t_zencod_lib_version(void);
typedef int t_zencod_hw_version(void);
typedef int t_zencod_test(void);
typedef int t_zencod_dump_key(FILE *stream, char *msg, KEY * key);
/*
* Key management tools
*/
typedef KEY *t_zencod_new_number(unsigned long len, unsigned char *data);
typedef int t_zencod_init_number(KEY * n, unsigned long len,
unsigned char *data);
typedef unsigned long t_zencod_bytes2bits(unsigned char *n,
unsigned long bytes);
typedef unsigned long t_zencod_bits2bytes(unsigned long bits);
/*
* RSA API
*/
/* Compute modular exponential : y = x**e | n */
typedef int t_zencod_rsa_mod_exp(KEY * y, KEY * x, KEY * n, KEY * e);
/*
* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp
* | p, y = y2 + (qinv * (y1 - y2) | p) * q
*/
typedef int t_zencod_rsa_mod_exp_crt(KEY * y, KEY * x, KEY * p, KEY * q,
KEY * edp, KEY * edq, KEY * qinv);
/*
* DSA API
*/
typedef int t_zencod_dsa_do_sign(unsigned int hash, KEY * data,
KEY * random, KEY * p, KEY * q, KEY * g,
KEY * x, KEY * r, KEY * s);
typedef int t_zencod_dsa_do_verify(unsigned int hash, KEY * data, KEY * p,
KEY * q, KEY * g, KEY * y, KEY * r,
KEY * s, KEY * v);
/*
* DH API
*/
/* Key generation : compute public value y = g**x | n */
typedef int t_zencod_dh_generate_key(KEY * y, KEY * x, KEY * g, KEY * n,
int gen_x);
typedef int t_zencod_dh_compute_key(KEY * k, KEY * y, KEY * x, KEY * n);
/*
* RNG API
*/
# define ZENBRIDGE_RNG_DIRECT 0
# define ZENBRIDGE_RNG_SHA1 1
typedef int t_zencod_rand_bytes(KEY * rand, unsigned int flags);
/*
* Math API
*/
typedef int t_zencod_math_mod_exp(KEY * r, KEY * a, KEY * e, KEY * n);
/*
* Symetric API
*/
/* Define a data structure for digests operations */
typedef struct ZEN_data_st {
unsigned int HashBufferSize;
unsigned char *HashBuffer;
} ZEN_MD_DATA;
/*
* Functions for Digest (MD5, SHA1) stuff
*/
/* output : output data buffer */
/* input : input data buffer */
/* algo : hash algorithm, MD5 or SHA1 */
/*-
* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
* typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
*/
/* For now separate this stuff that mad it easier to test */
typedef int t_zencod_md5_init(ZEN_MD_DATA *data);
typedef int t_zencod_md5_update(ZEN_MD_DATA *data, const KEY * input);
typedef int t_zencod_md5_do_final(ZEN_MD_DATA *data, KEY * output);
typedef int t_zencod_sha1_init(ZEN_MD_DATA *data);
typedef int t_zencod_sha1_update(ZEN_MD_DATA *data, const KEY * input);
typedef int t_zencod_sha1_do_final(ZEN_MD_DATA *data, KEY * output);
/*
* Functions for Cipher (RC4, DES, 3DES) stuff
*/
/* output : output data buffer */
/* input : input data buffer */
/* key : rc4 key data */
/* index_1 : value of index x from RC4 key structure */
/* index_2 : value of index y from RC4 key structure */
/*
* Be carefull : RC4 key should be expanded before calling this method
* (Should we provide an expand function ??)
*/
typedef int t_zencod_rc4_cipher(KEY * output, const KEY * input,
const KEY * key, unsigned char *index_1,
unsigned char *index_2, int mode);
/* output : output data buffer */
/* input : input data buffer */
/* key_1 : des first key data */
/* key_2 : des second key data */
/* key_3 : des third key data */
/* iv : initial vector */
/* mode : xdes mode (encrypt or decrypt) */
/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
typedef int t_zencod_xdes_cipher(KEY * output, const KEY * input,
const KEY * key_1, const KEY * key_2,
const KEY * key_3, const KEY * iv,
int mode);
# undef KEY
# ifdef __cplusplus
}
# endif /* __cplusplus */
#endif /* !_HW_ZENCOD_H_ */

147
demos/engines/zencod/hw_zencod_err.c
View File

@@ -1,147 +0,0 @@
/* hw_zencod_err.c */
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "hw_zencod_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA ZENCOD_str_functs[] = {
{ERR_PACK(0, ZENCOD_F_ZENCOD_BN_MOD_EXP, 0), "ZENCOD_BN_MOD_EXP"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_CTRL, 0), "ZENCOD_CTRL"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DH_COMPUTE, 0), "ZENCOD_DH_COMPUTE"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DH_GENERATE, 0), "ZENCOD_DH_GENERATE"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DSA_DO_SIGN, 0), "ZENCOD_DSA_DO_SIGN"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DSA_DO_VERIFY, 0), "ZENCOD_DSA_DO_VERIFY"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_FINISH, 0), "ZENCOD_FINISH"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_INIT, 0), "ZENCOD_INIT"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_RAND, 0), "ZENCOD_RAND"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_RSA_MOD_EXP, 0), "ZENCOD_RSA_MOD_EXP"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, 0),
"ZENCOD_RSA_MOD_EXP_CRT"},
{0, NULL}
};
static ERR_STRING_DATA ZENCOD_str_reasons[] = {
{ZENCOD_R_ALREADY_LOADED, "already loaded"},
{ZENCOD_R_BAD_KEY_COMPONENTS, "bad key components"},
{ZENCOD_R_BN_EXPAND_FAIL, "bn expand fail"},
{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctrl command not implemented"},
{ZENCOD_R_DSO_FAILURE, "dso failure"},
{ZENCOD_R_NOT_LOADED, "not loaded"},
{ZENCOD_R_REQUEST_FAILED, "request failed"},
{ZENCOD_R_UNIT_FAILURE, "unit failure"},
{0, NULL}
};
#endif
#ifdef ZENCOD_LIB_NAME
static ERR_STRING_DATA ZENCOD_lib_name[] = {
{0, ZENCOD_LIB_NAME},
{0, NULL}
};
#endif
static int ZENCOD_lib_error_code = 0;
static int ZENCOD_error_init = 1;
static void ERR_load_ZENCOD_strings(void)
{
if (ZENCOD_lib_error_code == 0)
ZENCOD_lib_error_code = ERR_get_next_error_library();
if (ZENCOD_error_init) {
ZENCOD_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(ZENCOD_lib_error_code, ZENCOD_str_functs);
ERR_load_strings(ZENCOD_lib_error_code, ZENCOD_str_reasons);
#endif
#ifdef ZENCOD_LIB_NAME
ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code, 0, 0);
ERR_load_strings(0, ZENCOD_lib_name);
#endif
}
}
static void ERR_unload_ZENCOD_strings(void)
{
if (ZENCOD_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(ZENCOD_lib_error_code, ZENCOD_str_functs);
ERR_unload_strings(ZENCOD_lib_error_code, ZENCOD_str_reasons);
#endif
#ifdef ZENCOD_LIB_NAME
ERR_unload_strings(0, ZENCOD_lib_name);
#endif
ZENCOD_error_init = 1;
}
}
static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
{
if (ZENCOD_lib_error_code == 0)
ZENCOD_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(ZENCOD_lib_error_code, function, reason, file, line);
}

100
demos/engines/zencod/hw_zencod_err.h
View File

@@ -1,100 +0,0 @@
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ZENCOD_ERR_H
# define HEADER_ZENCOD_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_ZENCOD_strings(void);
static void ERR_unload_ZENCOD_strings(void);
static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
/* Error codes for the ZENCOD functions. */
/* Function codes. */
# define ZENCOD_F_ZENCOD_BN_MOD_EXP 100
# define ZENCOD_F_ZENCOD_CTRL 101
# define ZENCOD_F_ZENCOD_DH_COMPUTE 102
# define ZENCOD_F_ZENCOD_DH_GENERATE 103
# define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104
# define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105
# define ZENCOD_F_ZENCOD_FINISH 106
# define ZENCOD_F_ZENCOD_INIT 107
# define ZENCOD_F_ZENCOD_RAND 108
# define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109
# define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110
/* Reason codes. */
# define ZENCOD_R_ALREADY_LOADED 100
# define ZENCOD_R_BAD_KEY_COMPONENTS 101
# define ZENCOD_R_BN_EXPAND_FAIL 102
# define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
# define ZENCOD_R_DSO_FAILURE 104
# define ZENCOD_R_NOT_LOADED 105
# define ZENCOD_R_REQUEST_FAILED 106
# define ZENCOD_R_UNIT_FAILURE 107
#ifdef __cplusplus
}
#endif
#endif

20
demos/evp/Makefile Normal file
View File

@@ -0,0 +1,20 @@
# Quick instruction:
# To build against an OpenSSL built in the source tree, do this:
#
# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
#
# To run the demos when linked with a shared library (default):
#
# LD_LIBRARY_PATH=../.. ./aesccm
# LD_LIBRARY_PATH=../.. ./aesgcm
CFLAGS = $(OPENSSL_INCS_LOCATION)
LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto
all: aesccm aesgcm
aesccm: aesccm.o
aesgcm: aesgcm.o
aesccm aesgcm:
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<

125
demos/evp/aesccm.c Normal file
View File

@@ -0,0 +1,125 @@
/*
* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Simple AES CCM test program, uses the same NIST data used for the FIPS
* self test but uses the application level EVP APIs.
*/
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
/* AES-CCM test data from NIST public test vectors */
static const unsigned char ccm_key[] = {
0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6,
0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8
};
static const unsigned char ccm_nonce[] = {
0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7
};
static const unsigned char ccm_adata[] = {
0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7,
0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5,
0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4
};
static const unsigned char ccm_pt[] = {
0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f,
0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10
};
static const unsigned char ccm_ct[] = {
0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2,
0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd
};
static const unsigned char ccm_tag[] = {
0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44,
0x14, 0xdb, 0x50, 0x6d
};
void aes_ccm_encrypt(void)
{
EVP_CIPHER_CTX *ctx;
int outlen, tmplen;
unsigned char outbuf[1024];
printf("AES CCM Encrypt:\n");
printf("Plaintext:\n");
BIO_dump_fp(stdout, ccm_pt, sizeof(ccm_pt));
ctx = EVP_CIPHER_CTX_new();
/* Set cipher type and mode */
EVP_EncryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
/* Set nonce length if default 96 bits is not appropriate */
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
NULL);
/* Set tag length */
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(ccm_tag), NULL);
/* Initialise key and IV */
EVP_EncryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
/* Set plaintext length: only needed if AAD is used */
EVP_EncryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_pt));
/* Zero or one call to specify any AAD */
EVP_EncryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata));
/* Encrypt plaintext: can only be called once */
EVP_EncryptUpdate(ctx, outbuf, &outlen, ccm_pt, sizeof(ccm_pt));
/* Output encrypted block */
printf("Ciphertext:\n");
BIO_dump_fp(stdout, outbuf, outlen);
/* Finalise: note get no output for CCM */
EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
/* Get tag */
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf);
/* Output tag */
printf("Tag:\n");
BIO_dump_fp(stdout, outbuf, 16);
EVP_CIPHER_CTX_free(ctx);
}
void aes_ccm_decrypt(void)
{
EVP_CIPHER_CTX *ctx;
int outlen, tmplen, rv;
unsigned char outbuf[1024];
printf("AES CCM Derypt:\n");
printf("Ciphertext:\n");
BIO_dump_fp(stdout, ccm_ct, sizeof(ccm_ct));
ctx = EVP_CIPHER_CTX_new();
/* Select cipher */
EVP_DecryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
/* Set nonce length, omit for 96 bits */
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
NULL);
/* Set expected tag value */
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
sizeof(ccm_tag), (void *)ccm_tag);
/* Specify key and IV */
EVP_DecryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
/* Set ciphertext length: only needed if we have AAD */
EVP_DecryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_ct));
/* Zero or one call to specify any AAD */
EVP_DecryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata));
/* Decrypt plaintext, verify tag: can only be called once */
rv = EVP_DecryptUpdate(ctx, outbuf, &outlen, ccm_ct, sizeof(ccm_ct));
/* Output decrypted block: if tag verify failed we get nothing */
if (rv > 0) {
printf("Plaintext:\n");
BIO_dump_fp(stdout, outbuf, outlen);
} else
printf("Plaintext not available: tag verify failed.\n");
EVP_CIPHER_CTX_free(ctx);
}
int main(int argc, char **argv)
{
aes_ccm_encrypt();
aes_ccm_decrypt();
}

121
demos/evp/aesgcm.c Normal file
View File

@@ -0,0 +1,121 @@
/*
* Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Simple AES GCM test program, uses the same NIST data used for the FIPS
* self test but uses the application level EVP APIs.
*/
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
/* AES-GCM test data from NIST public test vectors */
static const unsigned char gcm_key[] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
};
static const unsigned char gcm_iv[] = {
0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84
};
static const unsigned char gcm_pt[] = {
0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea,
0xcc, 0x2b, 0xf2, 0xa5
};
static const unsigned char gcm_aad[] = {
0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43,
0x7f, 0xec, 0x78, 0xde
};
static const unsigned char gcm_ct[] = {
0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e,
0xb9, 0xf2, 0x17, 0x36
};
static const unsigned char gcm_tag[] = {
0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62,
0x98, 0xf7, 0x7e, 0x0c
};
void aes_gcm_encrypt(void)
{
EVP_CIPHER_CTX *ctx;
int outlen, tmplen;
unsigned char outbuf[1024];
printf("AES GCM Encrypt:\n");
printf("Plaintext:\n");
BIO_dump_fp(stdout, gcm_pt, sizeof(gcm_pt));
ctx = EVP_CIPHER_CTX_new();
/* Set cipher type and mode */
EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
/* Set IV length if default 96 bits is not appropriate */
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
/* Initialise key and IV */
EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
/* Zero or more calls to specify any AAD */
EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
/* Encrypt plaintext */
EVP_EncryptUpdate(ctx, outbuf, &outlen, gcm_pt, sizeof(gcm_pt));
/* Output encrypted block */
printf("Ciphertext:\n");
BIO_dump_fp(stdout, outbuf, outlen);
/* Finalise: note get no output for GCM */
EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
/* Get tag */
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf);
/* Output tag */
printf("Tag:\n");
BIO_dump_fp(stdout, outbuf, 16);
EVP_CIPHER_CTX_free(ctx);
}
void aes_gcm_decrypt(void)
{
EVP_CIPHER_CTX *ctx;
int outlen, tmplen, rv;
unsigned char outbuf[1024];
printf("AES GCM Derypt:\n");
printf("Ciphertext:\n");
BIO_dump_fp(stdout, gcm_ct, sizeof(gcm_ct));
ctx = EVP_CIPHER_CTX_new();
/* Select cipher */
EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
/* Set IV length, omit for 96 bits */
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
/* Specify key and IV */
EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
/* Zero or more calls to specify any AAD */
EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
/* Decrypt plaintext */
EVP_DecryptUpdate(ctx, outbuf, &outlen, gcm_ct, sizeof(gcm_ct));
/* Output decrypted block */
printf("Plaintext:\n");
BIO_dump_fp(stdout, outbuf, outlen);
/* Set expected tag value. */
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag),
(void *)gcm_tag);
/* Finalise: note get no output for GCM */
rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen);
/*
* Print out return value. If this is not successful authentication
* failed and plaintext is not trustworthy.
*/
printf("Tag Verify %s\n", rv > 0 ? "Successful!" : "Failed!");
EVP_CIPHER_CTX_free(ctx);
}
int main(int argc, char **argv)
{
aes_gcm_encrypt();
aes_gcm_decrypt();
}

13
demos/pkcs12/pkread.c
View File

@@ -1,4 +1,11 @@
/* pkread.c */
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
@@ -22,7 +29,7 @@ int main(int argc, char **argv)
}
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
if (!(fp = fopen(argv[1], "rb"))) {
if ((fp = fopen(argv[1], "rb")) == NULL) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
@@ -39,7 +46,7 @@ int main(int argc, char **argv)
exit(1);
}
PKCS12_free(p12);
if (!(fp = fopen(argv[3], "w"))) {
if ((fp = fopen(argv[3], "w")) == NULL) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}

15
demos/pkcs12/pkwrite.c
View File

@@ -1,4 +1,11 @@
/* pkwrite.c */
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
@@ -18,9 +25,9 @@ int main(int argc, char **argv)
fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
exit(1);
}
SSLeay_add_all_algorithms();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
if (!(fp = fopen(argv[1], "r"))) {
if ((fp = fopen(argv[1], "r")) == NULL) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
@@ -34,7 +41,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
exit(1);
}
if (!(fp = fopen(argv[4], "wb"))) {
if ((fp = fopen(argv[4], "wb")) == NULL) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
ERR_print_errors_fp(stderr);
exit(1);

20
demos/prime/Makefile
View File

@@ -1,20 +0,0 @@
CC=cc
CFLAGS= -g -I../../include -Wall
LIBS= -L../.. -lcrypto
EXAMPLES=prime
all: $(EXAMPLES)
prime: prime.o
$(CC) -o prime prime.o $(LIBS)
clean:
rm -f $(EXAMPLES) *.o
test: all
@echo Test creating a 128-bit prime
./prime 128
@echo Test creating a 256-bit prime
./prime 256
@echo Test creating a 512-bit prime
./prime 512

102
demos/prime/prime.c
View File

@@ -1,102 +0,0 @@
/* demos/prime/prime.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <openssl/bn.h>
void callback(type, num)
int type, num;
{
if (type == 0)
fprintf(stderr, ".");
else if (type == 1)
fprintf(stderr, "+");
else if (type == 2)
fprintf(stderr, "*");
fflush(stderr);
}
int main(argc, argv)
int argc;
char *argv[];
{
BIGNUM *rand;
int num = 256;
/*
* we should really call RAND_seed(char *bytes,int num); to fully
* initalise the random number generator
*/
if (argc >= 2) {
num = atoi(argv[1]);
if (num == 0)
num = 256;
}
fprintf(stderr, "generate a strong prime\n");
rand = BN_generate_prime(NULL, num, 1, NULL, NULL, callback, NULL);
/* change the third parameter to 1 for a strong prime */
fprintf(stderr, "\n");
BN_print_fp(stdout, rand);
fprintf(stdout, "\n");
BN_free(rand);
exit(0);
return (0);
}

9
demos/privkey.pem
View File

@@ -1,9 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAN+FmbxmHVOp/RxtpMGz0DvQEBz1sDktHp19hIoMSu0YZift5MAu
4xAEJYvWVCshDiyOTWsUBXwZkrkt87FyctkCAwEAAQJAG/vxBGpQb6IPo1iC0RF/
F430BnwoBPCGLbeCOXpSgx5X+19vuTSdEqMgeNB6+aNb+XY/7mvVfCjyD6WZ0oxs
JQIhAPO+uL9cP40lFs62pdL3QSWsh3VNDByvOtr9LpeaxBm/AiEA6sKVfXsDQ5hd
SHt9U61r2r8Lcxmzi9Kw6JNqjMmzqWcCIQCKoRy+aZ8Tjdas9yDVHh+FZ90bEBkl
b1xQFNOdEj8aTQIhAOJWrO6INYNsWTPS6+hLYZtLamyUsQj0H+B8kNQge/mtAiEA
nBfvUl243qbqN8gF7Az1u33uc9FsPVvQPiBzLxZ4ixw=
-----END RSA PRIVATE KEY-----

176
demos/selfsign.c
View File

@@ -1,176 +0,0 @@
/* NOCW */
/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */
#include <stdio.h>
#include <stdlib.h>
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int main()
{
BIO *bio_err;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
mkit(&x509, &pkey, 512, 0, 365);
RSA_print_fp(stdout, pkey->pkey.rsa, 0);
X509_print_fp(stdout, x509);
PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
PEM_write_X509(stdout, x509);
X509_free(x509);
EVP_PKEY_free(pkey);
#ifdef CUSTOM_EXT
/* Only needed if we add objects or custom extensions */
X509V3_EXT_cleanup();
OBJ_cleanup();
#endif
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return (0);
}
#ifdef WIN16
# define MS_CALLBACK _far _loadds
# define MS_FAR _far
#else
# define MS_CALLBACK
# define MS_FAR
#endif
static void MS_CALLBACK callback(p, n, arg)
int p;
int n;
void *arg;
{
char c = 'B';
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
fputc(c, stderr);
}
int mkit(x509p, pkeyp, bits, serial, days)
X509 **x509p;
EVP_PKEY **pkeyp;
int bits;
int serial;
int days;
{
X509 *x;
EVP_PKEY *pk;
RSA *rsa;
X509_NAME *name = NULL;
X509_NAME_ENTRY *ne = NULL;
X509_EXTENSION *ex = NULL;
if ((pkeyp == NULL) || (*pkeyp == NULL)) {
if ((pk = EVP_PKEY_new()) == NULL) {
abort();
return (0);
}
} else
pk = *pkeyp;
if ((x509p == NULL) || (*x509p == NULL)) {
if ((x = X509_new()) == NULL)
goto err;
} else
x = *x509p;
rsa = RSA_generate_key(bits, RSA_F4, callback, NULL);
if (!EVP_PKEY_assign_RSA(pk, rsa)) {
abort();
goto err;
}
rsa = NULL;
X509_set_version(x, 3);
ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days);
X509_set_pubkey(x, pk);
name = X509_get_subject_name(x);
/*
* This function creates and adds the entry, working out the correct
* string type and performing checks on its length. Normally we'd check
* the return value for errors...
*/
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "UK", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN",
MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
X509_set_issuer_name(x, name);
/*
* Add extension using V3 code: we can set the config file as NULL
* because we wont reference any other sections. We can also set the
* context to NULL because none of these extensions below will need to
* access it.
*/
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
"example comment extension");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
"www.openssl.org");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
#if 0
/* might want something like this too.... */
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
"critical,CA:TRUE");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
#endif
#ifdef CUSTOM_EXT
/* Maybe even add our own extension based on existing */
{
int nid;
nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
X509V3_EXT_add_alias(nid, NID_netscape_comment);
ex = X509V3_EXT_conf_nid(NULL, NULL, nid, "example comment alias");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
}
#endif
if (!X509_sign(x, pk, EVP_md5()))
goto err;
*x509p = x;
*pkeyp = pk;
return (1);
err:
return (0);
}

15
demos/sign/Makefile
View File

@@ -1,15 +0,0 @@
CC=cc
CFLAGS= -g -I../../include -Wall
LIBS= -L../.. -lcrypto
EXAMPLES=sign
all: $(EXAMPLES)
sign: sign.o
$(CC) -o sign sign.o $(LIBS)
clean:
rm -f $(EXAMPLES) *.o
test: all
./sign

14
demos/sign/cert.pem
View File

@@ -1,14 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
-----END CERTIFICATE-----

9
demos/sign/key.pem
View File

@@ -1,9 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
-----END RSA PRIVATE KEY-----

158
demos/sign/sig.txt
View File

@@ -1,158 +0,0 @@
From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996
Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782
(5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000
Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)
Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 11:44:51 +1000 (EST)
Received: by minbne.mincom.oz.au id AA22230
(5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000
Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <ssl-users@mincom.com>; Mon, 30 Sep 1996 11:40:07 +1000
Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100
Date: Mon, 30 Sep 1996 01:37:40 +0100
Message-Id: <199609300037.BAA08729@brutus.neuronio.pt>
From: Sampo Kellomaki <sampo@neuronio.pt>
To: ssl-users@mincom.com
Cc: sampo@brutus.neuronio.pt
Subject: Signing with envelope routines
Sender: ssl-lists-owner@mincom.com
Precedence: bulk
Status: RO
X-Status: D
I have been trying to figure out how to produce signatures with EVP_
routines. I seem to be able to read in private key and sign some
data ok, but I can't figure out how I am supposed to read in
public key so that I could verify my signature. I use self signed
certificate.
I figured I should use
EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
fp, NULL, NULL);
to read in private key and this seems to work Ok.
However when I try analogous
EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
fp, NULL, NULL);
the program fails with
error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93
error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232
I figured that the second argument to PEM_ASN1_read should match the
name in my PEM encoded object, hence PEM_STRING_X509.
PEM_STRING_EVP_PKEY seems to be somehow magical
because it matches whatever private key there happens to be. I could
not find a similar constant to use with getting the certificate, however.
Is my approach of using PEM_ASN1_read correct? What should I pass in
as name? Can I use normal (or even self signed) X509 certificate for
verifying the signature?
When will SSLeay documentation be written ;-)? If I would contribute
comments to the code, would Eric take time to review them and include
them in distribution?
I'm using SSLeay-0.6.4. My program is included below along with the
key and cert that I use.
--Sampo
-----------------------------------
/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
#include <stdio.h>
#include "rsa.h"
#include "evp.h"
#include "objects.h"
#include "x509.h"
#include "err.h"
#include "pem.h"
#include "ssl.h"
void main ()
{
int err;
int sig_len;
unsigned char sig_buf [4096];
const char certfile[] = "plain-cert.pem";
const char keyfile[] = "plain-key.pem";
const char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY* pkey;
FILE* fp;
SSL_load_error_strings();
/* Read private key */
fp = fopen (keyfile, "r"); if (fp == NULL) exit (1);
pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
PEM_STRING_EVP_PKEY,
fp,
NULL, NULL);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Do the signature */
EVP_SignInit (&md_ctx, EVP_md5());
EVP_SignUpdate (&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal (&md_ctx,
sig_buf,
&sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
/* Read public key */
fp = fopen (certfile, "r"); if (fp == NULL) exit (1);
pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,
PEM_STRING_X509,
fp,
NULL, NULL);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Verify the signature */
EVP_VerifyInit (&md_ctx, EVP_md5());
EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
err = EVP_VerifyFinal (&md_ctx,
sig_buf,
sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
printf ("Signature Verified Ok.\n");
}
/* EOF */
--------------- plain-cert.pem -----------------
-----BEGIN CERTIFICATE-----
MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
-----END CERTIFICATE-----
---------------- plain-key.pem -----------------
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
-----END RSA PRIVATE KEY-----
------------------------------------------------

160
demos/sign/sign.c
View File

@@ -1,160 +0,0 @@
/* demos/sign/sign.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/*
* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
* 29.9.1996, Sampo Kellomaki <sampo@iki.fi>
*/
/* converted to C - eay :-) */
/*
* reformated a bit and converted to use the more common functions: this was
* initially written at the dawn of time :-) - Steve.
*/
#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
int main()
{
int err;
int sig_len;
unsigned char sig_buf[4096];
static char certfile[] = "cert.pem";
static char keyfile[] = "key.pem";
static char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY *pkey;
FILE *fp;
X509 *x509;
/*
* Just load the crypto library error strings, SSL_load_error_strings()
* loads the crypto AND the SSL ones
*/
/* SSL_load_error_strings(); */
ERR_load_crypto_strings();
/* Read private key */
fp = fopen(keyfile, "r");
if (fp == NULL)
exit(1);
pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose(fp);
if (pkey == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Do the signature */
EVP_SignInit(&md_ctx, EVP_sha1());
EVP_SignUpdate(&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey);
if (err != 1) {
ERR_print_errors_fp(stderr);
exit(1);
}
EVP_PKEY_free(pkey);
/* Read public key */
fp = fopen(certfile, "r");
if (fp == NULL)
exit(1);
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
fclose(fp);
if (x509 == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Get public key - eay */
pkey = X509_get_pubkey(x509);
if (pkey == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Verify the signature */
EVP_VerifyInit(&md_ctx, EVP_sha1());
EVP_VerifyUpdate(&md_ctx, data, strlen((char *)data));
err = EVP_VerifyFinal(&md_ctx, sig_buf, sig_len, pkey);
EVP_PKEY_free(pkey);
if (err != 1) {
ERR_print_errors_fp(stderr);
exit(1);
}
printf("Signature Verified Ok.\n");
return (0);
}

170
demos/sign/sign.txt
View File

@@ -1,170 +0,0 @@
From ssl-lists-owner@mincom.com Mon Sep 30 22:43:15 1996
Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802
(5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000
Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST)
Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 12:43:39 +1000 (EST)
Received: by orb.mincom.oz.au id AA12688
(5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000
Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST)
From: Eric Young <eay@mincom.com>
X-Sender: eay@orb
To: Sampo Kellomaki <sampo@neuronio.pt>
Cc: ssl-users@mincom.com, sampo@brutus.neuronio.pt
Subject: Re: Signing with envelope routines
In-Reply-To: <199609300037.BAA08729@brutus.neuronio.pt>
Message-Id: <Pine.SOL.3.91.960930121504.11800Y-100000@orb>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: ssl-lists-owner@mincom.com
Precedence: bulk
Status: O
X-Status:
On Mon, 30 Sep 1996, Sampo Kellomaki wrote:
> I have been trying to figure out how to produce signatures with EVP_
> routines. I seem to be able to read in private key and sign some
> data ok, but I can't figure out how I am supposed to read in
> public key so that I could verify my signature. I use self signed
> certificate.
hmm... a rather poorly documented are of the library at this point in time.
> I figured I should use
> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
> fp, NULL, NULL);
> to read in private key and this seems to work Ok.
>
> However when I try analogous
> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
> fp, NULL, NULL);
What you should do is
X509 *x509=PEM_read_X509(fp,NULL,NULL);
/* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp,
* NULL,NULL); */
Then
EVP_PKEY *pkey=X509_extract_key(x509);
There is also a X509_REQ_extract_key(req);
which gets the public key from a certificate request.
I re-worked quite a bit of this when I cleaned up the dependancy on
RSA as the private key.
> I figured that the second argument to PEM_ASN1_read should match the
> name in my PEM encoded object, hence PEM_STRING_X509.
> PEM_STRING_EVP_PKEY seems to be somehow magical
> because it matches whatever private key there happens to be. I could
> not find a similar constant to use with getting the certificate, however.
:-), PEM_STRING_EVP_PKEY is 'magical' :-). In theory I should be using a
standard such as PKCS#8 to store the private key so that the type is
encoded in the asn.1 encoding of the object.
> Is my approach of using PEM_ASN1_read correct? What should I pass in
> as name? Can I use normal (or even self signed) X509 certificate for
> verifying the signature?
The actual public key is kept in the certificate, so basically you have
to load the certificate and then 'unpack' the public key from the
certificate.
> When will SSLeay documentation be written ;-)? If I would contribute
> comments to the code, would Eric take time to review them and include
> them in distribution?
:-) After SSLv3 and PKCS#7 :-). I actually started doing a function list
but what I really need to do is do quite a few 'this is how you do xyz'
type documents. I suppose the current method is to post to ssl-users and
I'll respond :-).
I'll add a 'demo' directory for the next release, I've appended a
modified version of your program that works, you were very close :-).
eric
/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
/* converted to C - eay :-) */
#include <stdio.h>
#include "rsa.h"
#include "evp.h"
#include "objects.h"
#include "x509.h"
#include "err.h"
#include "pem.h"
#include "ssl.h"
void main ()
{
int err;
int sig_len;
unsigned char sig_buf [4096];
static char certfile[] = "plain-cert.pem";
static char keyfile[] = "plain-key.pem";
static char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY * pkey;
FILE * fp;
X509 * x509;
/* Just load the crypto library error strings,
* SSL_load_error_strings() loads the crypto AND the SSL ones */
/* SSL_load_error_strings();*/
ERR_load_crypto_strings();
/* Read private key */
fp = fopen (keyfile, "r"); if (fp == NULL) exit (1);
pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
PEM_STRING_EVP_PKEY,
fp,
NULL, NULL);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Do the signature */
EVP_SignInit (&md_ctx, EVP_md5());
EVP_SignUpdate (&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal (&md_ctx,
sig_buf,
&sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
/* Read public key */
fp = fopen (certfile, "r"); if (fp == NULL) exit (1);
x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
PEM_STRING_X509,
fp, NULL, NULL);
if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Get public key - eay */
pkey=X509_extract_key(x509);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
/* Verify the signature */
EVP_VerifyInit (&md_ctx, EVP_md5());
EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
err = EVP_VerifyFinal (&md_ctx,
sig_buf,
sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
printf ("Signature Verified Ok.\n");
}

30
demos/smime/smdec.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Simple S/MIME signing example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
@@ -53,25 +62,16 @@ int main(int argc, char **argv)
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
PKCS7_free(p7);
X509_free(rcert);
EVP_PKEY_free(rkey);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;

31
demos/smime/smenc.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Simple S/MIME encrypt example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
@@ -67,26 +76,16 @@ int main(int argc, char **argv)
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Encrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
PKCS7_free(p7);
X509_free(rcert);
sk_X509_pop_free(recips, X509_free);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;
}

30
demos/smime/smsign.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Simple S/MIME signing example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
@@ -63,25 +72,16 @@ int main(int argc, char **argv)
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
PKCS7_free(p7);
X509_free(scert);
EVP_PKEY_free(skey);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;

40
demos/smime/smsign2.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
@@ -71,32 +80,17 @@ int main(int argc, char **argv)
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
if (skey)
EVP_PKEY_free(skey2);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
PKCS7_free(p7);
X509_free(scert);
EVP_PKEY_free(skey);
X509_free(scert2);
EVP_PKEY_free(skey2);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;
}

30
demos/smime/smver.c
View File

@@ -1,3 +1,12 @@
/*
* Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Simple S/MIME verification example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
@@ -61,25 +70,14 @@ int main(int argc, char **argv)
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Verifying Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (cacert)
X509_free(cacert);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
PKCS7_free(p7);
X509_free(cacert);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
return ret;
}

172
demos/spkigen.c
View File

@@ -1,172 +0,0 @@
/* NOCW */
/*-
* demos/spkigen.c
* 18-Mar-1997 - eay - A quick hack :-)
* version 1.1, it would probably help to save or load the
* private key :-)
*/
#include <stdio.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/asn1.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
/*
* The following two don't exist in SSLeay but they are in here as examples
*/
#define PEM_write_SPKI(fp,x) \
PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\
(char *)x,NULL,NULL,0,NULL)
int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
/* These are defined in the next version of SSLeay */
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key);
#define RSA_F4 0x10001
#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
(char *)(rsa))
int main(argc, argv)
int argc;
char *argv[];
{
RSA *rsa = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
char buf[128];
int ok = 0, i;
FILE *fp;
pkey = EVP_PKEY_new();
if (argc < 2) {
/*
* Generate an RSA key, the random state should have been seeded with
* lots of calls to RAND_seed(....)
*/
fprintf(stderr, "generating RSA key, could take some time...\n");
if ((rsa = RSA_generate_key(512, RSA_F4, NULL)) == NULL)
goto err;
} else {
if ((fp = fopen(argv[1], "r")) == NULL) {
perror(argv[1]);
goto err;
}
if ((rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL)) == NULL)
goto err;
fclose(fp);
}
if (!EVP_PKEY_assign_RSA(pkey, rsa))
goto err;
rsa = NULL;
/* lets make the spki and set the public key and challenge */
if ((spki = NETSCAPE_SPKI_new()) == NULL)
goto err;
if (!SPKI_set_pubkey(spki, pkey))
goto err;
fprintf(stderr, "please enter challenge string:");
fflush(stderr);
buf[0] = '\0';
fgets(buf, sizeof buf, stdin);
i = strlen(buf);
if (i > 0)
buf[--i] = '\0';
if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge, buf, i))
goto err;
if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()))
goto err;
PEM_write_SPKI(stdout, spki);
if (argc < 2)
PEM_write_RSAPrivateKey(stdout, pkey->pkey.rsa, NULL, NULL, 0, NULL);
ok = 1;
err:
if (!ok) {
fprintf(stderr, "something bad happened....");
ERR_print_errors_fp(stderr);
}
NETSCAPE_SPKI_free(spki);
EVP_PKEY_free(pkey);
exit(!ok);
}
/* This function is in the next version of SSLeay */
int EVP_PKEY_assign(pkey, type, key)
EVP_PKEY *pkey;
int type;
char *key;
{
if (pkey == NULL)
return (0);
if (pkey->pkey.ptr != NULL) {
if (pkey->type == EVP_PKEY_RSA)
RSA_free(pkey->pkey.rsa);
/* else memory leak */
}
pkey->type = type;
pkey->pkey.ptr = key;
return (1);
}
/*
* While I have a X509_set_pubkey() and X509_REQ_set_pubkey(),
* SPKI_set_pubkey() does not currently exist so here is a version of it. The
* next SSLeay release will probably have X509_set_pubkey(),
* X509_REQ_set_pubkey() and NETSCAPE_SPKI_set_pubkey() as macros calling the
* same function
*/
int SPKI_set_pubkey(x, pkey)
NETSCAPE_SPKI *x;
EVP_PKEY *pkey;
{
int ok = 0;
X509_PUBKEY *pk;
X509_ALGOR *a;
ASN1_OBJECT *o;
unsigned char *s, *p;
int i;
if (x == NULL)
return (0);
if ((pk = X509_PUBKEY_new()) == NULL)
goto err;
a = pk->algor;
/* set the algorithm id */
if ((o = OBJ_nid2obj(pkey->type)) == NULL)
goto err;
ASN1_OBJECT_free(a->algorithm);
a->algorithm = o;
/* Set the parameter list */
if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
ASN1_TYPE_free(a->parameter);
a->parameter = ASN1_TYPE_new();
a->parameter->type = V_ASN1_NULL;
}
i = i2d_PublicKey(pkey, NULL);
if ((s = (unsigned char *)malloc(i + 1)) == NULL)
goto err;
p = s;
i2d_PublicKey(pkey, &p);
if (!ASN1_BIT_STRING_set(pk->public_key, s, i))
goto err;
free(s);
X509_PUBKEY_free(x->spkac->pubkey);
x->spkac->pubkey = pk;
pk = NULL;
ok = 1;
err:
if (pk != NULL)
X509_PUBKEY_free(pk);
return (ok);
}

110
demos/ssl/cli.cpp
View File

@@ -1,110 +0,0 @@
/* cli.cpp - Minimal ssleay client for Unix
30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
Simplified to be even more minimal
12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
#include <stdio.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
void main ()
{
int err;
int sd;
struct sockaddr_in sa;
SSL_CTX* ctx;
SSL* ssl;
X509* server_cert;
char* str;
char buf [4096];
SSL_METHOD *meth;
SSLeay_add_ssl_algorithms();
meth = SSLv2_client_method();
SSL_load_error_strings();
ctx = SSL_CTX_new (meth); CHK_NULL(ctx);
CHK_SSL(err);
/* ----------------------------------------------- */
/* Create a socket and connect to server using normal socket calls. */
sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket");
memset (&sa, '\0', sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */
sa.sin_port = htons (1111); /* Server Port number */
err = connect(sd, (struct sockaddr*) &sa,
sizeof(sa)); CHK_ERR(err, "connect");
/* ----------------------------------------------- */
/* Now we have TCP conncetion. Start SSL negotiation. */
ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_connect (ssl); CHK_SSL(err);
/* Following two steps are optional and not required for
data exchange to be successful. */
/* Get the cipher - opt */
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get server's certificate (note: beware of dynamic allocation) - opt */
server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert);
printf ("Server certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (server_cert);
/* --------------------------------------------------- */
/* DATA EXCHANGE - Send a message and receive a reply. */
err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err);
err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
printf ("Got %d chars:'%s'\n", err, buf);
SSL_shutdown (ssl); /* send SSL/TLS close_notify */
/* Clean up. */
close (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - cli.cpp */

98
demos/ssl/inetdsrv.cpp
View File

@@ -1,98 +0,0 @@
/* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf
* 30.9.1996, Sampo Kellomaki <sampo@iki.fi>
* From /etc/inetd.conf:
* 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
*/
#include <stdio.h>
#include <errno.h>
#include "rsa.h" /* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define HOME "/usr/users/sampo/demo/"
#define CERTF HOME "plain-cert.pem"
#define KEYF HOME "plain-key.pem"
#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) \
{ fprintf(log, "%s %d\n", (s), errno); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
void main ()
{
int err;
SSL_CTX* ctx;
SSL* ssl;
X509* client_cert;
char* str;
char buf [4096];
FILE* log;
log = fopen ("/dev/console", "a"); CHK_NULL(log);
fprintf (log, "inetdserv %ld\n", (long)getpid());
SSL_load_error_strings();
ctx = SSL_CTX_new (); CHK_NULL(ctx);
err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM);
CHK_SSL (err);
err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM);
CHK_SSL (err);
/* inetd has already opened the TCP connection, so we can get right
down to business. */
ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, fileno(stdin));
err = SSL_accept (ssl); CHK_SSL(err);
/* Get the cipher - opt */
fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get client's certificate (note: beware of dynamic allocation) - opt */
client_cert = SSL_get_peer_certificate (ssl);
if (client_cert != NULL) {
fprintf (log, "Client certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (client_cert));
CHK_NULL(str);
fprintf (log, "\t subject: %s\n", str);
OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert));
CHK_NULL(str);
fprintf (log, "\t issuer: %s\n", str);
OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (client_cert);
} else
fprintf (log, "Client doe not have certificate.\n");
/* ------------------------------------------------- */
/* DATA EXCHANGE: Receive message and send reply */
err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
fprintf (log, "Got %d chars:'%s'\n", err, buf);
err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear."));
CHK_SSL(err);
/* Clean up. */
fclose (log);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - inetdserv.cpp */

152
demos/ssl/serv.cpp
View File

@@ -1,152 +0,0 @@
/* serv.cpp - Minimal ssleay server for Unix
30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
Simplified to be even more minimal
12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <openssl/rsa.h> /* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
/* define HOME to be dir for key and cert files... */
#define HOME "./"
/* Make these what you want for cert & key files */
#define CERTF HOME "foo-cert.pem"
#define KEYF HOME "foo-cert.pem"
#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
void main ()
{
int err;
int listen_sd;
int sd;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
size_t client_len;
SSL_CTX* ctx;
SSL* ssl;
X509* client_cert;
char* str;
char buf [4096];
SSL_METHOD *meth;
/* SSL preliminaries. We keep the certificate and key with the context. */
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();
ctx = SSL_CTX_new (meth);
if (!ctx) {
ERR_print_errors_fp(stderr);
exit(2);
}
if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(3);
}
if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(4);
}
if (!SSL_CTX_check_private_key(ctx)) {
fprintf(stderr,"Private key does not match the certificate public key\n");
exit(5);
}
/* ----------------------------------------------- */
/* Prepare TCP socket for receiving connections */
listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket");
memset (&sa_serv, '\0', sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (1111); /* Server Port number */
err = bind(listen_sd, (struct sockaddr*) &sa_serv,
sizeof (sa_serv)); CHK_ERR(err, "bind");
/* Receive a TCP connection. */
err = listen (listen_sd, 5); CHK_ERR(err, "listen");
client_len = sizeof(sa_cli);
sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
CHK_ERR(sd, "accept");
close (listen_sd);
printf ("Connection from %lx, port %x\n",
sa_cli.sin_addr.s_addr, sa_cli.sin_port);
/* ----------------------------------------------- */
/* TCP connection is ready. Do server side SSL. */
ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl); CHK_SSL(err);
/* Get the cipher - opt */
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get client's certificate (note: beware of dynamic allocation) - opt */
client_cert = SSL_get_peer_certificate (ssl);
if (client_cert != NULL) {
printf ("Client certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (client_cert);
} else
printf ("Client does not have certificate.\n");
/* DATA EXCHANGE - Receive message and send reply. */
err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
printf ("Got %d chars:'%s'\n", err, buf);
err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err);
/* Clean up. */
close (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - serv.cpp */

Some files were not shown because too many files have changed in this diff Show More