fthielen/nginx-custom
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
root
2017-02-25 23:55:24 +01:00
commit 1fe2e8ab62
4868 changed files with 1487355 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
openssl-1.0.2f/demos/README Normal file
View File

@@ -0,0 +1,9 @@
NOTE: Don't expect any of these programs to work with current
OpenSSL releases, or even with later SSLeay releases.
Original README:
=============================================================================
Some demo programs sent to me by various people
eric

7
openssl-1.0.2f/demos/asn1/README.ASN1 Normal file
View File

@@ -0,0 +1,7 @@
This is a demo of the new ASN1 code. Its an OCSP ASN1 module. Doesn't
do much yet other than demonstrate what the new ASN1 modules might look
like.
It wont even compile yet: the new code isn't in place.

361
openssl-1.0.2f/demos/asn1/ocsp.c Normal file
View File

@@ -0,0 +1,361 @@
/* ocsp.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
/*-
Example of new ASN1 code, OCSP request
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL }
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
Signature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
Version ::= INTEGER { v1(0) }
Request ::= SEQUENCE {
reqCert CertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
OCSPResponseStatus ::= ENUMERATED {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
ResponseBytes ::= SEQUENCE {
responseType OBJECT IDENTIFIER,
response OCTET STRING }
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
ResponseData ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
ResponderID ::= CHOICE {
byName [1] Name, --EXPLICIT
byKey [2] KeyHash }
KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
--(excluding the tag and length fields)
SingleResponse ::= SEQUENCE {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
UnknownInfo ::= NULL -- this can be replaced with an enumeration
ArchiveCutoff ::= GeneralizedTime
AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
ServiceLocator ::= SEQUENCE {
issuer Name,
locator AuthorityInfoAccessSyntax }
-- Object Identifiers
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
*/
/* Request Structures */
DECLARE_STACK_OF(Request)
typedef struct {
ASN1_INTEGER *version;
GENERAL_NAME *requestorName;
STACK_OF(Request) *requestList;
STACK_OF(X509_EXTENSION) *requestExtensions;
} TBSRequest;
typedef struct {
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} Signature;
typedef struct {
TBSRequest *tbsRequest;
Signature *optionalSignature;
} OCSPRequest;
typedef struct {
X509_ALGOR *hashAlgorithm;
ASN1_OCTET_STRING *issuerNameHash;
ASN1_OCTET_STRING *issuerKeyHash;
ASN1_INTEGER *certificateSerialNumber;
} CertID;
typedef struct {
CertID *reqCert;
STACK_OF(X509_EXTENSION) *singleRequestExtensions;
} Request;
/* Response structures */
typedef struct {
ASN1_OBJECT *responseType;
ASN1_OCTET_STRING *response;
} ResponseBytes;
typedef struct {
ASN1_ENUMERATED *responseStatus;
ResponseBytes *responseBytes;
} OCSPResponse;
typedef struct {
int type;
union {
X509_NAME *byName;
ASN1_OCTET_STRING *byKey;
} d;
} ResponderID;
typedef struct {
ASN1_INTEGER *version;
ResponderID *responderID;
ASN1_GENERALIZEDTIME *producedAt;
STACK_OF(SingleResponse) *responses;
STACK_OF(X509_EXTENSION) *responseExtensions;
} ResponseData;
typedef struct {
ResponseData *tbsResponseData;
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} BasicOCSPResponse;
typedef struct {
ASN1_GENERALIZEDTIME *revocationTime;
ASN1_ENUMERATED *revocationReason;
} RevokedInfo;
typedef struct {
int type;
union {
ASN1_NULL *good;
RevokedInfo *revoked;
ASN1_NULL *unknown;
} d;
} CertStatus;
typedef struct {
CertID *certID;
CertStatus *certStatus;
ASN1_GENERALIZEDTIME *thisUpdate;
ASN1_GENERALIZEDTIME *nextUpdate;
STACK_OF(X509_EXTENSION) *singleExtensions;
} SingleResponse;
typedef struct {
X509_NAME *issuer;
STACK_OF(ACCESS_DESCRIPTION) *locator;
} ServiceLocator;
/* Now the ASN1 templates */
IMPLEMENT_COMPAT_ASN1(X509);
IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
// IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
IMPLEMENT_COMPAT_ASN1(X509_NAME);
ASN1_SEQUENCE(X509_EXTENSION) = {
ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(X509_EXTENSION);
ASN1_SEQUENCE(Signature) = {
ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
ASN1_SEQUENCE_OF(Signature, certs, X509)
} ASN1_SEQUENCE_END(Signature);
ASN1_SEQUENCE(CertID) = {
ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
} ASN1_SEQUENCE_END(CertID);
ASN1_SEQUENCE(Request) = {
ASN1_SIMPLE(Request, reqCert, CertID),
ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
} ASN1_SEQUENCE_END(Request);
ASN1_SEQUENCE(TBSRequest) = {
ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
} ASN1_SEQUENCE_END(TBSRequest);
ASN1_SEQUENCE(OCSPRequest) = {
ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
} ASN1_SEQUENCE_END(OCSPRequest);
/* Response templates */
ASN1_SEQUENCE(ResponseBytes) = {
ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(ResponseBytes);
ASN1_SEQUENCE(OCSPResponse) = {
ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
} ASN1_SEQUENCE_END(OCSPResponse);
ASN1_CHOICE(ResponderID) = {
ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
} ASN1_CHOICE_END(ResponderID);
ASN1_SEQUENCE(RevokedInfo) = {
ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
} ASN1_SEQUENCE_END(RevokedInfo);
ASN1_CHOICE(CertStatus) = {
ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
} ASN1_CHOICE_END(CertStatus);
ASN1_SEQUENCE(SingleResponse) = {
ASN1_SIMPLE(SingleResponse, certID, CertID),
ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(SingleResponse);
ASN1_SEQUENCE(ResponseData) = {
ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(ResponseData, responderID, ResponderID),
ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
} ASN1_SEQUENCE_END(ResponseData);
ASN1_SEQUENCE(BasicOCSPResponse) = {
ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
} ASN1_SEQUENCE_END(BasicOCSPResponse);

255
openssl-1.0.2f/demos/b64.c Normal file
View File

@@ -0,0 +1,255 @@
/* demos/b64.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "../apps/apps.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#undef SIZE
#undef BSIZE
#undef PROG
#define SIZE (512)
#define BSIZE (8*1024)
#define PROG enc_main
int main(argc, argv)
int argc;
char **argv;
{
char *strbuf = NULL;
unsigned char *buff = NULL, *bufsize = NULL;
int bsize = BSIZE, verbose = 0;
int ret = 1, inl;
char *str = NULL;
char *hkey = NULL, *hiv = NULL;
int enc = 1, printkey = 0, i, base64 = 0;
int debug = 0;
EVP_CIPHER *cipher = NULL, *c;
char *inf = NULL, *outf = NULL;
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
NULL, *wbio = NULL;
#define PROG_NAME_SIZE 39
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE);
base64 = 1;
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-e") == 0)
enc = 1;
if (strcmp(*argv, "-in") == 0) {
if (--argc < 1)
goto bad;
inf = *(++argv);
} else if (strcmp(*argv, "-out") == 0) {
if (--argc < 1)
goto bad;
outf = *(++argv);
} else if (strcmp(*argv, "-d") == 0)
enc = 0;
else if (strcmp(*argv, "-v") == 0)
verbose = 1;
else if (strcmp(*argv, "-debug") == 0)
debug = 1;
else if (strcmp(*argv, "-bufsize") == 0) {
if (--argc < 1)
goto bad;
bufsize = (unsigned char *)*(++argv);
} else {
BIO_printf(bio_err, "unknown option '%s'\n", *argv);
bad:
BIO_printf(bio_err, "options are\n");
BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
BIO_printf(bio_err, "%-14s encode\n", "-e");
BIO_printf(bio_err, "%-14s decode\n", "-d");
BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
goto end;
}
argc--;
argv++;
}
if (bufsize != NULL) {
int i;
unsigned long n;
for (n = 0; *bufsize; bufsize++) {
i = *bufsize;
if ((i <= '9') && (i >= '0'))
n = n * 10 + i - '0';
else if (i == 'k') {
n *= 1024;
bufsize++;
break;
}
}
if (*bufsize != '\0') {
BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
goto end;
}
/* It must be large enough for a base64 encoded line */
if (n < 80)
n = 80;
bsize = (int)n;
if (verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
}
strbuf = OPENSSL_malloc(SIZE);
buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
if ((buff == NULL) || (strbuf == NULL)) {
BIO_printf(bio_err, "OPENSSL_malloc failure\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
BIO_set_callback(out, BIO_debug_callback);
BIO_set_callback_arg(in, bio_err);
BIO_set_callback_arg(out, bio_err);
}
if (inf == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, inf) <= 0) {
perror(inf);
goto end;
}
}
if (outf == NULL)
BIO_set_fp(out, stdout, BIO_NOCLOSE);
else {
if (BIO_write_filename(out, outf) <= 0) {
perror(outf);
goto end;
}
}
rbio = in;
wbio = out;
if (base64) {
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
if (debug) {
BIO_set_callback(b64, BIO_debug_callback);
BIO_set_callback_arg(b64, bio_err);
}
if (enc)
wbio = BIO_push(b64, wbio);
else
rbio = BIO_push(b64, rbio);
}
for (;;) {
inl = BIO_read(rbio, (char *)buff, bsize);
if (inl <= 0)
break;
if (BIO_write(wbio, (char *)buff, inl) != inl) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
}
BIO_flush(wbio);
ret = 0;
if (verbose) {
BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
}
end:
if (strbuf != NULL)
OPENSSL_free(strbuf);
if (buff != NULL)
OPENSSL_free(buff);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free(out);
if (benc != NULL)
BIO_free(benc);
if (b64 != NULL)
BIO_free(b64);
EXIT(ret);
}

20
openssl-1.0.2f/demos/b64.pl Normal file
View File

@@ -0,0 +1,20 @@
#!/usr/local/bin/perl
#
# Make PEM encoded data have lines of 64 bytes of data
#
while (<>)
{
if (/^-----BEGIN/ .. /^-----END/)
{
if (/^-----BEGIN/) { $first=$_; next; }
if (/^-----END/) { $last=$_; next; }
$out.=$_;
}
}
$out =~ s/\s//g;
$out =~ s/(.{64})/$1\n/g;
print "$first$out\n$last\n";

22
openssl-1.0.2f/demos/bio/Makefile Normal file
View File

@@ -0,0 +1,22 @@
CC=cc
CFLAGS= -g -I../../include
LIBS= -L../.. ../../libssl.a ../../libcrypto.a -ldl
EXAMPLES=saccept sconnect client-arg client-conf
all: $(EXAMPLES)
saccept: saccept.o
$(CC) -o saccept saccept.o $(LIBS)
sconnect: sconnect.o
$(CC) -o sconnect sconnect.o $(LIBS)
client-arg: client-arg.o
$(CC) -o client-arg client-arg.o $(LIBS)
client-conf: client-conf.o
$(CC) -o client-conf client-conf.o $(LIBS)
clean:
rm -f $(EXAMPLES) *.o

7
openssl-1.0.2f/demos/bio/README Normal file
View File

@@ -0,0 +1,7 @@
This directory contains some simple examples of the use of BIO's
to simplify socket programming.
The client-conf, server-conf, client-arg and client-conf include examples
of how to use the SSL_CONF API for configuration file or command line
processing.

13
openssl-1.0.2f/demos/bio/accept.cnf Normal file
View File

@@ -0,0 +1,13 @@
# Example configuration file
# Port to listen on
Port = 4433
# Disable TLS v1.2 for test.
# Protocol = ALL, -TLSv1.2
# Only support 3 curves
Curves = P-521:P-384:P-256
# Automatic curve selection
ECDHParameters = Automatic
# Restricted signature algorithms
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
Certificate=server.pem
PrivateKey=server.pem

111
openssl-1.0.2f/demos/bio/client-arg.c Normal file
View File

@@ -0,0 +1,111 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
int main(int argc, char **argv)
{
BIO *sbio = NULL, *out = NULL;
int len;
char tmpbuf[1024];
SSL_CTX *ctx;
SSL_CONF_CTX *cctx;
SSL *ssl;
char **args = argv + 1;
const char *connect_str = "localhost:4433";
int nargs = argc - 1;
ERR_load_crypto_strings();
ERR_load_SSL_strings();
SSL_library_init();
ctx = SSL_CTX_new(SSLv23_client_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
while (*args && **args == '-') {
int rv;
/* Parse standard arguments */
rv = SSL_CONF_cmd_argv(cctx, &nargs, &args);
if (rv == -3) {
fprintf(stderr, "Missing argument for %s\n", *args);
goto end;
}
if (rv < 0) {
fprintf(stderr, "Error in command %s\n", *args);
ERR_print_errors_fp(stderr);
goto end;
}
/* If rv > 0 we processed something so proceed to next arg */
if (rv > 0)
continue;
/* Otherwise application specific argument processing */
if (!strcmp(*args, "-connect")) {
connect_str = args[1];
if (connect_str == NULL) {
fprintf(stderr, "Missing -connect argument\n");
goto end;
}
args += 2;
nargs -= 2;
continue;
} else {
fprintf(stderr, "Unknown argument %s\n", *args);
goto end;
}
}
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
goto err;
}
/*
* We'd normally set some stuff like the verify paths and * mode here
* because as things stand this will connect to * any server whose
* certificate is signed by any CA.
*/
sbio = BIO_new_ssl_connect(ctx);
BIO_get_ssl(sbio, &ssl);
if (!ssl) {
fprintf(stderr, "Can't locate SSL pointer\n");
goto end;
}
/* Don't want any retries */
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
/* We might want to do other things with ssl here */
BIO_set_conn_hostname(sbio, connect_str);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
if (BIO_do_connect(sbio) <= 0) {
fprintf(stderr, "Error connecting to server\n");
ERR_print_errors_fp(stderr);
goto end;
}
if (BIO_do_handshake(sbio) <= 0) {
fprintf(stderr, "Error establishing SSL connection\n");
ERR_print_errors_fp(stderr);
goto end;
}
/* Could examine ssl here to get connection info */
BIO_puts(sbio, "GET / HTTP/1.0\n\n");
for (;;) {
len = BIO_read(sbio, tmpbuf, 1024);
if (len <= 0)
break;
BIO_write(out, tmpbuf, len);
}
end:
SSL_CONF_CTX_free(cctx);
BIO_free_all(sbio);
BIO_free(out);
return 0;
}

120
openssl-1.0.2f/demos/bio/client-conf.c Normal file
View File

@@ -0,0 +1,120 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>
int main(int argc, char **argv)
{
BIO *sbio = NULL, *out = NULL;
int i, len, rv;
char tmpbuf[1024];
SSL_CTX *ctx = NULL;
SSL_CONF_CTX *cctx = NULL;
SSL *ssl = NULL;
CONF *conf = NULL;
STACK_OF(CONF_VALUE) *sect = NULL;
CONF_VALUE *cnf;
const char *connect_str = "localhost:4433";
long errline = -1;
ERR_load_crypto_strings();
ERR_load_SSL_strings();
SSL_library_init();
conf = NCONF_new(NULL);
if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
if (errline <= 0)
fprintf(stderr, "Error processing config file\n");
else
fprintf(stderr, "Error on line %ld\n", errline);
goto end;
}
sect = NCONF_get_section(conf, "default");
if (sect == NULL) {
fprintf(stderr, "Error retrieving default section\n");
goto end;
}
ctx = SSL_CTX_new(SSLv23_client_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
cnf = sk_CONF_VALUE_value(sect, i);
rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value);
if (rv > 0)
continue;
if (rv != -2) {
fprintf(stderr, "Error processing %s = %s\n",
cnf->name, cnf->value);
ERR_print_errors_fp(stderr);
goto end;
}
if (!strcmp(cnf->name, "Connect")) {
connect_str = cnf->value;
} else {
fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
goto end;
}
}
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
goto err;
}
/*
* We'd normally set some stuff like the verify paths and * mode here
* because as things stand this will connect to * any server whose
* certificate is signed by any CA.
*/
sbio = BIO_new_ssl_connect(ctx);
BIO_get_ssl(sbio, &ssl);
if (!ssl) {
fprintf(stderr, "Can't locate SSL pointer\n");
goto end;
}
/* Don't want any retries */
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
/* We might want to do other things with ssl here */
BIO_set_conn_hostname(sbio, connect_str);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
if (BIO_do_connect(sbio) <= 0) {
fprintf(stderr, "Error connecting to server\n");
ERR_print_errors_fp(stderr);
goto end;
}
if (BIO_do_handshake(sbio) <= 0) {
fprintf(stderr, "Error establishing SSL connection\n");
ERR_print_errors_fp(stderr);
goto end;
}
/* Could examine ssl here to get connection info */
BIO_puts(sbio, "GET / HTTP/1.0\n\n");
for (;;) {
len = BIO_read(sbio, tmpbuf, 1024);
if (len <= 0)
break;
BIO_write(out, tmpbuf, len);
}
end:
SSL_CONF_CTX_free(cctx);
BIO_free_all(sbio);
BIO_free(out);
NCONF_free(conf);
return 0;
}

9
openssl-1.0.2f/demos/bio/connect.cnf Normal file
View File

@@ -0,0 +1,9 @@
# Example configuration file
# Connects to the default port of s_server
Connect = localhost:4433
# Disable TLS v1.2 for test.
# Protocol = ALL, -TLSv1.2
# Only support 3 curves
Curves = P-521:P-384:P-256
# Restricted signature algorithms
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512

117
openssl-1.0.2f/demos/bio/saccept.c Normal file
View File

@@ -0,0 +1,117 @@
/* NOCW */
/* demos/bio/saccept.c */
/*-
* A minimal program to serve an SSL connection.
* It uses blocking.
* saccept host:port
* host is the interface IP to use. If any interface, use *:port
* The default it *:4433
*
* cc -I../../include saccept.c -L../.. -lssl -lcrypto -ldl
*/
#include <stdio.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#define CERT_FILE "server.pem"
BIO *in = NULL;
void close_up()
{
if (in != NULL)
BIO_free(in);
}
int main(argc, argv)
int argc;
char *argv[];
{
char *port = NULL;
BIO *ssl_bio, *tmp;
SSL_CTX *ctx;
SSL *ssl;
char buf[512];
int ret = 1, i;
if (argc <= 1)
port = "*:4433";
else
port = argv[1];
signal(SIGINT, close_up);
SSL_load_error_strings();
#ifdef WATT32
dbug_init();
sock_init();
#endif
/* Add ciphers and message digests */
OpenSSL_add_ssl_algorithms();
ctx = SSL_CTX_new(SSLv23_server_method());
if (!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
goto err;
if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
goto err;
if (!SSL_CTX_check_private_key(ctx))
goto err;
/* Setup server side SSL bio */
ssl = SSL_new(ctx);
ssl_bio = BIO_new_ssl(ctx, 0);
if ((in = BIO_new_accept(port)) == NULL)
goto err;
/*
* This means that when a new connection is accepted on 'in', The ssl_bio
* will be 'duplicated' and have the new socket BIO push into it.
* Basically it means the SSL BIO will be automatically setup
*/
BIO_set_accept_bios(in, ssl_bio);
again:
/*
* The first call will setup the accept socket, and the second will get a
* socket. In this loop, the first actual accept will occur in the
* BIO_read() function.
*/
if (BIO_do_accept(in) <= 0)
goto err;
for (;;) {
i = BIO_read(in, buf, 512);
if (i == 0) {
/*
* If we have finished, remove the underlying BIO stack so the
* next time we call any function for this BIO, it will attempt
* to do an accept
*/
printf("Done\n");
tmp = BIO_pop(in);
BIO_free_all(tmp);
goto again;
}
if (i < 0)
goto err;
fwrite(buf, 1, i, stdout);
fflush(stdout);
}
ret = 0;
err:
if (ret) {
ERR_print_errors_fp(stderr);
}
if (in != NULL)
BIO_free(in);
exit(ret);
return (!ret);
}

113
openssl-1.0.2f/demos/bio/sconnect.c Normal file
View File

@@ -0,0 +1,113 @@
/* NOCW */
/* demos/bio/sconnect.c */
/*-
* A minimal program to do SSL to a passed host and port.
* It is actually using non-blocking IO but in a very simple manner
* sconnect host:port - it does a 'GET / HTTP/1.0'
*
* cc -I../../include sconnect.c -L../.. -lssl -lcrypto
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
extern int errno;
int main(argc, argv)
int argc;
char *argv[];
{
char *host;
BIO *out;
char buf[1024 * 10], *p;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl;
BIO *ssl_bio;
int i, len, off, ret = 1;
if (argc <= 1)
host = "localhost:4433";
else
host = argv[1];
#ifdef WATT32
dbug_init();
sock_init();
#endif
/* Lets get nice error messages */
SSL_load_error_strings();
/* Setup all the global SSL stuff */
OpenSSL_add_ssl_algorithms();
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
/* Lets make a SSL structure */
ssl = SSL_new(ssl_ctx);
SSL_set_connect_state(ssl);
/* Use it inside an SSL BIO */
ssl_bio = BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
/* Lets use a connect BIO under the SSL BIO */
out = BIO_new(BIO_s_connect());
BIO_set_conn_hostname(out, host);
BIO_set_nbio(out, 1);
out = BIO_push(ssl_bio, out);
p = "GET / HTTP/1.0\r\n\r\n";
len = strlen(p);
off = 0;
for (;;) {
i = BIO_write(out, &(p[off]), len);
if (i <= 0) {
if (BIO_should_retry(out)) {
fprintf(stderr, "write DELAY\n");
sleep(1);
continue;
} else {
goto err;
}
}
off += i;
len -= i;
if (len <= 0)
break;
}
for (;;) {
i = BIO_read(out, buf, sizeof(buf));
if (i == 0)
break;
if (i < 0) {
if (BIO_should_retry(out)) {
fprintf(stderr, "read DELAY\n");
sleep(1);
continue;
}
goto err;
}
fwrite(buf, 1, i, stdout);
}
ret = 1;
if (0) {
err:
if (ERR_peek_error() == 0) { /* system call error */
fprintf(stderr, "errno=%d ", errno);
perror("error");
} else
ERR_print_errors_fp(stderr);
}
BIO_free_all(out);
if (ssl_ctx != NULL)
SSL_CTX_free(ssl_ctx);
exit(!ret);
return (ret);
}

144
openssl-1.0.2f/demos/bio/server-arg.c Normal file
View File

@@ -0,0 +1,144 @@
/* NOCW */
/* demos/bio/server-arg.c */
/*
* A minimal program to serve an SSL connection. It uses blocking. It use the
* SSL_CONF API with the command line. cc -I../../include server-arg.c
* -L../.. -lssl -lcrypto -ldl
*/
#include <stdio.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
int main(int argc, char *argv[])
{
char *port = "*:4433";
BIO *ssl_bio, *tmp;
SSL_CTX *ctx;
SSL_CONF_CTX *cctx;
char buf[512];
BIO *in = NULL;
int ret = 1, i;
char **args = argv + 1;
int nargs = argc - 1;
SSL_load_error_strings();
/* Add ciphers and message digests */
OpenSSL_add_ssl_algorithms();
ctx = SSL_CTX_new(SSLv23_server_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
while (*args && **args == '-') {
int rv;
/* Parse standard arguments */
rv = SSL_CONF_cmd_argv(cctx, &nargs, &args);
if (rv == -3) {
fprintf(stderr, "Missing argument for %s\n", *args);
goto err;
}
if (rv < 0) {
fprintf(stderr, "Error in command %s\n", *args);
ERR_print_errors_fp(stderr);
goto err;
}
/* If rv > 0 we processed something so proceed to next arg */
if (rv > 0)
continue;
/* Otherwise application specific argument processing */
if (!strcmp(*args, "-port")) {
port = args[1];
if (port == NULL) {
fprintf(stderr, "Missing -port argument\n");
goto err;
}
args += 2;
nargs -= 2;
continue;
} else {
fprintf(stderr, "Unknown argument %s\n", *args);
goto err;
}
}
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
goto err;
}
#if 0
/*
* Demo of how to iterate over all certificates in an SSL_CTX structure.
*/
{
X509 *x;
int rv;
rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST);
while (rv) {
X509 *x = SSL_CTX_get0_certificate(ctx);
X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0,
XN_FLAG_ONELINE);
printf("\n");
rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT);
}
fflush(stdout);
}
#endif
/* Setup server side SSL bio */
ssl_bio = BIO_new_ssl(ctx, 0);
if ((in = BIO_new_accept(port)) == NULL)
goto err;
/*
* This means that when a new connection is accepted on 'in', The ssl_bio
* will be 'duplicated' and have the new socket BIO push into it.
* Basically it means the SSL BIO will be automatically setup
*/
BIO_set_accept_bios(in, ssl_bio);
again:
/*
* The first call will setup the accept socket, and the second will get a
* socket. In this loop, the first actual accept will occur in the
* BIO_read() function.
*/
if (BIO_do_accept(in) <= 0)
goto err;
for (;;) {
i = BIO_read(in, buf, 512);
if (i == 0) {
/*
* If we have finished, remove the underlying BIO stack so the
* next time we call any function for this BIO, it will attempt
* to do an accept
*/
printf("Done\n");
tmp = BIO_pop(in);
BIO_free_all(tmp);
goto again;
}
if (i < 0)
goto err;
fwrite(buf, 1, i, stdout);
fflush(stdout);
}
ret = 0;
err:
if (ret) {
ERR_print_errors_fp(stderr);
}
if (in != NULL)
BIO_free(in);
exit(ret);
return (!ret);
}

138
openssl-1.0.2f/demos/bio/server-conf.c Normal file
View File

@@ -0,0 +1,138 @@
/* NOCW */
/* demos/bio/saccept-conf.c */
/*
* A minimal program to serve an SSL connection. It uses blocking. It uses
* the SSL_CONF API with a configuration file. cc -I../../include saccept.c
* -L../.. -lssl -lcrypto -ldl
*/
#include <stdio.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>
int main(int argc, char *argv[])
{
char *port = "*:4433";
BIO *in = NULL;
BIO *ssl_bio, *tmp;
SSL_CTX *ctx;
SSL_CONF_CTX *cctx = NULL;
CONF *conf = NULL;
STACK_OF(CONF_VALUE) *sect = NULL;
CONF_VALUE *cnf;
long errline = -1;
char buf[512];
int ret = 1, i;
SSL_load_error_strings();
/* Add ciphers and message digests */
OpenSSL_add_ssl_algorithms();
conf = NCONF_new(NULL);
if (NCONF_load(conf, "accept.cnf", &errline) <= 0) {
if (errline <= 0)
fprintf(stderr, "Error processing config file\n");
else
fprintf(stderr, "Error on line %ld\n", errline);
goto err;
}
sect = NCONF_get_section(conf, "default");
if (sect == NULL) {
fprintf(stderr, "Error retrieving default section\n");
goto err;
}
ctx = SSL_CTX_new(SSLv23_server_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
int rv;
cnf = sk_CONF_VALUE_value(sect, i);
rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value);
if (rv > 0)
continue;
if (rv != -2) {
fprintf(stderr, "Error processing %s = %s\n",
cnf->name, cnf->value);
ERR_print_errors_fp(stderr);
goto err;
}
if (!strcmp(cnf->name, "Port")) {
port = cnf->value;
} else {
fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
goto err;
}
}
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
goto err;
}
/* Setup server side SSL bio */
ssl_bio = BIO_new_ssl(ctx, 0);
if ((in = BIO_new_accept(port)) == NULL)
goto err;
/*
* This means that when a new connection is accepted on 'in', The ssl_bio
* will be 'duplicated' and have the new socket BIO push into it.
* Basically it means the SSL BIO will be automatically setup
*/
BIO_set_accept_bios(in, ssl_bio);
again:
/*
* The first call will setup the accept socket, and the second will get a
* socket. In this loop, the first actual accept will occur in the
* BIO_read() function.
*/
if (BIO_do_accept(in) <= 0)
goto err;
for (;;) {
i = BIO_read(in, buf, 512);
if (i == 0) {
/*
* If we have finished, remove the underlying BIO stack so the
* next time we call any function for this BIO, it will attempt
* to do an accept
*/
printf("Done\n");
tmp = BIO_pop(in);
BIO_free_all(tmp);
goto again;
}
if (i < 0) {
if (BIO_should_retry(in))
continue;
goto err;
}
fwrite(buf, 1, i, stdout);
fflush(stdout);
}
ret = 0;
err:
if (ret) {
ERR_print_errors_fp(stderr);
}
if (in != NULL)
BIO_free(in);
exit(ret);
return (!ret);
}

52
openssl-1.0.2f/demos/bio/server.pem Normal file
View File

@@ -0,0 +1,52 @@
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
-----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
-----END RSA PRIVATE KEY-----

18
openssl-1.0.2f/demos/cms/cacert.pem Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3
WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD
aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN
RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz
i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR
ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT
jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx
CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B
SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD
VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB
ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc
G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo
u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF
1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw==
-----END CERTIFICATE-----

15
openssl-1.0.2f/demos/cms/cakey.pem Normal file
View File

@@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd
c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3
dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB
AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5
HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs
tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS
rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18
9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u
jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is
uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU
+VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP
wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW
8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg==
-----END RSA PRIVATE KEY-----

60
openssl-1.0.2f/demos/cms/cms_comp.c Normal file
View File

@@ -0,0 +1,60 @@
/* Simple S/MIME compress example */
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
/*
* On OpenSSL 1.0.0+ only:
* for streaming set CMS_STREAM
*/
int flags = CMS_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Open content being compressed */
in = BIO_new_file("comp.txt", "r");
if (!in)
goto err;
/* compress content */
cms = CMS_compress(in, NID_zlib_compression, flags);
if (!cms)
goto err;
out = BIO_new_file("smcomp.txt", "w");
if (!out)
goto err;
/* Write out S/MIME message */
if (!SMIME_write_CMS(out, cms, in, flags))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Compressing Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
return ret;
}

89
openssl-1.0.2f/demos/cms/cms_ddec.c Normal file
View File

@@ -0,0 +1,89 @@
/*
* S/MIME detached data decrypt example: rarely done but should the need
* arise this is an example....
*/
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!rcert || !rkey)
goto err;
/* Open PEM file containing enveloped data */
in = BIO_new_file("smencr.pem", "r");
if (!in)
goto err;
/* Parse PEM content */
cms = PEM_read_bio_CMS(in, NULL, 0, NULL);
if (!cms)
goto err;
/* Open file containing detached content */
dcont = BIO_new_file("smencr.out", "rb");
if (!in)
goto err;
out = BIO_new_file("encrout.txt", "w");
if (!out)
goto err;
/* Decrypt S/MIME message */
if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Decrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
if (dcont)
BIO_free(dcont);
return ret;
}

78
openssl-1.0.2f/demos/cms/cms_dec.c Normal file
View File

@@ -0,0 +1,78 @@
/* Simple S/MIME decryption example */
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!rcert || !rkey)
goto err;
/* Open S/MIME message to decrypt */
in = BIO_new_file("smencr.txt", "r");
if (!in)
goto err;
/* Parse message */
cms = SMIME_read_CMS(in, NULL);
if (!cms)
goto err;
out = BIO_new_file("decout.txt", "w");
if (!out)
goto err;
/* Decrypt S/MIME message */
if (!CMS_decrypt(cms, rkey, rcert, NULL, out, 0))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Decrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

98
openssl-1.0.2f/demos/cms/cms_denc.c Normal file
View File

@@ -0,0 +1,98 @@
/*
* S/MIME detached data encrypt example: rarely done but should the need
* arise this is an example....
*/
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL;
X509 *rcert = NULL;
STACK_OF(X509) *recips = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
int flags = CMS_STREAM | CMS_DETACHED;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
if (!rcert)
goto err;
/* Create recipient STACK and add recipient cert to it */
recips = sk_X509_new_null();
if (!recips || !sk_X509_push(recips, rcert))
goto err;
/*
* sk_X509_pop_free will free up recipient STACK and its contents so set
* rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
/* Open content being encrypted */
in = BIO_new_file("encr.txt", "r");
dout = BIO_new_file("smencr.out", "wb");
if (!in)
goto err;
/* encrypt content */
cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
if (!cms)
goto err;
out = BIO_new_file("smencr.pem", "w");
if (!out)
goto err;
if (!CMS_final(cms, in, dout, flags))
goto err;
/* Write out CMS structure without content */
if (!PEM_write_bio_CMS(out, cms))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Encrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (dout)
BIO_free(dout);
if (tbio)
BIO_free(tbio);
return ret;
}

92
openssl-1.0.2f/demos/cms/cms_enc.c Normal file
View File

@@ -0,0 +1,92 @@
/* Simple S/MIME encrypt example */
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
STACK_OF(X509) *recips = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
/*
* On OpenSSL 1.0.0 and later only:
* for streaming set CMS_STREAM
*/
int flags = CMS_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
if (!rcert)
goto err;
/* Create recipient STACK and add recipient cert to it */
recips = sk_X509_new_null();
if (!recips || !sk_X509_push(recips, rcert))
goto err;
/*
* sk_X509_pop_free will free up recipient STACK and its contents so set
* rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
/* Open content being encrypted */
in = BIO_new_file("encr.txt", "r");
if (!in)
goto err;
/* encrypt content */
cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
if (!cms)
goto err;
out = BIO_new_file("smencr.txt", "w");
if (!out)
goto err;
/* Write out S/MIME message */
if (!SMIME_write_CMS(out, cms, in, flags))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Encrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

88
openssl-1.0.2f/demos/cms/cms_sign.c Normal file
View File

@@ -0,0 +1,88 @@
/* Simple S/MIME signing example */
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL;
EVP_PKEY *skey = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
/*
* For simple S/MIME signing use CMS_DETACHED. On OpenSSL 1.0.0 only: for
* streaming detached set CMS_DETACHED|CMS_STREAM for streaming
* non-detached set CMS_STREAM
*/
int flags = CMS_DETACHED | CMS_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in signer certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!scert || !skey)
goto err;
/* Open content being signed */
in = BIO_new_file("sign.txt", "r");
if (!in)
goto err;
/* Sign content */
cms = CMS_sign(scert, skey, NULL, in, flags);
if (!cms)
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
if (!(flags & CMS_STREAM))
BIO_reset(in);
/* Write out S/MIME message */
if (!SMIME_write_CMS(out, cms, in, flags))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

102
openssl-1.0.2f/demos/cms/cms_sign2.c Normal file
View File

@@ -0,0 +1,102 @@
/* S/MIME signing example: 2 signers */
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL, *scert2 = NULL;
EVP_PKEY *skey = NULL, *skey2 = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
BIO_free(tbio);
tbio = BIO_new_file("signer2.pem", "r");
if (!tbio)
goto err;
scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!scert2 || !skey2)
goto err;
in = BIO_new_file("sign.txt", "r");
if (!in)
goto err;
cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM | CMS_PARTIAL);
if (!cms)
goto err;
/* Add each signer in turn */
if (!CMS_add1_signer(cms, scert, skey, NULL, 0))
goto err;
if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0))
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
/* NB: content included and finalized by SMIME_write_CMS */
if (!SMIME_write_CMS(out, cms, in, CMS_STREAM))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
if (skey)
EVP_PKEY_free(skey2);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

55
openssl-1.0.2f/demos/cms/cms_uncomp.c Normal file
View File

@@ -0,0 +1,55 @@
/* Simple S/MIME uncompression example */
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Open compressed content */
in = BIO_new_file("smcomp.txt", "r");
if (!in)
goto err;
/* Sign content */
cms = SMIME_read_CMS(in, NULL);
if (!cms)
goto err;
out = BIO_new_file("smuncomp.txt", "w");
if (!out)
goto err;
/* Uncompress S/MIME message */
if (!CMS_uncompress(cms, out, NULL, 0))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Uncompressing Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
return ret;
}

85
openssl-1.0.2f/demos/cms/cms_ver.c Normal file
View File

@@ -0,0 +1,85 @@
/* Simple S/MIME verification example */
#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
X509_STORE *st = NULL;
X509 *cacert = NULL;
CMS_ContentInfo *cms = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Set up trusted CA certificate store */
st = X509_STORE_new();
/* Read in CA certificate */
tbio = BIO_new_file("cacert.pem", "r");
if (!tbio)
goto err;
cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
if (!cacert)
goto err;
if (!X509_STORE_add_cert(st, cacert))
goto err;
/* Open message being verified */
in = BIO_new_file("smout.txt", "r");
if (!in)
goto err;
/* parse message */
cms = SMIME_read_CMS(in, &cont);
if (!cms)
goto err;
/* File to output verified content to */
out = BIO_new_file("smver.txt", "w");
if (!out)
goto err;
if (!CMS_verify(cms, NULL, st, cont, out, 0)) {
fprintf(stderr, "Verification Failure\n");
goto err;
}
fprintf(stderr, "Verification Successful\n");
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Verifying Data\n");
ERR_print_errors_fp(stderr);
}
if (cms)
CMS_ContentInfo_free(cms);
if (cacert)
X509_free(cacert);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

22
openssl-1.0.2f/demos/cms/comp.txt Normal file
View File

@@ -0,0 +1,22 @@
Content-type: text/plain
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed
Some Text To be Compressed

3
openssl-1.0.2f/demos/cms/encr.txt Normal file
View File

@@ -0,0 +1,3 @@
Content-type: text/plain
Sample OpenSSL Data for CMS encryption

3
openssl-1.0.2f/demos/cms/sign.txt Normal file
View File

@@ -0,0 +1,3 @@
Content-type: text/plain
Test OpenSSL CMS Signed Content

32
openssl-1.0.2f/demos/cms/signer.pem Normal file
View File

@@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
+Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
lDiQlgX0JtmLgA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
-----END RSA PRIVATE KEY-----

32
openssl-1.0.2f/demos/cms/signer2.pem Normal file
View File

@@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0
WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl
bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ
jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW
ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW
GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X
h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4
aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR
2aX6rl2JEuJ5Yg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM
nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f
nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB
AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF
6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2
CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf
m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX
2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr
upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4
ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL
SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk
gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX
pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A=
-----END RSA PRIVATE KEY-----

123
openssl-1.0.2f/demos/easy_tls/Makefile Normal file
View File

@@ -0,0 +1,123 @@
# Makefile for easy-tls example application (rudimentary client and server)
# $Id: Makefile,v 1.2 2001/09/18 09:15:40 bodo Exp $
SOLARIS_CFLAGS=-Wall -pedantic -g -O2
SOLARIS_LIBS=-lxnet
LINUX_CFLAGS=-Wall -pedantic -g -O2
LINUX_LIBS=
auto-all:
case `uname -s` in \
SunOS) echo Using SunOS configuration; \
make SYSCFLAGS="$(SOLARIS_CFLAGS)" SYSLIBS="$(SOLARIS_LIBS)" all;; \
Linux) echo Using Linux configuration; \
make SYSCFLAGS="$(LINUX_CFLAGS)" SYSLIBS="$(LINUX_LIBS)" all;; \
*) echo "unknown system"; exit 1;; \
esac
all: test TAGS
# For adapting this Makefile to a different system, only the following
# definitions should need customizing:
OPENSSLDIR=../..
CC=gcc
SYSCFLAGS=whatever
SYSLIBS=whatever
#############################################################################
#
# SSLeay/OpenSSL imports
#
# OPENSSLDIR (set above) can be either the directory where OpenSSL is
# installed or the directory where it was compiled.
# We rely on having a new OpenSSL release where include files
# have names like <openssl/ssl.h> (not just <ssl.h>).
OPENSSLINCLUDES=-I$(OPENSSLDIR)/include
# libcrypto.a and libssl.a are directly in $(OPENSSLDIR) if this is
# the compile directory, or in $(OPENSSLDIR)/lib if we use an installed
# library. With the following definition, we can handle either case.
OPENSSLLIBS=-L$(OPENSSLDIR) -L$(OPENSSLDIR)/lib -lssl -lcrypto
#############################################################################
#
# Stuff for handling the source files
#
SOURCES=easy-tls.c test.c
HEADERS=easy-tls.h test.h
DOCSandEXAMPLESetc=Makefile cert.pem cacerts.pem
EVERYTHING=$(SOURCES) $(HEADERS) $(DOCSandEXAMPLESetc)
ls: ls-l
ls-l:
ls -l $(EVERYTHING)
# For RCS:
tag:
-rcs -n_`date +%y%m%d`: $(EVERYTHING)
rcs -nMYTAG $(EVERYTHING)
rcs -nMYTAG: $(EVERYTHING)
diff:
-rcsdiff -rMYTAG -u $(EVERYTHING)
today:
-rcsdiff -r_`date +%y%m%d` -u $(EVERYTHING)
ident:
for a in $(EVERYTHING); do ident $$a; done
# Distribution .tar:
easy-tls.tar.gz: $(EVERYTHING)
tar cvf - $(EVERYTHING) | \
gzip -9 > easy-tls.tar.gz
# Working .tar:
tls.tgz: $(EVERYTHING)
tar cfv - `find . -type f -a ! -name '*.tgz' -a ! -name '*.tar.gz'` | \
gzip -9 > tls.tgz
# For emacs:
etags: TAGS
TAGS: $(SOURCES) $(HEADERS)
-etags $(SOURCES) $(HEADERS)
#############################################################################
#
# Compilation
#
# The following definitions are system dependent (and hence defined
# at the beginning of this Makefile, where they are more easily found):
### CC=gcc
### SYSCFLAGS=-Wall -pedantic -g -O2
### SYSLIBS=-lxnet
EXTRACFLAGS=-DTLS_APP=\"test.h\"
# EXTRACFLAGS=-DTLS_APP=\"test.h\" -DDEBUG_TLS
#
# The rest shouldn't need to be touched.
#
LDFLAGS=$(SYSLIBS) $(OPENSSLLIBS)
INCLUDES=$(OPENSSLINCLUDES)
CFLAGS=$(SYSCFLAGS) $(EXTRACFLAGS) $(INCLUDES)
OBJS=easy-tls.o test.o
clean:
@rm -f test
@rm -f TAGS
@rm -f *.o
@rm -f core
test: $(OBJS)
$(CC) $(OBJS) $(LDFLAGS) -o test
test.o: $(HEADERS)
easy-tls.o: $(HEADERS)

65
openssl-1.0.2f/demos/easy_tls/README Normal file
View File

@@ -0,0 +1,65 @@
easy_tls - generic SSL/TLS proxy
========
(... and example for non-blocking SSL/TLS I/O multiplexing.)
easy_tls.c, easy_tls.h:
Small generic SSL/TLS proxy library: With a few function calls,
an application socket will be replaced by a pipe handled by a
separate SSL/TLS proxy process. This allows easily adding
SSL/TLS support to many programs not originally designed for it.
[Actually easy_tls.c is not a proper library: Customization
requires defining preprocessor macros while compiling it.
This is quite confusing, so I'll probably change it.]
These files may be used under the OpenSSL license.
test.c, test.h, Makefile, cert.pem, cacerts.pem:
Rudimentary example program using the easy_tls library, and
example key and certificates for it. Usage examples:
$ ./test 8443 # create server listening at port 8443
$ ./test 127.0.0.1 8443 # create client, connect to port 8443
# at IP address 127.0.0.1
'test' will not automatically do SSL/TLS, or even read or write
data -- it must be told to do so on input lines starting
with a command letter. 'W' means write a line, 'R' means
read a line, 'C' means close the connection, 'T' means
start an SSL/TLS proxy. E.g. (user input tagged with '*'):
* R
<<< 220 mail.example.net
* WSTARTTLS
>>> STARTTLS
* R
<<< 220 Ready to start TLS
* T
test_process_init(fd = 3, client_p = 1, apparg = (nil))
+++ `E:self signed certificate in certificate chain'
+++ `<... certificate info ...>'
* WHELO localhost
>>> HELO localhost
R
<<< 250 mail.example.net
You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using
'T' multiple times. I have no idea why you would want to though.
This code is rather old. When I find time I will update anything that
should be changed, and improve code comments. To compile the sample
program 'test' on platforms other then Linux or Solaris, you will have
to edit the Makefile.
As noted above, easy_tls.c will be changed to become a library one
day, which means that future revisions will not be fully compatible to
the current version.
Bodo Möller <bodo@openssl.org>

18
openssl-1.0.2f/demos/easy_tls/cacerts.pem Normal file
View File

@@ -0,0 +1,18 @@
$Id: cacerts.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-----BEGIN CERTIFICATE-----
MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
-----END CERTIFICATE-----

31
openssl-1.0.2f/demos/easy_tls/cert.pem Normal file
View File

@@ -0,0 +1,31 @@
$Id: cert.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
Example certificate and key.
-----BEGIN CERTIFICATE-----
MIIB1jCCAT8CAQEwDQYJKoZIhvcNAQEEBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw05OTA1MDEwMTI2MzVaFw05OTA1MzEwMTI2MzVaMCIxCzAJBgNVBAYTAkRF
MRMwEQYDVQQDEwpUZXN0c2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68/8MbT3ou0pdF
AcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2ai7emdjMjXVL
tzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQABMA0GCSqGSIb3
DQEBBAUAA4GBAMgM+sbAk8DfjSfa+Rf2gcGXmbrvZAzKzC+5RU3kaq/NyxIXAGco
9dZjozzWfN/xuGup5boFk+KrP+xdgsaqGHsyzlgEoqz4ekqLjQeVbnoj339hVFU9
MhPi6JULPxjXKumjfX2LLNkikW5puz8Df3UiX0EiaJvd7EwP8J75tiUT
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68
/8MbT3ou0pdFAcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2
ai7emdjMjXVLtzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQAB
AoGANST8c1etf1MU19oIO5aqaE19OCXIG7oakNLCCtVTPMfvnE+vffBJH7BPIUuU
4BBzwRv1nQrkvk72TPjVjOAu81B1SStKQueun2flVuYxp9NyupNWCBley4QdohlP
I92ml2tzTSPmNIoA6jdGyNzFcGchapRRmejsC39F1RUbHQECQQD9KX81Wt8ZOrri
dWiEXja1L3X8Bkb9vvUjVMQDTJJPxBJjehC6eurgE6PP6SJD5p/f3RHPCcLr8tSM
D4P/OpKhAkEA/PFNlhIZUDKK6aTvG2mn7qQ5phbadOoyN1Js3ttWG5OMOZ6b/QlC
Wvp84h44506BIlv+Tg2YAI0AdBUrf7oEowJAM4joAVd/ROaEtqbJ4PBA2L9RmD06
5FqkEk4mHLnQqvYx/BgUIbH18ClvVlqSBBqFfw/EmU3WZSuogt6Bs0ocIQJBAOxB
AoPiYcxbeQ5kZIVJOXaX49SzUdaUDNVJYrEBUzsspHQJJo/Avz606kJVkjbSR6Ft
JWmIHuqcyMikIV4KxFsCQQCU2evoVjVsqkkbHi7W28f73PGBsyu0KIwlK7nu4h08
Daf7TAI+A6jW/WRUsJ6dFhUYi7/Jvkcdrlnbgm2fxziX
-----END RSA PRIVATE KEY-----

1311
openssl-1.0.2f/demos/easy_tls/easy-tls.c Normal file
View File

File diff suppressed because it is too large Load Diff

60
openssl-1.0.2f/demos/easy_tls/easy-tls.h Normal file
View File

@@ -0,0 +1,60 @@
/* */
/*-
* easy-tls.h -- generic TLS proxy.
* $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
*/
/*
* (c) Copyright 1999 Bodo Moeller. All rights reserved.
*/
#ifndef HEADER_TLS_H
# define HEADER_TLS_H
# ifndef HEADER_SSL_H
typedef struct ssl_ctx_st SSL_CTX;
# endif
# define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */
void tls_set_dhe1024(int i, void *apparg);
/*
* Generate DHE parameters: i >= 0 deterministic (i selects seed), i < 0
* random (may take a while). tls_create_ctx calls this with random
* non-negative i if the application has never called it.
*/
void tls_rand_seed(void);
int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
void tls_rand_seed_from_memory(const void *buf, size_t n);
struct tls_create_ctx_args {
int client_p;
const char *certificate_file;
const char *key_file;
const char *ca_file;
int verify_depth;
int fail_unless_verified;
int export_p;
};
struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
/*
* struct tls_create_ctx_args is similar to a conventional argument list, but
* it can provide default values and allows for future extension.
*/
SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
struct tls_start_proxy_args {
int fd;
int client_p;
SSL_CTX *ctx;
pid_t *pid;
int *infofd;
};
struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
/*
* tls_start_proxy return value *MUST* be checked! 0 means ok, otherwise
* we've probably run out of some resources.
*/
int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
#endif

248
openssl-1.0.2f/demos/easy_tls/test.c Normal file
View File

@@ -0,0 +1,248 @@
/* test.c */
/* $Id: test.c,v 1.1 2001/09/17 19:06:59 bodo Exp $ */
#define L_PORT 9999
#define C_PORT 443
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <unistd.h>
#include "test.h"
#include "easy-tls.h"
void test_process_init(int fd, int client_p, void *apparg)
{
fprintf(stderr,
"test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd,
client_p, apparg);
}
void test_errflush(int child_p, char *errbuf, size_t num, void *apparg)
{
fputs(errbuf, stderr);
}
int main(int argc, char *argv[])
{
int s, fd, r;
FILE *conn_in;
FILE *conn_out;
char buf[256];
SSL_CTX *ctx;
int client_p = 0;
int port;
int tls = 0;
char infobuf[TLS_INFO_SIZE + 1];
if (argc > 1 && argv[1][0] == '-') {
fputs("Usage: test [port] -- server\n"
" test num.num.num.num [port] -- client\n", stderr);
exit(1);
}
if (argc > 1) {
if (strchr(argv[1], '.')) {
client_p = 1;
}
}
fputs(client_p ? "Client\n" : "Server\n", stderr);
{
struct tls_create_ctx_args a = tls_create_ctx_defaultargs();
a.client_p = client_p;
a.certificate_file = "cert.pem";
a.key_file = "cert.pem";
a.ca_file = "cacerts.pem";
ctx = tls_create_ctx(a, NULL);
if (ctx == NULL)
exit(1);
}
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (s == -1) {
perror("socket");
exit(1);
}
if (client_p) {
struct sockaddr_in addr;
size_t addr_len = sizeof addr;
addr.sin_family = AF_INET;
assert(argc > 1);
if (argc > 2)
sscanf(argv[2], "%d", &port);
else
port = C_PORT;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(argv[1]);
r = connect(s, &addr, addr_len);
if (r != 0) {
perror("connect");
exit(1);
}
fd = s;
fprintf(stderr, "Connect (fd = %d).\n", fd);
} else {
/* server */
{
int i = 1;
r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&i, sizeof i);
if (r == -1) {
perror("setsockopt");
exit(1);
}
}
{
struct sockaddr_in addr;
size_t addr_len = sizeof addr;
if (argc > 1)
sscanf(argv[1], "%d", &port);
else
port = L_PORT;
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
r = bind(s, &addr, addr_len);
if (r != 0) {
perror("bind");
exit(1);
}
}
r = listen(s, 1);
if (r == -1) {
perror("listen");
exit(1);
}
fprintf(stderr, "Listening at port %i.\n", port);
fd = accept(s, NULL, 0);
if (fd == -1) {
perror("accept");
exit(1);
}
fprintf(stderr, "Accept (fd = %d).\n", fd);
}
conn_in = fdopen(fd, "r");
if (conn_in == NULL) {
perror("fdopen");
exit(1);
}
conn_out = fdopen(fd, "w");
if (conn_out == NULL) {
perror("fdopen");
exit(1);
}
setvbuf(conn_in, NULL, _IOLBF, 256);
setvbuf(conn_out, NULL, _IOLBF, 256);
while (fgets(buf, sizeof buf, stdin) != NULL) {
if (buf[0] == 'W') {
fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1),
buf + 1);
fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1),
buf + 1);
} else if (buf[0] == 'C') {
fprintf(stderr, "Closing.\n");
fclose(conn_in);
fclose(conn_out);
exit(0);
} else if (buf[0] == 'R') {
int lines = 0;
sscanf(buf + 1, "%d", &lines);
do {
if (fgets(buf, sizeof buf, conn_in) == NULL) {
if (ferror(conn_in)) {
fprintf(stderr, "ERROR\n");
exit(1);
}
fprintf(stderr, "CLOSED\n");
return 0;
}
fprintf(stderr, "<<< %s", buf);
} while (--lines > 0);
} else if (buf[0] == 'T') {
int infofd;
tls++;
{
struct tls_start_proxy_args a = tls_start_proxy_defaultargs();
a.fd = fd;
a.client_p = client_p;
a.ctx = ctx;
a.infofd = &infofd;
r = tls_start_proxy(a, NULL);
}
assert(r != 1);
if (r != 0) {
fprintf(stderr, "tls_start_proxy failed: %d\n", r);
switch (r) {
case -1:
fputs("socketpair", stderr);
break;
case 2:
fputs("FD_SETSIZE exceeded", stderr);
break;
case -3:
fputs("pipe", stderr);
break;
case -4:
fputs("fork", stderr);
break;
case -5:
fputs("dup2", stderr);
break;
default:
fputs("?", stderr);
}
if (r < 0)
perror("");
else
fputc('\n', stderr);
exit(1);
}
r = read(infofd, infobuf, sizeof infobuf - 1);
if (r > 0) {
const char *info = infobuf;
const char *eol;
infobuf[r] = '\0';
while ((eol = strchr(info, '\n')) != NULL) {
fprintf(stderr, "+++ `%.*s'\n", eol - info, info);
info = eol + 1;
}
close(infofd);
}
} else {
fprintf(stderr, "W... write line to network\n"
"R[n] read line (n lines) from network\n"
"C close\n"
"T start %sTLS proxy\n", tls ? "another " : "");
}
}
return 0;
}

10
openssl-1.0.2f/demos/easy_tls/test.h Normal file
View File

@@ -0,0 +1,10 @@
/* test.h */
/* $Id: test.h,v 1.1 2001/09/17 19:07:00 bodo Exp $ */
void test_process_init(int fd, int client_p, void *apparg);
#define TLS_APP_PROCESS_INIT test_process_init
#undef TLS_CUMULATE_ERRORS
void test_errflush(int child_p, char *errbuf, size_t num, void *apparg);
#define TLS_APP_ERRFLUSH test_errflush

114
openssl-1.0.2f/demos/engines/cluster_labs/Makefile Normal file
View File

@@ -0,0 +1,114 @@
LIBNAME= libclabs
SRC= hw_cluster_labs.c
OBJ= hw_cluster_labs.o
HEADER= hw_cluster_labs.h
CC= gcc
PIC= -fPIC
CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
AR= ar r
RANLIB= ranlib
LIB= $(LIBNAME).a
SHLIB= $(LIBNAME).so
all:
@echo 'Please choose a system to build on:'
@echo ''
@echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
@echo 'solaris: Solaris'
@echo 'irix: IRIX'
@echo 'hpux32: 32-bit HP/UX'
@echo 'hpux64: 64-bit HP/UX'
@echo 'aix: AIX'
@echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
@echo ''
FORCE.update:
update: FORCE.update
perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
-nostatic -staticloader -write hw_cluster_labs.c
gnu: $(SHLIB).gnu
tru64: $(SHLIB).tru64
solaris: $(SHLIB).solaris
irix: $(SHLIB).irix
hpux32: $(SHLIB).hpux32
hpux64: $(SHLIB).hpux64
aix: $(SHLIB).aix
$(LIB): $(OBJ)
$(AR) $(LIB) $(OBJ)
- $(RANLIB) $(LIB)
LINK_SO= \
ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
(nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
$$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
$(SHLIB).gnu: $(LIB)
ALLSYMSFLAGS='--whole-archive' \
SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).gnu
$(SHLIB).tru64: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).tru64
$(SHLIB).solaris: $(LIB)
ALLSYMSFLAGS='-z allextract' \
SHAREDFLAGS='-G -h $(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).solaris
$(SHLIB).irix: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).irix
$(SHLIB).hpux32: $(LIB)
ALLSYMSFLAGS='-Fl' \
SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux32
$(SHLIB).hpux64: $(LIB)
ALLSYMSFLAGS='+forceload' \
SHAREDFLAGS='-b -z +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux64
$(SHLIB).aix: $(LIB)
ALLSYMSFLAGS='-bnogc' \
SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).aix
depend:
sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp Makefile
mv Makefile.new Makefile
# DO NOT DELETE THIS LINE -- make depend depends on it.
rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
rsaref.o: ../../../include/openssl/opensslconf.h
rsaref.o: ../../../include/openssl/opensslv.h
rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
rsaref.o: source/rsaref.h

33
openssl-1.0.2f/demos/engines/cluster_labs/cluster_labs.h Normal file
View File

@@ -0,0 +1,33 @@
typedef int cl_engine_init(void);
typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *cgx);
typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx);
typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
typedef int cl_rand_bytes(unsigned char *buf, int num);
typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
static const char *CLUSTER_LABS_F1 = "hw_engine_init";
static const char *CLUSTER_LABS_F2 = "hw_mod_exp";
static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt";
static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp";
static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc";
static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec";
static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc";
static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec";
static const char *CLUSTER_LABS_F20 = "hw_rand_bytes";
static const char *CLUSTER_LABS_F30 = "hw_dsa_sign";
static const char *CLUSTER_LABS_F31 = "hw_dsa_verify";

692
openssl-1.0.2f/demos/engines/cluster_labs/hw_cluster_labs.c Normal file
View File

@@ -0,0 +1,692 @@
/* crypto/engine/hw_cluster_labs.c */
/*
* Written by Jan Tschirschwitz (jan.tschirschwitz@cluster-labs.com for the
* OpenSSL project 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define MSC_VER /* only used cryptic.h */
#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/dso.h>
#include <openssl/des.h>
#include <openssl/engine.h>
#ifndef NO_HW
# ifndef NO_HW_CLUSTER_LABS
# ifdef FLAT_INC
# include "cluster_labs.h"
# else
# include "vendor_defns/cluster_labs.h"
# endif
# define CL_LIB_NAME "cluster_labs engine"
# include "hw_cluster_labs_err.c"
static int cluster_labs_destroy(ENGINE *e);
static int cluster_labs_init(ENGINE *e);
static int cluster_labs_finish(ENGINE *e);
static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) ());
/* BIGNUM stuff */
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx);
/* RSA stuff */
# ifndef OPENSSL_NO_RSA
static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding);
static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding);
static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
# endif
/* DSA stuff */
# ifndef OPENSSL_NO_DSA
static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen,
DSA *dsa);
static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont);
static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx);
# endif
/* DH stuff */
# ifndef OPENSSL_NO_DH
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx);
# endif
/* RANDOM stuff */
static int cluster_labs_rand_bytes(unsigned char *buf, int num);
/* The definitions for control commands specific to this engine */
# define CLUSTER_LABS_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] = {
{CLUSTER_LABS_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'cluster labs' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
/* Our internal RSA_METHOD that we provide pointers to */
# ifndef OPENSSL_NO_RSA
static RSA_METHOD cluster_labs_rsa = {
"Cluster Labs RSA method",
cluster_labs_rsa_pub_enc, /* rsa_pub_enc */
cluster_labs_rsa_pub_dec, /* rsa_pub_dec */
cluster_labs_rsa_priv_enc, /* rsa_priv_enc */
cluster_labs_rsa_priv_dec, /* rsa_priv_dec */
cluster_labs_rsa_mod_exp, /* rsa_mod_exp */
cluster_labs_mod_exp_mont, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL, /* apps_data */
NULL, /* rsa_sign */
NULL /* rsa_verify */
};
# endif
/* Our internal DSA_METHOD that we provide pointers to */
# ifndef OPENSSL_NO_DSA
static DSA_METHOD cluster_labs_dsa = {
"Cluster Labs DSA method",
cluster_labs_dsa_sign, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
cluster_labs_dsa_verify, /* dsa_do_verify */
cluster_labs_dsa_mod_exp, /* dsa_mod_exp */
cluster_labs_mod_exp_dsa, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
# endif
/* Our internal DH_METHOD that we provide pointers to */
# ifndef OPENSSL_NO_DH
static DH_METHOD cluster_labs_dh = {
"Cluster Labs DH method",
NULL, /* generate key */
NULL, /* compute key */
cluster_labs_mod_exp_dh, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
# endif
static RAND_METHOD cluster_labs_rand = {
/* "Cluster Labs RAND method", */
NULL, /* seed */
cluster_labs_rand_bytes, /* bytes */
NULL, /* cleanup */
NULL, /* add */
cluster_labs_rand_bytes, /* pseudorand */
NULL, /* status */
};
static const char *engine_cluster_labs_id = "cluster_labs";
static const char *engine_cluster_labs_name =
"Cluster Labs hardware engine support";
/* engine implementation */
/* ---------------------*/
static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_cluster_labs_id) ||
!ENGINE_set_name(e, engine_cluster_labs_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &cluster_labs_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &cluster_labs_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &cluster_labs_dh) ||
# endif
!ENGINE_set_RAND(e, &cluster_labs_rand) ||
!ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
!ENGINE_set_init_function(e, cluster_labs_init) ||
!ENGINE_set_finish_function(e, cluster_labs_finish) ||
!ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
!ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
return 0;
/* Ensure the error handling is set up */
ERR_load_CL_strings();
return 1;
}
# ifndef ENGINE_DYNAMIC_SUPPORT
static ENGINE *engine_cluster_labs(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
# ifdef ENGINE_DYNAMIC_SUPPORT
static
# endif
void ENGINE_load_cluster_labs(void)
{
ENGINE *cluster_labs = engine_cluster_labs();
if (!cluster_labs)
return;
ENGINE_add(cluster_labs);
ENGINE_free(cluster_labs);
ERR_clear_error();
}
# endif /* !ENGINE_DYNAMIC_SUPPORT */
static int cluster_labs_destroy(ENGINE *e)
{
ERR_unload_CL_strings();
return 1;
}
/*
* This is a process-global DSO handle used for loading and unloading the
* Cluster Labs library. NB: This is only set (or unset) during an init() or
* finish() call (reference counts permitting) and they're operating with
* global locks, so this should be thread-safe implicitly.
*/
static DSO *cluster_labs_dso = NULL;
/*
* These are the function pointers that are (un)set when the library has
* successfully (un)loaded.
*/
static cl_engine_init *p_cl_engine_init = NULL;
static cl_mod_exp *p_cl_mod_exp = NULL;
static cl_mod_exp_crt *p_cl_mod_exp_crt = NULL;
static cl_rsa_mod_exp *p_cl_rsa_mod_exp = NULL;
static cl_rsa_priv_enc *p_cl_rsa_priv_enc = NULL;
static cl_rsa_priv_dec *p_cl_rsa_priv_dec = NULL;
static cl_rsa_pub_enc *p_cl_rsa_pub_enc = NULL;
static cl_rsa_pub_dec *p_cl_rsa_pub_dec = NULL;
static cl_rand_bytes *p_cl_rand_bytes = NULL;
static cl_dsa_sign *p_cl_dsa_sign = NULL;
static cl_dsa_verify *p_cl_dsa_verify = NULL;
int cluster_labs_init(ENGINE *e)
{
cl_engine_init *p1;
cl_mod_exp *p2;
cl_mod_exp_crt *p3;
cl_rsa_mod_exp *p4;
cl_rsa_priv_enc *p5;
cl_rsa_priv_dec *p6;
cl_rsa_pub_enc *p7;
cl_rsa_pub_dec *p8;
cl_rand_bytes *p20;
cl_dsa_sign *p30;
cl_dsa_verify *p31;
/* engine already loaded */
if (cluster_labs_dso != NULL) {
CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_ALREADY_LOADED);
goto err;
}
/* try to load engine */
cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL, 0);
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_DSO_FAILURE);
goto err;
}
/* bind functions */
if (!
(p1 =
(cl_engine_init *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F1))
|| !(p2 = (cl_mod_exp *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F2))
|| !(p3 = (cl_mod_exp_crt *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F3))
|| !(p4 = (cl_rsa_mod_exp *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F4))
|| !(p5 =
(cl_rsa_priv_enc *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F5))
|| !(p6 =
(cl_rsa_priv_dec *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F6))
|| !(p7 = (cl_rsa_pub_enc *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F7))
|| !(p8 = (cl_rsa_pub_dec *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F8))
|| !(p20 =
(cl_rand_bytes *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F20))
|| !(p30 = (cl_dsa_sign *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F30))
|| !(p31 =
(cl_dsa_verify *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F31))) {
CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_DSO_FAILURE);
goto err;
}
/* copy function pointers */
p_cl_engine_init = p1;
p_cl_mod_exp = p2;
p_cl_mod_exp_crt = p3;
p_cl_rsa_mod_exp = p4;
p_cl_rsa_priv_enc = p5;
p_cl_rsa_priv_dec = p6;
p_cl_rsa_pub_enc = p7;
p_cl_rsa_pub_dec = p8;
p_cl_rand_bytes = p20;
p_cl_dsa_sign = p30;
p_cl_dsa_verify = p31;
/* cluster labs engine init */
if (p_cl_engine_init() == 0) {
CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_INIT_FAILED);
goto err;
}
return (1);
err:
/* reset all pointers */
if (cluster_labs_dso)
DSO_free(cluster_labs_dso);
cluster_labs_dso = NULL;
p_cl_engine_init = NULL;
p_cl_mod_exp = NULL;
p_cl_mod_exp_crt = NULL;
p_cl_rsa_mod_exp = NULL;
p_cl_rsa_priv_enc = NULL;
p_cl_rsa_priv_dec = NULL;
p_cl_rsa_pub_enc = NULL;
p_cl_rsa_pub_dec = NULL;
p_cl_rand_bytes = NULL;
p_cl_dsa_sign = NULL;
p_cl_dsa_verify = NULL;
return (0);
}
static int cluster_labs_finish(ENGINE *e)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_FINISH, CL_R_NOT_LOADED);
return 0;
}
if (!DSO_free(cluster_labs_dso)) {
CLerr(CL_F_CLUSTER_LABS_FINISH, CL_R_DSO_FAILURE);
return 0;
}
cluster_labs_dso = NULL;
p_cl_engine_init = NULL;
p_cl_mod_exp = NULL;
p_cl_rsa_mod_exp = NULL;
p_cl_mod_exp_crt = NULL;
p_cl_rsa_priv_enc = NULL;
p_cl_rsa_priv_dec = NULL;
p_cl_rsa_pub_enc = NULL;
p_cl_rsa_pub_dec = NULL;
p_cl_rand_bytes = NULL;
p_cl_dsa_sign = NULL;
p_cl_dsa_verify = NULL;
return (1);
}
static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) ())
{
int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);
switch (cmd) {
case CLUSTER_LABS_CMD_SO_PATH:
if (p == NULL) {
CLerr(CL_F_CLUSTER_LABS_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
CLerr(CL_F_CLUSTER_LABS_CTRL, CL_R_ALREADY_LOADED);
return 0;
}
CLUSTER_LABS_LIB_NAME = (const char *)p;
return 1;
default:
break;
}
CLerr(CL_F_CLUSTER_LABS_CTRL, CL_R_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_MOD_EXP, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_mod_exp == NULL) {
CLerr(CL_F_CLUSTER_LABS_MOD_EXP, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_mod_exp(r, a, p, m, ctx);
}
static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_mod_exp_crt == NULL) {
CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_mod_exp_crt(r, a, p, q, dmp1, dmq1, iqmp, ctx);
}
static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_rsa_mod_exp == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rsa_mod_exp(r0, I, rsa);
}
static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen,
DSA *dsa)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_DSA_SIGN, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_dsa_sign == NULL) {
CLerr(CL_F_CLUSTER_LABS_DSA_SIGN, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_dsa_sign(dgst, dlen, dsa);
}
static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_dsa_verify == NULL) {
CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);
}
static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont)
{
BIGNUM t;
int status = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!cluster_labs_mod_exp(rr, a1, p1, m, ctx))
goto end;
/* let t = a2 ^ p2 mod m */
if (!cluster_labs_mod_exp(&t, a2, p2, m, ctx))
goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr, rr, &t, m, ctx))
goto end;
status = 1;
end:
BN_free(&t);
return (1);
}
static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return cluster_labs_mod_exp(r, a, p, m, ctx);
}
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return cluster_labs_mod_exp(r, a, p, m, ctx);
}
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return cluster_labs_mod_exp(r, a, p, m, ctx);
}
static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_rsa_priv_enc == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rsa_pub_enc(flen, from, to, rsa, padding);
}
static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_rsa_priv_enc == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rsa_pub_dec(flen, from, to, rsa, padding);
}
static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_rsa_priv_enc == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rsa_priv_enc(flen, from, to, rsa, padding);
}
static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_rsa_priv_dec == NULL) {
CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rsa_priv_dec(flen, from, to, rsa, padding);
}
/************************************************************************************
* Symmetric algorithms
************************************************************************************/
/* this will be come soon! */
/************************************************************************************
* Random generator
************************************************************************************/
static int cluster_labs_rand_bytes(unsigned char *buf, int num)
{
if (cluster_labs_dso == NULL) {
CLerr(CL_F_CLUSTER_LABS_RAND_BYTES, CL_R_NOT_LOADED);
return 0;
}
if (p_cl_mod_exp_crt == NULL) {
CLerr(CL_F_CLUSTER_LABS_RAND_BYTES, CL_R_FUNCTION_NOT_BINDED);
return 0;
}
return p_cl_rand_bytes(buf, num);
}
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_fn(ENGINE *e, const char *id)
{
fprintf(stderr, "bind_fn CLUSTER_LABS\n");
if (id && (strcmp(id, engine_cluster_labs_id) != 0)) {
fprintf(stderr, "bind_fn return(0) first\n");
return 0;
}
if (!bind_helper(e)) {
fprintf(stderr, "bind_fn return(1) first\n");
return 0;
}
fprintf(stderr, "bind_fn return(1)\n");
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* ENGINE_DYNAMIC_SUPPORT */
# endif /* !NO_HW_CLUSTER_LABS */
#endif /* !NO_HW */

8
openssl-1.0.2f/demos/engines/cluster_labs/hw_cluster_labs.ec Normal file
View File

@@ -0,0 +1,8 @@
# configuration file for util/mkerr.pl
#
# use like this:
#
# perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
# -nostatic -staticloader -write *.c
L CL hw_cluster_labs_err.h hw_cluster_labs_err.c

152
openssl-1.0.2f/demos/engines/cluster_labs/hw_cluster_labs_err.c Normal file
View File

@@ -0,0 +1,152 @@
/* hw_cluster_labs_err.c */
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "hw_cluster_labs_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA CL_str_functs[] = {
{ERR_PACK(0, CL_F_CLUSTER_LABS_CTRL, 0), "CLUSTER_LABS_CTRL"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_DSA_SIGN, 0), "CLUSTER_LABS_DSA_SIGN"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_DSA_VERIFY, 0), "CLUSTER_LABS_DSA_VERIFY"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_FINISH, 0), "CLUSTER_LABS_FINISH"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_INIT, 0), "CLUSTER_LABS_INIT"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_MOD_EXP, 0), "CLUSTER_LABS_MOD_EXP"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_MOD_EXP_CRT, 0),
"CLUSTER_LABS_MOD_EXP_CRT"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RAND_BYTES, 0), "CLUSTER_LABS_RAND_BYTES"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_MOD_EXP, 0),
"CLUSTER_LABS_RSA_MOD_EXP"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PRIV_DEC, 0),
"CLUSTER_LABS_RSA_PRIV_DEC"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PRIV_ENC, 0),
"CLUSTER_LABS_RSA_PRIV_ENC"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PUB_DEC, 0),
"CLUSTER_LABS_RSA_PUB_DEC"},
{ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PUB_ENC, 0),
"CLUSTER_LABS_RSA_PUB_ENC"},
{0, NULL}
};
static ERR_STRING_DATA CL_str_reasons[] = {
{CL_R_ALREADY_LOADED, "already loaded"},
{CL_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
{CL_R_DSO_FAILURE, "dso failure"},
{CL_R_FUNCTION_NOT_BINDED, "function not binded"},
{CL_R_INIT_FAILED, "init failed"},
{CL_R_NOT_LOADED, "not loaded"},
{0, NULL}
};
#endif
#ifdef CL_LIB_NAME
static ERR_STRING_DATA CL_lib_name[] = {
{0, CL_LIB_NAME},
{0, NULL}
};
#endif
static int CL_lib_error_code = 0;
static int CL_error_init = 1;
static void ERR_load_CL_strings(void)
{
if (CL_lib_error_code == 0)
CL_lib_error_code = ERR_get_next_error_library();
if (CL_error_init) {
CL_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(CL_lib_error_code, CL_str_functs);
ERR_load_strings(CL_lib_error_code, CL_str_reasons);
#endif
#ifdef CL_LIB_NAME
CL_lib_name->error = ERR_PACK(CL_lib_error_code, 0, 0);
ERR_load_strings(0, CL_lib_name);
#endif
}
}
static void ERR_unload_CL_strings(void)
{
if (CL_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(CL_lib_error_code, CL_str_functs);
ERR_unload_strings(CL_lib_error_code, CL_str_reasons);
#endif
#ifdef CL_LIB_NAME
ERR_unload_strings(0, CL_lib_name);
#endif
CL_error_init = 1;
}
}
static void ERR_CL_error(int function, int reason, char *file, int line)
{
if (CL_lib_error_code == 0)
CL_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(CL_lib_error_code, function, reason, file, line);
}

100
openssl-1.0.2f/demos/engines/cluster_labs/hw_cluster_labs_err.h Normal file
View File

@@ -0,0 +1,100 @@
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_CL_ERR_H
# define HEADER_CL_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_CL_strings(void);
static void ERR_unload_CL_strings(void);
static void ERR_CL_error(int function, int reason, char *file, int line);
# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
/* Error codes for the CL functions. */
/* Function codes. */
# define CL_F_CLUSTER_LABS_CTRL 100
# define CL_F_CLUSTER_LABS_DSA_SIGN 101
# define CL_F_CLUSTER_LABS_DSA_VERIFY 102
# define CL_F_CLUSTER_LABS_FINISH 103
# define CL_F_CLUSTER_LABS_INIT 104
# define CL_F_CLUSTER_LABS_MOD_EXP 105
# define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106
# define CL_F_CLUSTER_LABS_RAND_BYTES 107
# define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108
# define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109
# define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110
# define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111
# define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112
/* Reason codes. */
# define CL_R_ALREADY_LOADED 100
# define CL_R_COMMAND_NOT_IMPLEMENTED 101
# define CL_R_DSO_FAILURE 102
# define CL_R_FUNCTION_NOT_BINDED 103
# define CL_R_INIT_FAILED 104
# define CL_R_NOT_LOADED 105
#ifdef __cplusplus
}
#endif
#endif

114
openssl-1.0.2f/demos/engines/ibmca/Makefile Normal file
View File

@@ -0,0 +1,114 @@
LIBNAME= libibmca
SRC= hw_ibmca.c
OBJ= hw_ibmca.o
HEADER= hw_ibmca.h
CC= gcc
PIC= -fPIC
CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
AR= ar r
RANLIB= ranlib
LIB= $(LIBNAME).a
SHLIB= $(LIBNAME).so
all:
@echo 'Please choose a system to build on:'
@echo ''
@echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
@echo 'solaris: Solaris'
@echo 'irix: IRIX'
@echo 'hpux32: 32-bit HP/UX'
@echo 'hpux64: 64-bit HP/UX'
@echo 'aix: AIX'
@echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
@echo ''
FORCE.update:
update: FORCE.update
perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
-nostatic -staticloader -write hw_ibmca.c
gnu: $(SHLIB).gnu
tru64: $(SHLIB).tru64
solaris: $(SHLIB).solaris
irix: $(SHLIB).irix
hpux32: $(SHLIB).hpux32
hpux64: $(SHLIB).hpux64
aix: $(SHLIB).aix
$(LIB): $(OBJ)
$(AR) $(LIB) $(OBJ)
- $(RANLIB) $(LIB)
LINK_SO= \
ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
(nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
$$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
$(SHLIB).gnu: $(LIB)
ALLSYMSFLAGS='--whole-archive' \
SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).gnu
$(SHLIB).tru64: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).tru64
$(SHLIB).solaris: $(LIB)
ALLSYMSFLAGS='-z allextract' \
SHAREDFLAGS='-G -h $(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).solaris
$(SHLIB).irix: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).irix
$(SHLIB).hpux32: $(LIB)
ALLSYMSFLAGS='-Fl' \
SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux32
$(SHLIB).hpux64: $(LIB)
ALLSYMSFLAGS='+forceload' \
SHAREDFLAGS='-b -z +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux64
$(SHLIB).aix: $(LIB)
ALLSYMSFLAGS='-bnogc' \
SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).aix
depend:
sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp Makefile
mv Makefile.new Makefile
# DO NOT DELETE THIS LINE -- make depend depends on it.
rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
rsaref.o: ../../../include/openssl/opensslconf.h
rsaref.o: ../../../include/openssl/opensslv.h
rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
rsaref.o: source/rsaref.h

900
openssl-1.0.2f/demos/engines/ibmca/hw_ibmca.c Normal file
View File

@@ -0,0 +1,900 @@
/* crypto/engine/hw_ibmca.c */
/*
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
* 2000.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* (C) COPYRIGHT International Business Machines Corp. 2001 */
#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_HW_IBMCA
# ifdef FLAT_INC
# include "ica_openssl_api.h"
# else
# include "vendor_defns/ica_openssl_api.h"
# endif
# define IBMCA_LIB_NAME "ibmca engine"
# include "hw_ibmca_err.c"
static int ibmca_destroy(ENGINE *e);
static int ibmca_init(ENGINE *e);
static int ibmca_finish(ENGINE *e);
static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
static const char *IBMCA_F1 = "icaOpenAdapter";
static const char *IBMCA_F2 = "icaCloseAdapter";
static const char *IBMCA_F3 = "icaRsaModExpo";
static const char *IBMCA_F4 = "icaRandomNumberGenerate";
static const char *IBMCA_F5 = "icaRsaCrt";
ICA_ADAPTER_HANDLE handle = 0;
/* BIGNUM stuff */
static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx);
# ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
# endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# ifndef OPENSSL_NO_DSA
/* DSA stuff */
static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont);
static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
# endif
# ifndef OPENSSL_NO_DH
/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
# endif
/* RAND stuff */
static int ibmca_rand_bytes(unsigned char *buf, int num);
static int ibmca_rand_status(void);
/* WJH - check for more commands, like in nuron */
/* The definitions for control commands specific to this engine */
# define IBMCA_CMD_SO_PATH ENGINE_CMD_BASE
static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {
{IBMCA_CMD_SO_PATH,
"SO_PATH",
"Specifies the path to the 'atasi' shared library",
ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
# ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD ibmca_rsa = {
"Ibmca RSA method",
NULL,
NULL,
NULL,
NULL,
ibmca_rsa_mod_exp,
ibmca_mod_exp_mont,
NULL,
NULL,
0,
NULL,
NULL,
NULL
};
# endif
# ifndef OPENSSL_NO_DSA
/* Our internal DSA_METHOD that we provide pointers to */
static DSA_METHOD ibmca_dsa = {
"Ibmca DSA method",
NULL, /* dsa_do_sign */
NULL, /* dsa_sign_setup */
NULL, /* dsa_do_verify */
ibmca_dsa_mod_exp, /* dsa_mod_exp */
ibmca_mod_exp_dsa, /* bn_mod_exp */
NULL, /* init */
NULL, /* finish */
0, /* flags */
NULL /* app_data */
};
# endif
# ifndef OPENSSL_NO_DH
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD ibmca_dh = {
"Ibmca DH method",
NULL,
NULL,
ibmca_mod_exp_dh,
NULL,
NULL,
0,
NULL
};
# endif
static RAND_METHOD ibmca_rand = {
/* "IBMCA RAND method", */
NULL,
ibmca_rand_bytes,
NULL,
NULL,
ibmca_rand_bytes,
ibmca_rand_status,
};
/* Constants used when creating the ENGINE */
static const char *engine_ibmca_id = "ibmca";
static const char *engine_ibmca_name = "Ibmca hardware engine support";
/*
* This internal function is used by ENGINE_ibmca() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
# endif
if (!ENGINE_set_id(e, engine_ibmca_id) ||
!ENGINE_set_name(e, engine_ibmca_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &ibmca_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &ibmca_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &ibmca_dh) ||
# endif
!ENGINE_set_RAND(e, &ibmca_rand) ||
!ENGINE_set_destroy_function(e, ibmca_destroy) ||
!ENGINE_set_init_function(e, ibmca_init) ||
!ENGINE_set_finish_function(e, ibmca_finish) ||
!ENGINE_set_ctrl_function(e, ibmca_ctrl) ||
!ENGINE_set_cmd_defns(e, ibmca_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* ibmca-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
# endif
# ifndef OPENSSL_NO_DSA
/*
* Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
*/
meth2 = DSA_OpenSSL();
ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;
ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
ibmca_dh.generate_key = meth3->generate_key;
ibmca_dh.compute_key = meth3->compute_key;
# endif
/* Ensure the ibmca error handling is set up */
ERR_load_IBMCA_strings();
return 1;
}
static ENGINE *engine_ibmca(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
# ifdef ENGINE_DYNAMIC_SUPPORT
static
# endif
void ENGINE_load_ibmca(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_ibmca();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
/* Destructor (complements the "ENGINE_ibmca()" constructor) */
static int ibmca_destroy(ENGINE *e)
{
/*
* Unload the ibmca error strings so any error state including our functs
* or reasons won't lead to a segfault (they simply get displayed without
* corresponding string data because none will be found).
*/
ERR_unload_IBMCA_strings();
return 1;
}
/*
* This is a process-global DSO handle used for loading and unloading the
* Ibmca library. NB: This is only set (or unset) during an init() or
* finish() call (reference counts permitting) and they're operating with
* global locks, so this should be thread-safe implicitly.
*/
static DSO *ibmca_dso = NULL;
/*
* These are the function pointers that are (un)set when the library has
* successfully (un)loaded.
*/
static unsigned int (ICA_CALL * p_icaOpenAdapter) ();
static unsigned int (ICA_CALL * p_icaCloseAdapter) ();
static unsigned int (ICA_CALL * p_icaRsaModExpo) ();
static unsigned int (ICA_CALL * p_icaRandomNumberGenerate) ();
static unsigned int (ICA_CALL * p_icaRsaCrt) ();
/* utility function to obtain a context */
static int get_context(ICA_ADAPTER_HANDLE * p_handle)
{
unsigned int status = 0;
status = p_icaOpenAdapter(0, p_handle);
if (status != 0)
return 0;
return 1;
}
/* similarly to release one. */
static void release_context(ICA_ADAPTER_HANDLE handle)
{
p_icaCloseAdapter(handle);
}
/* (de)initialisation functions. */
static int ibmca_init(ENGINE *e)
{
void (*p1) ();
void (*p2) ();
void (*p3) ();
void (*p4) ();
void (*p5) ();
if (ibmca_dso != NULL) {
IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_ALREADY_LOADED);
goto err;
}
/*
* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be changed
* unfortunately because the Ibmca drivers don't have standard library
* names that can be platform-translated well.
*/
/*
* TODO: Work out how to actually map to the names the Ibmca drivers
* really use - for now a symbollic link needs to be created on the host
* system from libatasi.so to atasi.so on unix variants.
*/
/* WJH XXX check name translation */
ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,
/*
* DSO_FLAG_NAME_TRANSLATION
*/ 0);
if (ibmca_dso == NULL) {
IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE);
goto err;
}
if (!(p1 = DSO_bind_func(ibmca_dso, IBMCA_F1)) ||
!(p2 = DSO_bind_func(ibmca_dso, IBMCA_F2)) ||
!(p3 = DSO_bind_func(ibmca_dso, IBMCA_F3)) ||
!(p4 = DSO_bind_func(ibmca_dso, IBMCA_F4)) ||
!(p5 = DSO_bind_func(ibmca_dso, IBMCA_F5))) {
IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE);
goto err;
}
/* Copy the pointers */
p_icaOpenAdapter = (unsigned int (ICA_CALL *) ())p1;
p_icaCloseAdapter = (unsigned int (ICA_CALL *) ())p2;
p_icaRsaModExpo = (unsigned int (ICA_CALL *) ())p3;
p_icaRandomNumberGenerate = (unsigned int (ICA_CALL *) ())p4;
p_icaRsaCrt = (unsigned int (ICA_CALL *) ())p5;
if (!get_context(&handle)) {
IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_UNIT_FAILURE);
goto err;
}
return 1;
err:
if (ibmca_dso)
DSO_free(ibmca_dso);
p_icaOpenAdapter = NULL;
p_icaCloseAdapter = NULL;
p_icaRsaModExpo = NULL;
p_icaRandomNumberGenerate = NULL;
return 0;
}
static int ibmca_finish(ENGINE *e)
{
if (ibmca_dso == NULL) {
IBMCAerr(IBMCA_F_IBMCA_FINISH, IBMCA_R_NOT_LOADED);
return 0;
}
release_context(handle);
if (!DSO_free(ibmca_dso)) {
IBMCAerr(IBMCA_F_IBMCA_FINISH, IBMCA_R_DSO_FAILURE);
return 0;
}
ibmca_dso = NULL;
return 1;
}
static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ())
{
int initialised = ((ibmca_dso == NULL) ? 0 : 1);
switch (cmd) {
case IBMCA_CMD_SO_PATH:
if (p == NULL) {
IBMCAerr(IBMCA_F_IBMCA_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (initialised) {
IBMCAerr(IBMCA_F_IBMCA_CTRL, IBMCA_R_ALREADY_LOADED);
return 0;
}
IBMCA_LIBNAME = (const char *)p;
return 1;
default:
break;
}
IBMCAerr(IBMCA_F_IBMCA_CTRL, IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
return 0;
}
static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
/*
* I need somewhere to store temporary serialised values for use with the
* Ibmca API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX but
* access their arrays directly as byte arrays <grin>. This way I don't
* have to clean anything up.
*/
BIGNUM *argument = NULL;
BIGNUM *result = NULL;
BIGNUM *key = NULL;
int to_return;
int inLen, outLen, tmpLen;
ICA_KEY_RSA_MODEXPO *publKey = NULL;
unsigned int rc;
to_return = 0; /* expect failure */
if (!ibmca_dso) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_NOT_LOADED);
goto err;
}
/* Prepare the params */
BN_CTX_start(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
key = BN_CTX_get(ctx);
if (!argument || !result || !key) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_BN_CTX_FULL);
goto err;
}
if (!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||
!bn_wexpand(key, sizeof(*publKey) / BN_BYTES)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_BN_EXPAND_FAIL);
goto err;
}
publKey = (ICA_KEY_RSA_MODEXPO *)key->d;
if (publKey == NULL) {
goto err;
}
memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));
publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
publKey->expOffset = (char *)publKey->keyRecord - (char *)publKey;
/*
* A quirk of the card: the exponent length has to be the same as the
* modulus (key) length
*/
outLen = BN_num_bytes(m);
/* check for modulus length SAB*/
if (outLen > 256) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_MEXP_LENGTH_TO_LARGE);
goto err;
}
/* check for modulus length SAB*/
publKey->expLength = publKey->nLength = outLen;
/*
* SAB Check for underflow condition the size of the exponent is less
* than the size of the parameter then we have a big problem and will
* underflow the keyRecord buffer. Bad stuff could happen then
*/
if (outLen < BN_num_bytes(p)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_UNDERFLOW_KEYRECORD);
goto err;
}
/* SAB End check for underflow */
BN_bn2bin(p, &publKey->keyRecord[publKey->expLength - BN_num_bytes(p)]);
BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);
publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);
publKey->nOffset = CORRECT_ENDIANNESS(publKey->expOffset +
publKey->expLength);
publKey->expOffset = CORRECT_ENDIANNESS((char *)publKey->keyRecord -
(char *)publKey);
tmpLen = outLen;
publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);
/* Prepare the argument */
memset(argument->d, 0, outLen);
BN_bn2bin(a, (unsigned char *)argument->d + outLen - BN_num_bytes(a));
inLen = outLen;
/* Perform the operation */
if ((rc = p_icaRsaModExpo(handle, inLen, (unsigned char *)argument->d,
publKey, &outLen, (unsigned char *)result->d))
!= 0) {
printf("rc = %d\n", rc);
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_REQUEST_FAILED);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, outLen, r);
to_return = 1;
err:
BN_CTX_end(ctx);
return to_return;
}
# ifndef OPENSSL_NO_RSA
static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
int to_return = 0;
if ((ctx = BN_CTX_new()) == NULL)
goto err;
if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
if (!rsa->d || !rsa->n) {
IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,
IBMCA_R_MISSING_KEY_COMPONENTS);
goto err;
}
to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);
} else {
to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
rsa->dmq1, rsa->iqmp, ctx);
}
err:
if (ctx)
BN_CTX_free(ctx);
return to_return;
}
# endif
/* Ein kleines chinesisches "Restessen" */
static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp,
BN_CTX *ctx)
{
BIGNUM *argument = NULL;
BIGNUM *result = NULL;
BIGNUM *key = NULL;
int to_return = 0; /* expect failure */
char *pkey = NULL;
ICA_KEY_RSA_CRT *privKey = NULL;
int inLen, outLen;
int rc;
unsigned int offset, pSize, qSize;
/* SAB New variables */
unsigned int keyRecordSize;
unsigned int pbytes = BN_num_bytes(p);
unsigned int qbytes = BN_num_bytes(q);
unsigned int dmp1bytes = BN_num_bytes(dmp1);
unsigned int dmq1bytes = BN_num_bytes(dmq1);
unsigned int iqmpbytes = BN_num_bytes(iqmp);
/* Prepare the params */
BN_CTX_start(ctx);
argument = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
key = BN_CTX_get(ctx);
if (!argument || !result || !key) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_BN_CTX_FULL);
goto err;
}
if (!bn_wexpand(argument, p->top + q->top) ||
!bn_wexpand(result, p->top + q->top) ||
!bn_wexpand(key, sizeof(*privKey) / BN_BYTES)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_BN_EXPAND_FAIL);
goto err;
}
privKey = (ICA_KEY_RSA_CRT *)key->d;
/*
* SAB Add check for total size in bytes of the parms does not exceed the
* buffer space we have do this first
*/
keyRecordSize = pbytes + qbytes + dmp1bytes + dmq1bytes + iqmpbytes;
if (keyRecordSize > sizeof(privKey->keyRecord)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
goto err;
}
if ((qbytes + dmq1bytes) > 256) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
goto err;
}
if (pbytes + dmp1bytes > 256) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
goto err;
}
/* end SAB additions */
memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));
privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
privKey->modulusBitLength = CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);
/*
* p,dp & qInv are 1 QWORD Larger
*/
privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p) + 8);
privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));
privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1) + 8);
privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));
privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp) + 8);
offset = (char *)privKey->keyRecord - (char *)privKey;
qSize = BN_num_bytes(q);
pSize = qSize + 8; /* 1 QWORD larger */
/*
* SAB probably aittle redundant, but we'll verify that each of the
* components which make up a key record sent ot the card does not exceed
* the space that is allocated for it. this handles the case where even
* if the total length does not exceed keyrecord zied, if the operands are
* funny sized they could cause potential side affects on either the card
* or the result
*/
if ((pbytes > pSize) || (dmp1bytes > pSize) ||
(iqmpbytes > pSize) || (qbytes > qSize) || (dmq1bytes > qSize)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
goto err;
}
privKey->dpOffset = CORRECT_ENDIANNESS(offset);
offset += pSize;
privKey->dqOffset = CORRECT_ENDIANNESS(offset);
offset += qSize;
privKey->pOffset = CORRECT_ENDIANNESS(offset);
offset += pSize;
privKey->qOffset = CORRECT_ENDIANNESS(offset);
offset += qSize;
privKey->qInvOffset = CORRECT_ENDIANNESS(offset);
pkey = (char *)privKey->keyRecord;
/* SAB first check that we don;t under flow the buffer */
if (pSize < pbytes) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
goto err;
}
/* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */
pkey += pSize - BN_num_bytes(dmp1);
BN_bn2bin(dmp1, pkey);
pkey += BN_num_bytes(dmp1); /* move the pointer */
BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */
pkey += qSize; /* move pointer */
/* set up for zero padding of next field */
pkey += pSize - BN_num_bytes(p);
BN_bn2bin(p, pkey);
/* increment pointer by number of bytes moved */
pkey += BN_num_bytes(p);
BN_bn2bin(q, pkey);
pkey += qSize; /* move the pointer */
pkey += pSize - BN_num_bytes(iqmp); /* Adjust for padding */
BN_bn2bin(iqmp, pkey);
/* Prepare the argument and response */
/*
* Correct endianess is used because the fields were converted above
*/
outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2;
if (outLen > 256) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OUTLEN_TO_LARGE);
goto err;
}
/* SAB check for underflow here on the argeument */
if (outLen < BN_num_bytes(a)) {
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
goto err;
}
BN_bn2bin(a, (unsigned char *)argument->d + outLen - BN_num_bytes(a));
inLen = outLen;
memset(result->d, 0, outLen);
/* Perform the operation */
if ((rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,
privKey, &outLen, (unsigned char *)result->d)) != 0)
{
printf("rc = %d\n", rc);
IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_REQUEST_FAILED);
goto err;
}
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, outLen, r);
to_return = 1;
err:
BN_CTX_end(ctx);
return to_return;
}
# ifndef OPENSSL_NO_DSA
/*
* This code was liberated and adapted from the commented-out code in
* dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration (it
* doesn't have a CRT form for RSA), this function means that an Ibmca system
* running with a DSA server certificate can handshake around 5 or 6 times
* faster/more than an equivalent system running with RSA. Just check out the
* "signs" statistics from the RSA and DSA parts of "openssl speed -engine
* ibmca dsa1024 rsa1024".
*/
static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
BIGNUM t;
int to_return = 0;
BN_init(&t);
/* let rr = a1 ^ p1 mod m */
if (!ibmca_mod_exp(rr, a1, p1, m, ctx))
goto end;
/* let t = a2 ^ p2 mod m */
if (!ibmca_mod_exp(&t, a2, p2, m, ctx))
goto end;
/* let rr = rr * t mod m */
if (!BN_mod_mul(rr, rr, &t, m, ctx))
goto end;
to_return = 1;
end:
BN_free(&t);
return to_return;
}
static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return ibmca_mod_exp(r, a, p, m, ctx);
}
# endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
return ibmca_mod_exp(r, a, p, m, ctx);
}
# ifndef OPENSSL_NO_DH
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r,
const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
return ibmca_mod_exp(r, a, p, m, ctx);
}
# endif
/* Random bytes are good */
static int ibmca_rand_bytes(unsigned char *buf, int num)
{
int to_return = 0; /* assume failure */
unsigned int ret;
if (handle == 0) {
IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES, IBMCA_R_NOT_INITIALISED);
goto err;
}
ret = p_icaRandomNumberGenerate(handle, num, buf);
if (ret < 0) {
IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES, IBMCA_R_REQUEST_FAILED);
goto err;
}
to_return = 1;
err:
return to_return;
}
static int ibmca_rand_status(void)
{
return 1;
}
/*
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
# ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_ibmca_id) != 0)) /* WJH XXX */
return 0;
if (!bind_helper(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
# endif /* ENGINE_DYNAMIC_SUPPORT */
# endif /* !OPENSSL_NO_HW_IBMCA */
#endif /* !OPENSSL_NO_HW */

8
openssl-1.0.2f/demos/engines/ibmca/hw_ibmca.ec Normal file
View File

@@ -0,0 +1,8 @@
# configuration file for util/mkerr.pl
#
# use like this:
#
# perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
# -nostatic -staticloader -write *.c
L IBMCA hw_ibmca_err.h hw_ibmca_err.c

149
openssl-1.0.2f/demos/engines/ibmca/hw_ibmca_err.c Normal file
View File

@@ -0,0 +1,149 @@
/* hw_ibmca_err.c */
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "hw_ibmca_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA IBMCA_str_functs[] = {
{ERR_PACK(0, IBMCA_F_IBMCA_CTRL, 0), "IBMCA_CTRL"},
{ERR_PACK(0, IBMCA_F_IBMCA_FINISH, 0), "IBMCA_FINISH"},
{ERR_PACK(0, IBMCA_F_IBMCA_INIT, 0), "IBMCA_INIT"},
{ERR_PACK(0, IBMCA_F_IBMCA_MOD_EXP, 0), "IBMCA_MOD_EXP"},
{ERR_PACK(0, IBMCA_F_IBMCA_MOD_EXP_CRT, 0), "IBMCA_MOD_EXP_CRT"},
{ERR_PACK(0, IBMCA_F_IBMCA_RAND_BYTES, 0), "IBMCA_RAND_BYTES"},
{ERR_PACK(0, IBMCA_F_IBMCA_RSA_MOD_EXP, 0), "IBMCA_RSA_MOD_EXP"},
{0, NULL}
};
static ERR_STRING_DATA IBMCA_str_reasons[] = {
{IBMCA_R_ALREADY_LOADED, "already loaded"},
{IBMCA_R_BN_CTX_FULL, "bn ctx full"},
{IBMCA_R_BN_EXPAND_FAIL, "bn expand fail"},
{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctrl command not implemented"},
{IBMCA_R_DSO_FAILURE, "dso failure"},
{IBMCA_R_MEXP_LENGTH_TO_LARGE, "mexp length to large"},
{IBMCA_R_MISSING_KEY_COMPONENTS, "missing key components"},
{IBMCA_R_NOT_INITIALISED, "not initialised"},
{IBMCA_R_NOT_LOADED, "not loaded"},
{IBMCA_R_OPERANDS_TO_LARGE, "operands to large"},
{IBMCA_R_OUTLEN_TO_LARGE, "outlen to large"},
{IBMCA_R_REQUEST_FAILED, "request failed"},
{IBMCA_R_UNDERFLOW_CONDITION, "underflow condition"},
{IBMCA_R_UNDERFLOW_KEYRECORD, "underflow keyrecord"},
{IBMCA_R_UNIT_FAILURE, "unit failure"},
{0, NULL}
};
#endif
#ifdef IBMCA_LIB_NAME
static ERR_STRING_DATA IBMCA_lib_name[] = {
{0, IBMCA_LIB_NAME},
{0, NULL}
};
#endif
static int IBMCA_lib_error_code = 0;
static int IBMCA_error_init = 1;
static void ERR_load_IBMCA_strings(void)
{
if (IBMCA_lib_error_code == 0)
IBMCA_lib_error_code = ERR_get_next_error_library();
if (IBMCA_error_init) {
IBMCA_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(IBMCA_lib_error_code, IBMCA_str_functs);
ERR_load_strings(IBMCA_lib_error_code, IBMCA_str_reasons);
#endif
#ifdef IBMCA_LIB_NAME
IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code, 0, 0);
ERR_load_strings(0, IBMCA_lib_name);
#endif
}
}
static void ERR_unload_IBMCA_strings(void)
{
if (IBMCA_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(IBMCA_lib_error_code, IBMCA_str_functs);
ERR_unload_strings(IBMCA_lib_error_code, IBMCA_str_reasons);
#endif
#ifdef IBMCA_LIB_NAME
ERR_unload_strings(0, IBMCA_lib_name);
#endif
IBMCA_error_init = 1;
}
}
static void ERR_IBMCA_error(int function, int reason, char *file, int line)
{
if (IBMCA_lib_error_code == 0)
IBMCA_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(IBMCA_lib_error_code, function, reason, file, line);
}

103
openssl-1.0.2f/demos/engines/ibmca/hw_ibmca_err.h Normal file
View File

@@ -0,0 +1,103 @@
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_IBMCA_ERR_H
# define HEADER_IBMCA_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_IBMCA_strings(void);
static void ERR_unload_IBMCA_strings(void);
static void ERR_IBMCA_error(int function, int reason, char *file, int line);
# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
/* Error codes for the IBMCA functions. */
/* Function codes. */
# define IBMCA_F_IBMCA_CTRL 100
# define IBMCA_F_IBMCA_FINISH 101
# define IBMCA_F_IBMCA_INIT 102
# define IBMCA_F_IBMCA_MOD_EXP 103
# define IBMCA_F_IBMCA_MOD_EXP_CRT 104
# define IBMCA_F_IBMCA_RAND_BYTES 105
# define IBMCA_F_IBMCA_RSA_MOD_EXP 106
/* Reason codes. */
# define IBMCA_R_ALREADY_LOADED 100
# define IBMCA_R_BN_CTX_FULL 101
# define IBMCA_R_BN_EXPAND_FAIL 102
# define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
# define IBMCA_R_DSO_FAILURE 104
# define IBMCA_R_MEXP_LENGTH_TO_LARGE 105
# define IBMCA_R_MISSING_KEY_COMPONENTS 106
# define IBMCA_R_NOT_INITIALISED 107
# define IBMCA_R_NOT_LOADED 108
# define IBMCA_R_OPERANDS_TO_LARGE 109
# define IBMCA_R_OUTLEN_TO_LARGE 110
# define IBMCA_R_REQUEST_FAILED 111
# define IBMCA_R_UNDERFLOW_CONDITION 112
# define IBMCA_R_UNDERFLOW_KEYRECORD 113
# define IBMCA_R_UNIT_FAILURE 114
#ifdef __cplusplus
}
#endif
#endif

183
openssl-1.0.2f/demos/engines/ibmca/ica_openssl_api.h Normal file
View File

@@ -0,0 +1,183 @@
#ifndef __ICA_OPENSSL_API_H__
# define __ICA_OPENSSL_API_H__
/**
** abstract data types for API
**/
# define ICA_ADAPTER_HANDLE int
# if defined(linux) || defined (_AIX)
# define ICA_CALL
# endif
# if defined(WIN32) || defined(_WIN32)
# define ICA_CALL __stdcall
# endif
/* -----------------------------------------------*
| RSA defines and typedefs |
*------------------------------------------------*/
/*
* All data elements of the RSA key are in big-endian format
* Modulus-Exponent form of key
*
*/
# define MAX_EXP_SIZE 256
# define MAX_MODULUS_SIZE 256
# define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
# define MAX_OPERAND_SIZE MAX_EXP_SIZE
typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
/*
* All data elements of the RSA key are in big-endian format
* Chinese Remainder Thereom(CRT) form of key
* Used only for Decrypt, the encrypt form is typically Modulus-Exponent
*
*/
# define MAX_BP_SIZE 136
# define MAX_BQ_SIZE 128
# define MAX_NP_SIZE 136
# define MAX_NQ_SIZE 128
# define MAX_QINV_SIZE 136
# define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
# define RSA_GEN_OPERAND_MAX 256/* bytes */
typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
/* -----------------------------------------------*
| RSA key token types |
*------------------------------------------------*/
# define RSA_PUBLIC_MODULUS_EXPONENT 3
# define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
# define KEYTYPE_MODEXPO 1
# define KEYTYPE_PKCSCRT 2
/* -----------------------------------------------*
| RSA Key Token format |
*------------------------------------------------*/
/*-
* NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
*/
typedef struct _ICA_KEY_RSA_MODEXPO {
unsigned int keyType; /* RSA key type. */
unsigned int keyLength; /* Total length of the token. */
unsigned int modulusBitLength; /* Modulus n bit length. */
/* -- Start of the data length. */
unsigned int nLength; /* Modulus n = p * q */
unsigned int expLength; /* exponent (public or private) */
/* e = 1/d * mod(p-1)(q-1) */
/* -- Start of the data offsets */
unsigned int nOffset; /* Modulus n . */
unsigned int expOffset; /* exponent (public or private) */
unsigned char reserved[112]; /* reserved area */
/* -- Start of the variable -- */
/* -- length token data. -- */
ICA_KEY_RSA_MODEXPO_REC keyRecord;
} ICA_KEY_RSA_MODEXPO;
# define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
/*-
* NOTE: All the fields in the ICA_KEY_RSA_CRT structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
*/
typedef struct _ICA_KEY_RSA_CRT {
unsigned int keyType; /* RSA key type. */
unsigned int keyLength; /* Total length of the token. */
unsigned int modulusBitLength; /* Modulus n bit length. */
/* -- Start of the data length. */
# if _AIX
unsigned int nLength; /* Modulus n = p * q */
# endif
unsigned int pLength; /* Prime number p . */
unsigned int qLength; /* Prime number q . */
unsigned int dpLength; /* dp = d * mod(p-1) . */
unsigned int dqLength; /* dq = d * mod(q-1) . */
unsigned int qInvLength; /* PKCS: qInv = Ap/q */
/* -- Start of the data offsets */
# if _AIX
unsigned int nOffset; /* Modulus n . */
# endif
unsigned int pOffset; /* Prime number p . */
unsigned int qOffset; /* Prime number q . */
unsigned int dpOffset; /* dp . */
unsigned int dqOffset; /* dq . */
unsigned int qInvOffset; /* qInv for PKCS */
# if _AIX
unsigned char reserved[80]; /* reserved area */
# else
unsigned char reserved[88]; /* reserved area */
# endif
/* -- Start of the variable -- */
/* -- length token data. -- */
ICA_KEY_RSA_CRT_REC keyRecord;
} ICA_KEY_RSA_CRT;
# define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
unsigned int
icaOpenAdapter(unsigned int adapterId, ICA_ADAPTER_HANDLE * pAdapterHandle);
unsigned int icaCloseAdapter(ICA_ADAPTER_HANDLE adapterHandle);
unsigned int
icaRsaModExpo(ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int inputDataLength,
unsigned char *pInputData,
ICA_KEY_RSA_MODEXPO *pKeyModExpo,
unsigned int *pOutputDataLength, unsigned char *pOutputData);
unsigned int
icaRsaCrt(ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int inputDataLength,
unsigned char *pInputData,
ICA_KEY_RSA_CRT *pKeyCrt,
unsigned int *pOutputDataLength, unsigned char *pOutputData);
unsigned int
icaRandomNumberGenerate(ICA_ADAPTER_HANDLE hAdapterHandle,
unsigned int outputDataLength,
unsigned char *pOutputData);
/*
* Specific macros and definitions to not have IFDEF;s all over the main code
*/
# if (_AIX)
static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
# elif (WIN32)
static const char *IBMCA_LIBNAME = "cryptica";
# else
static const char *IBMCA_LIBNAME = "ica";
# endif
# if (WIN32)
/*
* The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and offsets must be in
* big-endian format.
*
*/
# define CORRECT_ENDIANNESS(b) ( \
(((unsigned long) (b) & 0x000000ff) << 24) | \
(((unsigned long) (b) & 0x0000ff00) << 8) | \
(((unsigned long) (b) & 0x00ff0000) >> 8) | \
(((unsigned long) (b) & 0xff000000) >> 24) \
)
# define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
# define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
# else
# define CORRECT_ENDIANNESS(b) (b)
# define CRT_KEY_TYPE KEYTYPE_PKCSCRT
# define ME_KEY_TYPE KEYTYPE_MODEXPO
# endif
#endif /* __ICA_OPENSSL_API_H__ */

135
openssl-1.0.2f/demos/engines/rsaref/Makefile Normal file
View File

@@ -0,0 +1,135 @@
LIBNAME= librsaref
SRC= rsaref.c
OBJ= rsaref.o
HEADER= rsaref.h
CC= gcc
PIC= -fPIC
CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT
AR= ar r
RANLIB= ranlib
LIB= $(LIBNAME).a
SHLIB= $(LIBNAME).so
all:
@echo 'Please choose a system to build on:'
@echo ''
@echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
@echo 'solaris: Solaris'
@echo 'irix: IRIX'
@echo 'hpux32: 32-bit HP/UX'
@echo 'hpux64: 64-bit HP/UX'
@echo 'aix: AIX'
@echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
@echo ''
FORCE.install:
install: FORCE.install
cd install; \
make -f unix/makefile CFLAGS='-I. -DPROTOTYPES=1 -O -c' RSAREFLIB=librsaref.a librsaref.a
FORCE.update:
update: FORCE.update
perl ../../../util/mkerr.pl -conf rsaref.ec \
-nostatic -staticloader -write rsaref.c
darwin: install $(SHLIB).darwin
cygwin: install $(SHLIB).cygwin
gnu: install $(SHLIB).gnu
alpha-osf1: install $(SHLIB).alpha-osf1
tru64: install $(SHLIB).tru64
solaris: install $(SHLIB).solaris
irix: install $(SHLIB).irix
hpux32: install $(SHLIB).hpux32
hpux64: install $(SHLIB).hpux64
aix: install $(SHLIB).aix
reliantunix: install $(SHLIB).reliantunix
$(LIB): $(OBJ)
$(AR) $(LIB) $(OBJ)
- $(RANLIB) $(LIB)
LINK_SO= \
ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \
(nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
$$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
$(SHLIB).darwin: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-all_load' \
SHAREDFLAGS='-dynamiclib -install_name $(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).darwin
$(SHLIB).cygwin: $(LIB) install/librsaref.a
ALLSYMSFLAGS='--whole-archive' \
SHAREDFLAGS='-shared -Wl,-Bsymbolic -Wl,--out-implib,$(LIBNAME).dll.a' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).cygwin
$(SHLIB).gnu: $(LIB) install/librsaref.a
ALLSYMSFLAGS='--whole-archive' \
SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).gnu
$(SHLIB).tru64: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).tru64
$(SHLIB).solaris: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-z allextract' \
SHAREDFLAGS='-G -h $(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).solaris
$(SHLIB).irix: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).irix
$(SHLIB).hpux32: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-Fl' \
SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux32
$(SHLIB).hpux64: $(LIB) install/librsaref.a
ALLSYMSFLAGS='+forceload' \
SHAREDFLAGS='-b -z +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux64
$(SHLIB).aix: $(LIB) install/librsaref.a
ALLSYMSFLAGS='-bnogc' \
SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).aix
depend:
sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp Makefile
mv Makefile.new Makefile
# DO NOT DELETE THIS LINE -- make depend depends on it.
rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
rsaref.o: ../../../include/openssl/opensslconf.h
rsaref.o: ../../../include/openssl/opensslv.h
rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
rsaref.o: source/rsaref.h

22
openssl-1.0.2f/demos/engines/rsaref/README Normal file
View File

@@ -0,0 +1,22 @@
librsaref.so is a demonstration dynamic engine that does RSA
operations using the old RSAref 2.0 implementation.
To make proper use of this engine, you must download RSAref 2.0
(search the web for rsaref.tar.Z for example) and unpack it in this
directory, so you'll end up having the subdirectories "install" and
"source" among others.
To build, do the following:
make
This will list a number of available targets to choose from. Most of
them are architecture-specific. The exception is "gnu" which is to be
used on systems where GNU ld and gcc have been installed in such a way
that gcc uses GNU ld to link together programs and shared libraries.
The make file assumes you use gcc. To change that, just reassign CC:
make CC=cc
The result is librsaref.so, which you can copy to any place you wish.

105
openssl-1.0.2f/demos/engines/rsaref/build.com Normal file
View File

@@ -0,0 +1,105 @@
$! BUILD.COM -- Building procedure for the RSAref engine
$
$ if f$search("source.dir") .eqs. "" -
.or. f$search("install.dir") .eqs. ""
$ then
$ write sys$error "RSAref 2.0 hasn't been properly extracted."
$ exit
$ endif
$
$ if (f$getsyi("cpu").lt.128)
$ then
$ arch := vax
$ else
$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if (arch .eqs. "") then arch = "UNK"
$ endif
$
$ _save_default = f$environment("default")
$ set default [.install]
$ files := desc,digit,md2c,md5c,nn,prime,-
rsa,r_encode,r_dh,r_enhanc,r_keygen,r_random,-
r_stdlib
$ delete rsaref.olb;*
$ library/create/object rsaref.olb
$ files_i = 0
$ rsaref_loop:
$ files_e = f$edit(f$element(files_i,",",files),"trim")
$ files_i = files_i + 1
$ if files_e .eqs. "," then goto rsaref_loop_end
$ cc/include=([-.source],[])/define=PROTOTYPES=1/object=[]'files_e'.obj -
[-.source]'files_e'.c
$ library/replace/object rsaref.olb 'files_e'.obj
$ goto rsaref_loop
$ rsaref_loop_end:
$
$ set default [-]
$ define/user openssl [---.include.openssl]
$ cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c
$
$ if arch .eqs. "VAX"
$ then
$ macro/object=rsaref_vec.obj sys$input:
;
; Transfer vector for VAX shareable image
;
.TITLE librsaref
;
; Define macro to assist in building transfer vector entries. Each entry
; should take no more than 8 bytes.
;
.MACRO FTRANSFER_ENTRY routine
.ALIGN QUAD
.TRANSFER routine
.MASK routine
JMP routine+2
.ENDM FTRANSFER_ENTRY
;
; Place entries in own program section.
;
.PSECT $$LIBRSAREF,QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT
LIBRSAREF_xfer:
FTRANSFER_ENTRY bind_engine
FTRANSFER_ENTRY v_check
;
; Allocate extra storage at end of vector to allow for expansion.
;
.BLKB 512-<.-LIBRSAREF_xfer> ; 1 page.
.END
$ link/share=librsaref.exe sys$input:/option
!
! Ensure transfer vector is at beginning of image
!
CLUSTER=FIRST
COLLECT=FIRST,$$LIBRSAREF
!
! make psects nonshareable so image can be installed.
!
PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
[]rsaref_vec.obj
[]rsaref.obj
[.install]rsaref.olb/lib
[---.vax.exe.crypto]libcrypto.olb/lib
$ else
$ if arch_name .eqs. "ALPHA"
$ then
$ link/share=librsaref.exe sys$input:/option
[]rsaref.obj
[.install]rsaref.olb/lib
[---.alpha.exe.crypto]libcrypto.olb/lib
symbol_vector=(bind_engine=procedure,v_check=procedure)
$ else
$ if arch_name .eqs. "IA64"
$ then
$ link /shareable=librsaref.exe sys$input: /options
[]rsaref.obj
[.install]rsaref.olb/lib
[---.ia64.exe.crypto]libcrypto.olb/lib
symbol_vector=(bind_engine=procedure,v_check=procedure)
$ endif
$ endif
$ endif
$
$ set default '_save_default'

713
openssl-1.0.2f/demos/engines/rsaref/rsaref.c Normal file
View File

@@ -0,0 +1,713 @@
/*
* Demo of how to construct your own engine and using it. The basis of this
* engine is RSAref, an old reference of the RSA algorithm which can still be
* found a little here and there.
*/
#include <stdio.h>
#include <string.h>
#include "./source/global.h"
#include "./source/rsaref.h"
#include "./source/rsa.h"
#include "./source/des.h"
#include <openssl/err.h>
#define OPENSSL_NO_MD2
#define OPENSSL_NO_MD5
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/engine.h>
#define RSAREF_LIB_NAME "rsaref engine"
#include "rsaref_err.c"
/*****************************************************************************
*** Function declarations and global variable definitions ***
*****************************************************************************/
/*****************************************************************************
* Constants used when creating the ENGINE
**/
static const char *engine_rsaref_id = "rsaref";
static const char *engine_rsaref_name = "RSAref engine support";
/*****************************************************************************
* Functions to handle the engine
**/
static int rsaref_destroy(ENGINE *e);
static int rsaref_init(ENGINE *e);
static int rsaref_finish(ENGINE *e);
#if 0
static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
#endif
/*****************************************************************************
* Engine commands
**/
static const ENGINE_CMD_DEFN rsaref_cmd_defns[] = {
{0, NULL, NULL, 0}
};
/*****************************************************************************
* RSA functions
**/
static int rsaref_private_decrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int rsaref_private_encrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int rsaref_public_encrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int rsaref_public_decrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
/*****************************************************************************
* Our RSA method
**/
static RSA_METHOD rsaref_rsa = {
"RSAref PKCS#1 RSA",
rsaref_public_encrypt,
rsaref_public_decrypt,
rsaref_private_encrypt,
rsaref_private_decrypt,
rsaref_mod_exp,
bnref_mod_exp,
NULL,
NULL,
0,
NULL,
NULL,
NULL
};
/*****************************************************************************
* Symetric cipher and digest function registrars
**/
static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid);
static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid);
static int rsaref_cipher_nids[] =
{ NID_des_cbc, NID_des_ede3_cbc, NID_desx_cbc, 0 };
static int rsaref_digest_nids[] = { NID_md2, NID_md5, 0 };
/*****************************************************************************
* DES functions
**/
static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl);
static int cipher_des_cbc_clean(EVP_CIPHER_CTX *);
static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc);
static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in,
unsigned int inl);
static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);
static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl);
static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);
/*****************************************************************************
* Our DES ciphers
**/
static const EVP_CIPHER cipher_des_cbc = {
NID_des_cbc,
8, 8, 8,
0 | EVP_CIPH_CBC_MODE,
cipher_des_cbc_init,
cipher_des_cbc_code,
cipher_des_cbc_clean,
sizeof(DES_CBC_CTX),
NULL,
NULL,
NULL,
NULL
};
static const EVP_CIPHER cipher_des_ede3_cbc = {
NID_des_ede3_cbc,
8, 24, 8,
0 | EVP_CIPH_CBC_MODE,
cipher_des_ede3_cbc_init,
cipher_des_ede3_cbc_code,
cipher_des_ede3_cbc_clean,
sizeof(DES3_CBC_CTX),
NULL,
NULL,
NULL,
NULL
};
static const EVP_CIPHER cipher_desx_cbc = {
NID_desx_cbc,
8, 24, 8,
0 | EVP_CIPH_CBC_MODE,
cipher_desx_cbc_init,
cipher_desx_cbc_code,
cipher_desx_cbc_clean,
sizeof(DESX_CBC_CTX),
NULL,
NULL,
NULL,
NULL
};
/*****************************************************************************
* MD functions
**/
static int digest_md2_init(EVP_MD_CTX *ctx);
static int digest_md2_update(EVP_MD_CTX *ctx, const void *data,
unsigned long count);
static int digest_md2_final(EVP_MD_CTX *ctx, unsigned char *md);
static int digest_md5_init(EVP_MD_CTX *ctx);
static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
unsigned long count);
static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
/*****************************************************************************
* Our MD digests
**/
static const EVP_MD digest_md2 = {
NID_md2,
NID_md2WithRSAEncryption,
16,
0,
digest_md2_init,
digest_md2_update,
digest_md2_final,
NULL,
NULL,
EVP_PKEY_RSA_method,
16,
sizeof(MD2_CTX)
};
static const EVP_MD digest_md5 = {
NID_md5,
NID_md5WithRSAEncryption,
16,
0,
digest_md5_init,
digest_md5_update,
digest_md5_final,
NULL,
NULL,
EVP_PKEY_RSA_method,
64,
sizeof(MD5_CTX)
};
/*****************************************************************************
*** Function definitions ***
*****************************************************************************/
/*****************************************************************************
* Functions to handle the engine
**/
static int bind_rsaref(ENGINE *e)
{
const RSA_METHOD *meth1;
if (!ENGINE_set_id(e, engine_rsaref_id)
|| !ENGINE_set_name(e, engine_rsaref_name)
|| !ENGINE_set_RSA(e, &rsaref_rsa)
|| !ENGINE_set_ciphers(e, rsaref_ciphers)
|| !ENGINE_set_digests(e, rsaref_digests)
|| !ENGINE_set_destroy_function(e, rsaref_destroy)
|| !ENGINE_set_init_function(e, rsaref_init)
|| !ENGINE_set_finish_function(e, rsaref_finish)
/* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
/*
* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns)
*/ )
return 0;
/* Ensure the rsaref error handling is set up */
ERR_load_RSAREF_strings();
return 1;
}
#ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_helper(ENGINE *e, const char *id)
{
if (id && (strcmp(id, engine_rsaref_id) != 0))
return 0;
if (!bind_rsaref(e))
return 0;
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
#else
static ENGINE *engine_rsaref(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_rsaref(ret)) {
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_rsaref(void)
{
/* Copied from eng_[openssl|dyn].c */
ENGINE *toadd = engine_rsaref();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}
#endif
/* Initiator which is only present to make sure this engine looks available */
static int rsaref_init(ENGINE *e)
{
return 1;
}
/* Finisher which is only present to make sure this engine looks available */
static int rsaref_finish(ENGINE *e)
{
return 1;
}
/* Destructor (complements the "ENGINE_ncipher()" constructor) */
static int rsaref_destroy(ENGINE *e)
{
ERR_unload_RSAREF_strings();
return 1;
}
/*****************************************************************************
* RSA functions
**/
static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
RSAREFerr(RSAREF_F_RSAREF_MOD_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
RSAREFerr(RSAREF_F_BNREF_MOD_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
/* unsigned char *to: [max] */
static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)
{
int i;
i = BN_num_bytes(from);
if (i > max) {
RSAREFerr(RSAREF_F_RSAREF_BN2BIN, RSAREF_R_LEN);
return (0);
}
memset(to, 0, (unsigned int)max);
if (!BN_bn2bin(from, &(to[max - i])))
return (0);
return (1);
}
#ifdef undef
/* unsigned char *from: [max] */
static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)
{
int i;
BIGNUM *ret;
for (i = 0; i < max; i++)
if (from[i])
break;
ret = BN_bin2bn(&(from[i]), max - i, to);
return (ret);
}
static int RSAref_Public_ref2eay(RSArefPublicKey * from, RSA *to)
{
to->n = RSAref_bin2bn(from->m, NULL, RSAref_MAX_LEN);
to->e = RSAref_bin2bn(from->e, NULL, RSAref_MAX_LEN);
if ((to->n == NULL) || (to->e == NULL))
return (0);
return (1);
}
#endif
static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY * to)
{
to->bits = BN_num_bits(from->n);
if (!RSAref_bn2bin(from->n, to->modulus, MAX_RSA_MODULUS_LEN))
return (0);
if (!RSAref_bn2bin(from->e, to->exponent, MAX_RSA_MODULUS_LEN))
return (0);
return (1);
}
#ifdef undef
static int RSAref_Private_ref2eay(RSArefPrivateKey * from, RSA *to)
{
if ((to->n = RSAref_bin2bn(from->m, NULL, RSAref_MAX_LEN)) == NULL)
return (0);
if ((to->e = RSAref_bin2bn(from->e, NULL, RSAref_MAX_LEN)) == NULL)
return (0);
if ((to->d = RSAref_bin2bn(from->d, NULL, RSAref_MAX_LEN)) == NULL)
return (0);
if ((to->p =
RSAref_bin2bn(from->prime[0], NULL, RSAref_MAX_PLEN)) == NULL)
return (0);
if ((to->q =
RSAref_bin2bn(from->prime[1], NULL, RSAref_MAX_PLEN)) == NULL)
return (0);
if ((to->dmp1 = RSAref_bin2bn(from->pexp[0], NULL, RSAref_MAX_PLEN))
== NULL)
return (0);
if ((to->dmq1 = RSAref_bin2bn(from->pexp[1], NULL, RSAref_MAX_PLEN))
== NULL)
return (0);
if ((to->iqmp = RSAref_bin2bn(from->coef, NULL, RSAref_MAX_PLEN)) == NULL)
return (0);
return (1);
}
#endif
static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY * to)
{
to->bits = BN_num_bits(from->n);
if (!RSAref_bn2bin(from->n, to->modulus, MAX_RSA_MODULUS_LEN))
return (0);
if (!RSAref_bn2bin(from->e, to->publicExponent, MAX_RSA_MODULUS_LEN))
return (0);
if (!RSAref_bn2bin(from->d, to->exponent, MAX_RSA_MODULUS_LEN))
return (0);
if (!RSAref_bn2bin(from->p, to->prime[0], MAX_RSA_PRIME_LEN))
return (0);
if (!RSAref_bn2bin(from->q, to->prime[1], MAX_RSA_PRIME_LEN))
return (0);
if (!RSAref_bn2bin(from->dmp1, to->primeExponent[0], MAX_RSA_PRIME_LEN))
return (0);
if (!RSAref_bn2bin(from->dmq1, to->primeExponent[1], MAX_RSA_PRIME_LEN))
return (0);
if (!RSAref_bn2bin(from->iqmp, to->coefficient, MAX_RSA_PRIME_LEN))
return (0);
return (1);
}
static int rsaref_private_decrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int i, outlen = -1;
R_RSA_PRIVATE_KEY RSAkey;
if (!RSAref_Private_eay2ref(rsa, &RSAkey))
goto err;
if ((i =
RSAPrivateDecrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
len, &RSAkey)) != 0) {
RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT, i);
outlen = -1;
}
err:
memset(&RSAkey, 0, sizeof(RSAkey));
return (outlen);
}
static int rsaref_private_encrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int i, outlen = -1;
R_RSA_PRIVATE_KEY RSAkey;
if (padding != RSA_PKCS1_PADDING) {
RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,
RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (!RSAref_Private_eay2ref(rsa, &RSAkey))
goto err;
if ((i =
RSAPrivateEncrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
len, &RSAkey)) != 0) {
RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT, i);
outlen = -1;
}
err:
memset(&RSAkey, 0, sizeof(RSAkey));
return (outlen);
}
static int rsaref_public_decrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int i, outlen = -1;
R_RSA_PUBLIC_KEY RSAkey;
if (!RSAref_Public_eay2ref(rsa, &RSAkey))
goto err;
if ((i =
RSAPublicDecrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
len, &RSAkey)) != 0) {
RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT, i);
outlen = -1;
}
err:
memset(&RSAkey, 0, sizeof(RSAkey));
return (outlen);
}
static int rsaref_public_encrypt(int len, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int outlen = -1;
int i;
R_RSA_PUBLIC_KEY RSAkey;
R_RANDOM_STRUCT rnd;
unsigned char buf[16];
if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING) {
RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
R_RandomInit(&rnd);
R_GetRandomBytesNeeded((unsigned int *)&i, &rnd);
while (i > 0) {
if (RAND_bytes(buf, 16) <= 0)
goto err;
R_RandomUpdate(&rnd, buf, (unsigned int)((i > 16) ? 16 : i));
i -= 16;
}
if (!RSAref_Public_eay2ref(rsa, &RSAkey))
goto err;
if ((i =
RSAPublicEncrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
len, &RSAkey, &rnd)) != 0) {
RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, i);
outlen = -1;
goto err;
}
err:
memset(&RSAkey, 0, sizeof(RSAkey));
R_RandomFinal(&rnd);
memset(&rnd, 0, sizeof(rnd));
return (outlen);
}
/*****************************************************************************
* Symetric cipher and digest function registrars
**/
static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
int ok = 1;
if (!cipher) {
/* We are returning a list of supported nids */
*nids = rsaref_cipher_nids;
return (sizeof(rsaref_cipher_nids) -
1) / sizeof(rsaref_cipher_nids[0]);
}
/* We are being asked for a specific cipher */
switch (nid) {
case NID_des_cbc:
*cipher = &cipher_des_cbc;
break;
case NID_des_ede3_cbc:
*cipher = &cipher_des_ede3_cbc;
break;
case NID_desx_cbc:
*cipher = &cipher_desx_cbc;
break;
default:
ok = 0;
*cipher = NULL;
break;
}
return ok;
}
static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
int ok = 1;
if (!digest) {
/* We are returning a list of supported nids */
*nids = rsaref_digest_nids;
return (sizeof(rsaref_digest_nids) -
1) / sizeof(rsaref_digest_nids[0]);
}
/* We are being asked for a specific digest */
switch (nid) {
case NID_md2:
*digest = &digest_md2;
break;
case NID_md5:
*digest = &digest_md5;
break;
default:
ok = 0;
*digest = NULL;
break;
}
return ok;
}
/*****************************************************************************
* DES functions
**/
#undef data
#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)
static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
return 1;
}
static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
switch (ret) {
case RE_LEN:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,
RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
break;
case 0:
break;
default:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE, RSAREF_R_UNKNOWN_FAULT);
}
return !ret;
}
static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
{
memset(data(ctx), 0, ctx->cipher->ctx_size);
return 1;
}
#undef data
#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)
static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc)
{
DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
return 1;
}
static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
switch (ret) {
case RE_LEN:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,
RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
break;
case 0:
break;
default:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE, RSAREF_R_UNKNOWN_FAULT);
}
return !ret;
}
static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
{
memset(data(ctx), 0, ctx->cipher->ctx_size);
return 1;
}
#undef data
#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)
static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
return 1;
}
static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
switch (ret) {
case RE_LEN:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,
RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
break;
case 0:
break;
default:
RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE, RSAREF_R_UNKNOWN_FAULT);
}
return !ret;
}
static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)
{
memset(data(ctx), 0, ctx->cipher->ctx_size);
return 1;
}
/*****************************************************************************
* MD functions
**/
#undef data
#define data(ctx) ((MD2_CTX *)(ctx)->md_data)
static int digest_md2_init(EVP_MD_CTX *ctx)
{
MD2Init(data(ctx));
return 1;
}
static int digest_md2_update(EVP_MD_CTX *ctx, const void *data,
unsigned long count)
{
MD2Update(data(ctx), (unsigned char *)data, (unsigned int)count);
return 1;
}
static int digest_md2_final(EVP_MD_CTX *ctx, unsigned char *md)
{
MD2Final(md, data(ctx));
return 1;
}
#undef data
#define data(ctx) ((MD5_CTX *)(ctx)->md_data)
static int digest_md5_init(EVP_MD_CTX *ctx)
{
MD5Init(data(ctx));
return 1;
}
static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
unsigned long count)
{
MD5Update(data(ctx), (unsigned char *)data, (unsigned int)count);
return 1;
}
static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
{
MD5Final(md, data(ctx));
return 1;
}

8
openssl-1.0.2f/demos/engines/rsaref/rsaref.ec Normal file
View File

@@ -0,0 +1,8 @@
# configuration file for util/mkerr.pl
#
# use like this:
#
# perl ../../../util/mkerr.pl -conf rsaref.ec \
# -nostatic -staticloader -write *.c
L RSAREF rsaref_err.h rsaref_err.c

158
openssl-1.0.2f/demos/engines/rsaref/rsaref_err.c Normal file
View File

@@ -0,0 +1,158 @@
/* rsaref_err.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "rsaref_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA RSAREF_str_functs[] = {
{ERR_PACK(0, RSAREF_F_BNREF_MOD_EXP, 0), "BNREF_MOD_EXP"},
{ERR_PACK(0, RSAREF_F_CIPHER_DES_CBC_CODE, 0), "CIPHER_DES_CBC_CODE"},
{ERR_PACK(0, RSAREF_F_RSAREF_BN2BIN, 0), "RSAREF_BN2BIN"},
{ERR_PACK(0, RSAREF_F_RSAREF_MOD_EXP, 0), "RSAREF_MOD_EXP"},
{ERR_PACK(0, RSAREF_F_RSAREF_PRIVATE_DECRYPT, 0),
"RSAREF_PRIVATE_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSAREF_PRIVATE_ENCRYPT, 0),
"RSAREF_PRIVATE_ENCRYPT"},
{ERR_PACK(0, RSAREF_F_RSAREF_PUBLIC_DECRYPT, 0), "RSAREF_PUBLIC_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSAREF_PUBLIC_ENCRYPT, 0), "RSAREF_PUBLIC_ENCRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_BN2BIN, 0), "RSA_BN2BIN"},
{ERR_PACK(0, RSAREF_F_RSA_PRIVATE_DECRYPT, 0), "RSA_PRIVATE_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_PRIVATE_ENCRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_PUBLIC_DECRYPT, 0), "RSA_PUBLIC_DECRYPT"},
{ERR_PACK(0, RSAREF_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_PUBLIC_ENCRYPT"},
{0, NULL}
};
static ERR_STRING_DATA RSAREF_str_reasons[] = {
{RSAREF_R_CONTENT_ENCODING, "content encoding"},
{RSAREF_R_DATA, "data"},
{RSAREF_R_DIGEST_ALGORITHM, "digest algorithm"},
{RSAREF_R_ENCODING, "encoding"},
{RSAREF_R_ENCRYPTION_ALGORITHM, "encryption algorithm"},
{RSAREF_R_KEY, "key"},
{RSAREF_R_KEY_ENCODING, "key encoding"},
{RSAREF_R_LEN, "len"},
{RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED, "length not block aligned"},
{RSAREF_R_MODULUS_LEN, "modulus len"},
{RSAREF_R_NEED_RANDOM, "need random"},
{RSAREF_R_PRIVATE_KEY, "private key"},
{RSAREF_R_PUBLIC_KEY, "public key"},
{RSAREF_R_SIGNATURE, "signature"},
{RSAREF_R_SIGNATURE_ENCODING, "signature encoding"},
{RSAREF_R_UNKNOWN_FAULT, "unknown fault"},
{0, NULL}
};
#endif
#ifdef RSAREF_LIB_NAME
static ERR_STRING_DATA RSAREF_lib_name[] = {
{0, RSAREF_LIB_NAME},
{0, NULL}
};
#endif
static int RSAREF_lib_error_code = 0;
static int RSAREF_error_init = 1;
static void ERR_load_RSAREF_strings(void)
{
if (RSAREF_lib_error_code == 0)
RSAREF_lib_error_code = ERR_get_next_error_library();
if (RSAREF_error_init) {
RSAREF_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(RSAREF_lib_error_code, RSAREF_str_functs);
ERR_load_strings(RSAREF_lib_error_code, RSAREF_str_reasons);
#endif
#ifdef RSAREF_LIB_NAME
RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code, 0, 0);
ERR_load_strings(0, RSAREF_lib_name);
#endif
}
}
static void ERR_unload_RSAREF_strings(void)
{
if (RSAREF_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(RSAREF_lib_error_code, RSAREF_str_functs);
ERR_unload_strings(RSAREF_lib_error_code, RSAREF_str_reasons);
#endif
#ifdef RSAREF_LIB_NAME
ERR_unload_strings(0, RSAREF_lib_name);
#endif
RSAREF_error_init = 1;
}
}
static void ERR_RSAREF_error(int function, int reason, char *file, int line)
{
if (RSAREF_lib_error_code == 0)
RSAREF_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(RSAREF_lib_error_code, function, reason, file, line);
}

110
openssl-1.0.2f/demos/engines/rsaref/rsaref_err.h Normal file
View File

@@ -0,0 +1,110 @@
/* rsaref_err.h */
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_RSAREF_ERR_H
# define HEADER_RSAREF_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_RSAREF_strings(void);
static void ERR_unload_RSAREF_strings(void);
static void ERR_RSAREF_error(int function, int reason, char *file, int line);
# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
/* Error codes for the RSAREF functions. */
/* Function codes. */
# define RSAREF_F_BNREF_MOD_EXP 100
# define RSAREF_F_CIPHER_DES_CBC_CODE 112
# define RSAREF_F_RSAREF_BN2BIN 101
# define RSAREF_F_RSAREF_MOD_EXP 102
# define RSAREF_F_RSAREF_PRIVATE_DECRYPT 103
# define RSAREF_F_RSAREF_PRIVATE_ENCRYPT 104
# define RSAREF_F_RSAREF_PUBLIC_DECRYPT 105
# define RSAREF_F_RSAREF_PUBLIC_ENCRYPT 106
# define RSAREF_F_RSA_BN2BIN 107
# define RSAREF_F_RSA_PRIVATE_DECRYPT 108
# define RSAREF_F_RSA_PRIVATE_ENCRYPT 109
# define RSAREF_F_RSA_PUBLIC_DECRYPT 110
# define RSAREF_F_RSA_PUBLIC_ENCRYPT 111
/* Reason codes. */
# define RSAREF_R_CONTENT_ENCODING 100
# define RSAREF_R_DATA 101
# define RSAREF_R_DIGEST_ALGORITHM 102
# define RSAREF_R_ENCODING 103
# define RSAREF_R_ENCRYPTION_ALGORITHM 104
# define RSAREF_R_KEY 105
# define RSAREF_R_KEY_ENCODING 106
# define RSAREF_R_LEN 107
# define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED 114
# define RSAREF_R_MODULUS_LEN 108
# define RSAREF_R_NEED_RANDOM 109
# define RSAREF_R_PRIVATE_KEY 110
# define RSAREF_R_PUBLIC_KEY 111
# define RSAREF_R_SIGNATURE 112
# define RSAREF_R_SIGNATURE_ENCODING 113
# define RSAREF_R_UNKNOWN_FAULT 115
#ifdef __cplusplus
}
#endif
#endif

114
openssl-1.0.2f/demos/engines/zencod/Makefile Normal file
View File

@@ -0,0 +1,114 @@
LIBNAME= libzencod
SRC= hw_zencod.c
OBJ= hw_zencod.o
HEADER= hw_zencod.h
CC= gcc
PIC= -fPIC
CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
AR= ar r
RANLIB= ranlib
LIB= $(LIBNAME).a
SHLIB= $(LIBNAME).so
all:
@echo 'Please choose a system to build on:'
@echo ''
@echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
@echo 'solaris: Solaris'
@echo 'irix: IRIX'
@echo 'hpux32: 32-bit HP/UX'
@echo 'hpux64: 64-bit HP/UX'
@echo 'aix: AIX'
@echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
@echo ''
FORCE.update:
update: FORCE.update
perl ../../../util/mkerr.pl -conf hw_zencod.ec \
-nostatic -staticloader -write hw_zencod.c
gnu: $(SHLIB).gnu
tru64: $(SHLIB).tru64
solaris: $(SHLIB).solaris
irix: $(SHLIB).irix
hpux32: $(SHLIB).hpux32
hpux64: $(SHLIB).hpux64
aix: $(SHLIB).aix
$(LIB): $(OBJ)
$(AR) $(LIB) $(OBJ)
- $(RANLIB) $(LIB)
LINK_SO= \
ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
(nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
$$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
$(SHLIB).gnu: $(LIB)
ALLSYMSFLAGS='--whole-archive' \
SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).gnu
$(SHLIB).tru64: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).tru64
$(SHLIB).solaris: $(LIB)
ALLSYMSFLAGS='-z allextract' \
SHAREDFLAGS='-G -h $(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).solaris
$(SHLIB).irix: $(LIB)
ALLSYMSFLAGS='-all' \
SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).irix
$(SHLIB).hpux32: $(LIB)
ALLSYMSFLAGS='-Fl' \
SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux32
$(SHLIB).hpux64: $(LIB)
ALLSYMSFLAGS='+forceload' \
SHAREDFLAGS='-b -z +h $(SHLIB)' \
SHAREDCMD='/usr/ccs/bin/ld'; \
$(LINK_SO)
touch $(SHLIB).hpux64
$(SHLIB).aix: $(LIB)
ALLSYMSFLAGS='-bnogc' \
SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
SHAREDCMD='$(CC)'; \
$(LINK_SO)
touch $(SHLIB).aix
depend:
sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
rm -f Makefile.tmp Makefile
mv Makefile.new Makefile
# DO NOT DELETE THIS LINE -- make depend depends on it.
rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
rsaref.o: ../../../include/openssl/opensslconf.h
rsaref.o: ../../../include/openssl/opensslv.h
rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
rsaref.o: source/rsaref.h

1809
openssl-1.0.2f/demos/engines/zencod/hw_zencod.c Normal file
View File

File diff suppressed because it is too large Load Diff

8
openssl-1.0.2f/demos/engines/zencod/hw_zencod.ec Normal file
View File

@@ -0,0 +1,8 @@
# configuration file for util/mkerr.pl
#
# use like this:
#
# perl ../../../util/mkerr.pl -conf hw_zencod.ec \
# -nostatic -staticloader -write *.c
L ZENCOD hw_zencod_err.h hw_zencod_err.c

159
openssl-1.0.2f/demos/engines/zencod/hw_zencod.h Normal file
View File

@@ -0,0 +1,159 @@
/* File : /crypto/engine/vendor_defns/hw_zencod.h */
/* ====================================================================
* Written by Donnat Frederic (frederic.donnat@zencod.com) from ZENCOD
* for "zencod" ENGINE integration in OpenSSL project.
*/
#ifndef _HW_ZENCOD_H_
# define _HW_ZENCOD_H_
# include <stdio.h>
# ifdef __cplusplus
extern "C" {
# endif /* __cplusplus */
# define ZENBRIDGE_MAX_KEYSIZE_RSA 2048
# define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024
# define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024
# define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024
/* Library version computation */
# define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff)
# define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff)
# define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff)
# define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z))
/*
* Memory type
*/
typedef struct zencod_number_s {
unsigned long len;
unsigned char *data;
} zen_nb_t;
# define KEY zen_nb_t
/*
* Misc
*/
typedef int t_zencod_lib_version(void);
typedef int t_zencod_hw_version(void);
typedef int t_zencod_test(void);
typedef int t_zencod_dump_key(FILE *stream, char *msg, KEY * key);
/*
* Key management tools
*/
typedef KEY *t_zencod_new_number(unsigned long len, unsigned char *data);
typedef int t_zencod_init_number(KEY * n, unsigned long len,
unsigned char *data);
typedef unsigned long t_zencod_bytes2bits(unsigned char *n,
unsigned long bytes);
typedef unsigned long t_zencod_bits2bytes(unsigned long bits);
/*
* RSA API
*/
/* Compute modular exponential : y = x**e | n */
typedef int t_zencod_rsa_mod_exp(KEY * y, KEY * x, KEY * n, KEY * e);
/*
* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp
* | p, y = y2 + (qinv * (y1 - y2) | p) * q
*/
typedef int t_zencod_rsa_mod_exp_crt(KEY * y, KEY * x, KEY * p, KEY * q,
KEY * edp, KEY * edq, KEY * qinv);
/*
* DSA API
*/
typedef int t_zencod_dsa_do_sign(unsigned int hash, KEY * data,
KEY * random, KEY * p, KEY * q, KEY * g,
KEY * x, KEY * r, KEY * s);
typedef int t_zencod_dsa_do_verify(unsigned int hash, KEY * data, KEY * p,
KEY * q, KEY * g, KEY * y, KEY * r,
KEY * s, KEY * v);
/*
* DH API
*/
/* Key generation : compute public value y = g**x | n */
typedef int t_zencod_dh_generate_key(KEY * y, KEY * x, KEY * g, KEY * n,
int gen_x);
typedef int t_zencod_dh_compute_key(KEY * k, KEY * y, KEY * x, KEY * n);
/*
* RNG API
*/
# define ZENBRIDGE_RNG_DIRECT 0
# define ZENBRIDGE_RNG_SHA1 1
typedef int t_zencod_rand_bytes(KEY * rand, unsigned int flags);
/*
* Math API
*/
typedef int t_zencod_math_mod_exp(KEY * r, KEY * a, KEY * e, KEY * n);
/*
* Symetric API
*/
/* Define a data structure for digests operations */
typedef struct ZEN_data_st {
unsigned int HashBufferSize;
unsigned char *HashBuffer;
} ZEN_MD_DATA;
/*
* Functions for Digest (MD5, SHA1) stuff
*/
/* output : output data buffer */
/* input : input data buffer */
/* algo : hash algorithm, MD5 or SHA1 */
/*-
* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
* typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
*/
/* For now separate this stuff that mad it easier to test */
typedef int t_zencod_md5_init(ZEN_MD_DATA *data);
typedef int t_zencod_md5_update(ZEN_MD_DATA *data, const KEY * input);
typedef int t_zencod_md5_do_final(ZEN_MD_DATA *data, KEY * output);
typedef int t_zencod_sha1_init(ZEN_MD_DATA *data);
typedef int t_zencod_sha1_update(ZEN_MD_DATA *data, const KEY * input);
typedef int t_zencod_sha1_do_final(ZEN_MD_DATA *data, KEY * output);
/*
* Functions for Cipher (RC4, DES, 3DES) stuff
*/
/* output : output data buffer */
/* input : input data buffer */
/* key : rc4 key data */
/* index_1 : value of index x from RC4 key structure */
/* index_2 : value of index y from RC4 key structure */
/*
* Be carefull : RC4 key should be expanded before calling this method
* (Should we provide an expand function ??)
*/
typedef int t_zencod_rc4_cipher(KEY * output, const KEY * input,
const KEY * key, unsigned char *index_1,
unsigned char *index_2, int mode);
/* output : output data buffer */
/* input : input data buffer */
/* key_1 : des first key data */
/* key_2 : des second key data */
/* key_3 : des third key data */
/* iv : initial vector */
/* mode : xdes mode (encrypt or decrypt) */
/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
typedef int t_zencod_xdes_cipher(KEY * output, const KEY * input,
const KEY * key_1, const KEY * key_2,
const KEY * key_3, const KEY * iv,
int mode);
# undef KEY
# ifdef __cplusplus
}
# endif /* __cplusplus */
#endif /* !_HW_ZENCOD_H_ */

147
openssl-1.0.2f/demos/engines/zencod/hw_zencod_err.c Normal file
View File

@@ -0,0 +1,147 @@
/* hw_zencod_err.c */
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include "hw_zencod_err.h"
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA ZENCOD_str_functs[] = {
{ERR_PACK(0, ZENCOD_F_ZENCOD_BN_MOD_EXP, 0), "ZENCOD_BN_MOD_EXP"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_CTRL, 0), "ZENCOD_CTRL"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DH_COMPUTE, 0), "ZENCOD_DH_COMPUTE"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DH_GENERATE, 0), "ZENCOD_DH_GENERATE"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DSA_DO_SIGN, 0), "ZENCOD_DSA_DO_SIGN"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_DSA_DO_VERIFY, 0), "ZENCOD_DSA_DO_VERIFY"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_FINISH, 0), "ZENCOD_FINISH"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_INIT, 0), "ZENCOD_INIT"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_RAND, 0), "ZENCOD_RAND"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_RSA_MOD_EXP, 0), "ZENCOD_RSA_MOD_EXP"},
{ERR_PACK(0, ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, 0),
"ZENCOD_RSA_MOD_EXP_CRT"},
{0, NULL}
};
static ERR_STRING_DATA ZENCOD_str_reasons[] = {
{ZENCOD_R_ALREADY_LOADED, "already loaded"},
{ZENCOD_R_BAD_KEY_COMPONENTS, "bad key components"},
{ZENCOD_R_BN_EXPAND_FAIL, "bn expand fail"},
{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctrl command not implemented"},
{ZENCOD_R_DSO_FAILURE, "dso failure"},
{ZENCOD_R_NOT_LOADED, "not loaded"},
{ZENCOD_R_REQUEST_FAILED, "request failed"},
{ZENCOD_R_UNIT_FAILURE, "unit failure"},
{0, NULL}
};
#endif
#ifdef ZENCOD_LIB_NAME
static ERR_STRING_DATA ZENCOD_lib_name[] = {
{0, ZENCOD_LIB_NAME},
{0, NULL}
};
#endif
static int ZENCOD_lib_error_code = 0;
static int ZENCOD_error_init = 1;
static void ERR_load_ZENCOD_strings(void)
{
if (ZENCOD_lib_error_code == 0)
ZENCOD_lib_error_code = ERR_get_next_error_library();
if (ZENCOD_error_init) {
ZENCOD_error_init = 0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(ZENCOD_lib_error_code, ZENCOD_str_functs);
ERR_load_strings(ZENCOD_lib_error_code, ZENCOD_str_reasons);
#endif
#ifdef ZENCOD_LIB_NAME
ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code, 0, 0);
ERR_load_strings(0, ZENCOD_lib_name);
#endif
}
}
static void ERR_unload_ZENCOD_strings(void)
{
if (ZENCOD_error_init == 0) {
#ifndef OPENSSL_NO_ERR
ERR_unload_strings(ZENCOD_lib_error_code, ZENCOD_str_functs);
ERR_unload_strings(ZENCOD_lib_error_code, ZENCOD_str_reasons);
#endif
#ifdef ZENCOD_LIB_NAME
ERR_unload_strings(0, ZENCOD_lib_name);
#endif
ZENCOD_error_init = 1;
}
}
static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
{
if (ZENCOD_lib_error_code == 0)
ZENCOD_lib_error_code = ERR_get_next_error_library();
ERR_PUT_error(ZENCOD_lib_error_code, function, reason, file, line);
}

100
openssl-1.0.2f/demos/engines/zencod/hw_zencod_err.h Normal file
View File

@@ -0,0 +1,100 @@
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ZENCOD_ERR_H
# define HEADER_ZENCOD_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
static void ERR_load_ZENCOD_strings(void);
static void ERR_unload_ZENCOD_strings(void);
static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
/* Error codes for the ZENCOD functions. */
/* Function codes. */
# define ZENCOD_F_ZENCOD_BN_MOD_EXP 100
# define ZENCOD_F_ZENCOD_CTRL 101
# define ZENCOD_F_ZENCOD_DH_COMPUTE 102
# define ZENCOD_F_ZENCOD_DH_GENERATE 103
# define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104
# define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105
# define ZENCOD_F_ZENCOD_FINISH 106
# define ZENCOD_F_ZENCOD_INIT 107
# define ZENCOD_F_ZENCOD_RAND 108
# define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109
# define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110
/* Reason codes. */
# define ZENCOD_R_ALREADY_LOADED 100
# define ZENCOD_R_BAD_KEY_COMPONENTS 101
# define ZENCOD_R_BN_EXPAND_FAIL 102
# define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
# define ZENCOD_R_DSO_FAILURE 104
# define ZENCOD_R_NOT_LOADED 105
# define ZENCOD_R_REQUEST_FAILED 106
# define ZENCOD_R_UNIT_FAILURE 107
#ifdef __cplusplus
}
#endif
#endif

3
openssl-1.0.2f/demos/pkcs12/README Normal file
View File

@@ -0,0 +1,3 @@
PKCS#12 demo applications
Written by Steve Henson.

61
openssl-1.0.2f/demos/pkcs12/pkread.c Normal file
View File

@@ -0,0 +1,61 @@
/* pkread.c */
#include <stdio.h>
#include <stdlib.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
/* Simple PKCS#12 file reader */
int main(int argc, char **argv)
{
FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12;
int i;
if (argc != 4) {
fprintf(stderr, "Usage: pkread p12file password opfile\n");
exit(1);
}
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
if (!(fp = fopen(argv[1], "rb"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
p12 = d2i_PKCS12_fp(fp, NULL);
fclose(fp);
if (!p12) {
fprintf(stderr, "Error reading PKCS#12 file\n");
ERR_print_errors_fp(stderr);
exit(1);
}
if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
fprintf(stderr, "Error parsing PKCS#12 file\n");
ERR_print_errors_fp(stderr);
exit(1);
}
PKCS12_free(p12);
if (!(fp = fopen(argv[3], "w"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
if (pkey) {
fprintf(fp, "***Private Key***\n");
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
}
if (cert) {
fprintf(fp, "***User Certificate***\n");
PEM_write_X509_AUX(fp, cert);
}
if (ca && sk_X509_num(ca)) {
fprintf(fp, "***Other Certificates***\n");
for (i = 0; i < sk_X509_num(ca); i++)
PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
}
fclose(fp);
return 0;
}

46
openssl-1.0.2f/demos/pkcs12/pkwrite.c Normal file
View File

@@ -0,0 +1,46 @@
/* pkwrite.c */
#include <stdio.h>
#include <stdlib.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
/* Simple PKCS#12 file creator */
int main(int argc, char **argv)
{
FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
PKCS12 *p12;
if (argc != 5) {
fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
exit(1);
}
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
if (!(fp = fopen(argv[1], "r"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(1);
}
cert = PEM_read_X509(fp, NULL, NULL, NULL);
rewind(fp);
pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose(fp);
p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0, 0, 0, 0, 0);
if (!p12) {
fprintf(stderr, "Error creating PKCS#12 structure\n");
ERR_print_errors_fp(stderr);
exit(1);
}
if (!(fp = fopen(argv[4], "wb"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
ERR_print_errors_fp(stderr);
exit(1);
}
i2d_PKCS12_fp(fp, p12);
PKCS12_free(p12);
fclose(fp);
return 0;
}

20
openssl-1.0.2f/demos/prime/Makefile Normal file
View File

@@ -0,0 +1,20 @@
CC=cc
CFLAGS= -g -I../../include -Wall
LIBS= -L../.. -lcrypto
EXAMPLES=prime
all: $(EXAMPLES)
prime: prime.o
$(CC) -o prime prime.o $(LIBS)
clean:
rm -f $(EXAMPLES) *.o
test: all
@echo Test creating a 128-bit prime
./prime 128
@echo Test creating a 256-bit prime
./prime 256
@echo Test creating a 512-bit prime
./prime 512

102
openssl-1.0.2f/demos/prime/prime.c Normal file
View File

@@ -0,0 +1,102 @@
/* demos/prime/prime.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <openssl/bn.h>
void callback(type, num)
int type, num;
{
if (type == 0)
fprintf(stderr, ".");
else if (type == 1)
fprintf(stderr, "+");
else if (type == 2)
fprintf(stderr, "*");
fflush(stderr);
}
int main(argc, argv)
int argc;
char *argv[];
{
BIGNUM *rand;
int num = 256;
/*
* we should really call RAND_seed(char *bytes,int num); to fully
* initalise the random number generator
*/
if (argc >= 2) {
num = atoi(argv[1]);
if (num == 0)
num = 256;
}
fprintf(stderr, "generate a strong prime\n");
rand = BN_generate_prime(NULL, num, 1, NULL, NULL, callback, NULL);
/* change the third parameter to 1 for a strong prime */
fprintf(stderr, "\n");
BN_print_fp(stdout, rand);
fprintf(stdout, "\n");
BN_free(rand);
exit(0);
return (0);
}

9
openssl-1.0.2f/demos/privkey.pem Normal file
View File

@@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAN+FmbxmHVOp/RxtpMGz0DvQEBz1sDktHp19hIoMSu0YZift5MAu
4xAEJYvWVCshDiyOTWsUBXwZkrkt87FyctkCAwEAAQJAG/vxBGpQb6IPo1iC0RF/
F430BnwoBPCGLbeCOXpSgx5X+19vuTSdEqMgeNB6+aNb+XY/7mvVfCjyD6WZ0oxs
JQIhAPO+uL9cP40lFs62pdL3QSWsh3VNDByvOtr9LpeaxBm/AiEA6sKVfXsDQ5hd
SHt9U61r2r8Lcxmzi9Kw6JNqjMmzqWcCIQCKoRy+aZ8Tjdas9yDVHh+FZ90bEBkl
b1xQFNOdEj8aTQIhAOJWrO6INYNsWTPS6+hLYZtLamyUsQj0H+B8kNQge/mtAiEA
nBfvUl243qbqN8gF7Az1u33uc9FsPVvQPiBzLxZ4ixw=
-----END RSA PRIVATE KEY-----

176
openssl-1.0.2f/demos/selfsign.c Normal file
View File

@@ -0,0 +1,176 @@
/* NOCW */
/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */
#include <stdio.h>
#include <stdlib.h>
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int main()
{
BIO *bio_err;
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
mkit(&x509, &pkey, 512, 0, 365);
RSA_print_fp(stdout, pkey->pkey.rsa, 0);
X509_print_fp(stdout, x509);
PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
PEM_write_X509(stdout, x509);
X509_free(x509);
EVP_PKEY_free(pkey);
#ifdef CUSTOM_EXT
/* Only needed if we add objects or custom extensions */
X509V3_EXT_cleanup();
OBJ_cleanup();
#endif
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return (0);
}
#ifdef WIN16
# define MS_CALLBACK _far _loadds
# define MS_FAR _far
#else
# define MS_CALLBACK
# define MS_FAR
#endif
static void MS_CALLBACK callback(p, n, arg)
int p;
int n;
void *arg;
{
char c = 'B';
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
fputc(c, stderr);
}
int mkit(x509p, pkeyp, bits, serial, days)
X509 **x509p;
EVP_PKEY **pkeyp;
int bits;
int serial;
int days;
{
X509 *x;
EVP_PKEY *pk;
RSA *rsa;
X509_NAME *name = NULL;
X509_NAME_ENTRY *ne = NULL;
X509_EXTENSION *ex = NULL;
if ((pkeyp == NULL) || (*pkeyp == NULL)) {
if ((pk = EVP_PKEY_new()) == NULL) {
abort();
return (0);
}
} else
pk = *pkeyp;
if ((x509p == NULL) || (*x509p == NULL)) {
if ((x = X509_new()) == NULL)
goto err;
} else
x = *x509p;
rsa = RSA_generate_key(bits, RSA_F4, callback, NULL);
if (!EVP_PKEY_assign_RSA(pk, rsa)) {
abort();
goto err;
}
rsa = NULL;
X509_set_version(x, 3);
ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days);
X509_set_pubkey(x, pk);
name = X509_get_subject_name(x);
/*
* This function creates and adds the entry, working out the correct
* string type and performing checks on its length. Normally we'd check
* the return value for errors...
*/
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "UK", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN",
MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
X509_set_issuer_name(x, name);
/*
* Add extension using V3 code: we can set the config file as NULL
* because we wont reference any other sections. We can also set the
* context to NULL because none of these extensions below will need to
* access it.
*/
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
"example comment extension");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
"www.openssl.org");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
#if 0
/* might want something like this too.... */
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
"critical,CA:TRUE");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
#endif
#ifdef CUSTOM_EXT
/* Maybe even add our own extension based on existing */
{
int nid;
nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
X509V3_EXT_add_alias(nid, NID_netscape_comment);
ex = X509V3_EXT_conf_nid(NULL, NULL, nid, "example comment alias");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
}
#endif
if (!X509_sign(x, pk, EVP_md5()))
goto err;
*x509p = x;
*pkeyp = pk;
return (1);
err:
return (0);
}

15
openssl-1.0.2f/demos/sign/Makefile Normal file
View File

@@ -0,0 +1,15 @@
CC=cc
CFLAGS= -g -I../../include -Wall
LIBS= -L../.. -lcrypto
EXAMPLES=sign
all: $(EXAMPLES)
sign: sign.o
$(CC) -o sign sign.o $(LIBS)
clean:
rm -f $(EXAMPLES) *.o
test: all
./sign

14
openssl-1.0.2f/demos/sign/cert.pem Normal file
View File

@@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
-----END CERTIFICATE-----

9
openssl-1.0.2f/demos/sign/key.pem Normal file
View File

@@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
-----END RSA PRIVATE KEY-----

158
openssl-1.0.2f/demos/sign/sig.txt Normal file
View File

@@ -0,0 +1,158 @@
From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996
Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782
(5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000
Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)
Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 11:44:51 +1000 (EST)
Received: by minbne.mincom.oz.au id AA22230
(5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000
Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <ssl-users@mincom.com>; Mon, 30 Sep 1996 11:40:07 +1000
Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100
Date: Mon, 30 Sep 1996 01:37:40 +0100
Message-Id: <199609300037.BAA08729@brutus.neuronio.pt>
From: Sampo Kellomaki <sampo@neuronio.pt>
To: ssl-users@mincom.com
Cc: sampo@brutus.neuronio.pt
Subject: Signing with envelope routines
Sender: ssl-lists-owner@mincom.com
Precedence: bulk
Status: RO
X-Status: D
I have been trying to figure out how to produce signatures with EVP_
routines. I seem to be able to read in private key and sign some
data ok, but I can't figure out how I am supposed to read in
public key so that I could verify my signature. I use self signed
certificate.
I figured I should use
EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
fp, NULL, NULL);
to read in private key and this seems to work Ok.
However when I try analogous
EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
fp, NULL, NULL);
the program fails with
error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93
error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232
I figured that the second argument to PEM_ASN1_read should match the
name in my PEM encoded object, hence PEM_STRING_X509.
PEM_STRING_EVP_PKEY seems to be somehow magical
because it matches whatever private key there happens to be. I could
not find a similar constant to use with getting the certificate, however.
Is my approach of using PEM_ASN1_read correct? What should I pass in
as name? Can I use normal (or even self signed) X509 certificate for
verifying the signature?
When will SSLeay documentation be written ;-)? If I would contribute
comments to the code, would Eric take time to review them and include
them in distribution?
I'm using SSLeay-0.6.4. My program is included below along with the
key and cert that I use.
--Sampo
-----------------------------------
/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
#include <stdio.h>
#include "rsa.h"
#include "evp.h"
#include "objects.h"
#include "x509.h"
#include "err.h"
#include "pem.h"
#include "ssl.h"
void main ()
{
int err;
int sig_len;
unsigned char sig_buf [4096];
const char certfile[] = "plain-cert.pem";
const char keyfile[] = "plain-key.pem";
const char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY* pkey;
FILE* fp;
SSL_load_error_strings();
/* Read private key */
fp = fopen (keyfile, "r"); if (fp == NULL) exit (1);
pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
PEM_STRING_EVP_PKEY,
fp,
NULL, NULL);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Do the signature */
EVP_SignInit (&md_ctx, EVP_md5());
EVP_SignUpdate (&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal (&md_ctx,
sig_buf,
&sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
/* Read public key */
fp = fopen (certfile, "r"); if (fp == NULL) exit (1);
pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,
PEM_STRING_X509,
fp,
NULL, NULL);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Verify the signature */
EVP_VerifyInit (&md_ctx, EVP_md5());
EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
err = EVP_VerifyFinal (&md_ctx,
sig_buf,
sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
printf ("Signature Verified Ok.\n");
}
/* EOF */
--------------- plain-cert.pem -----------------
-----BEGIN CERTIFICATE-----
MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
-----END CERTIFICATE-----
---------------- plain-key.pem -----------------
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
-----END RSA PRIVATE KEY-----
------------------------------------------------

160
openssl-1.0.2f/demos/sign/sign.c Normal file
View File

@@ -0,0 +1,160 @@
/* demos/sign/sign.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/*
* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
* 29.9.1996, Sampo Kellomaki <sampo@iki.fi>
*/
/* converted to C - eay :-) */
/*
* reformated a bit and converted to use the more common functions: this was
* initially written at the dawn of time :-) - Steve.
*/
#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
int main()
{
int err;
int sig_len;
unsigned char sig_buf[4096];
static char certfile[] = "cert.pem";
static char keyfile[] = "key.pem";
static char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY *pkey;
FILE *fp;
X509 *x509;
/*
* Just load the crypto library error strings, SSL_load_error_strings()
* loads the crypto AND the SSL ones
*/
/* SSL_load_error_strings(); */
ERR_load_crypto_strings();
/* Read private key */
fp = fopen(keyfile, "r");
if (fp == NULL)
exit(1);
pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
fclose(fp);
if (pkey == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Do the signature */
EVP_SignInit(&md_ctx, EVP_sha1());
EVP_SignUpdate(&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey);
if (err != 1) {
ERR_print_errors_fp(stderr);
exit(1);
}
EVP_PKEY_free(pkey);
/* Read public key */
fp = fopen(certfile, "r");
if (fp == NULL)
exit(1);
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
fclose(fp);
if (x509 == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Get public key - eay */
pkey = X509_get_pubkey(x509);
if (pkey == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
/* Verify the signature */
EVP_VerifyInit(&md_ctx, EVP_sha1());
EVP_VerifyUpdate(&md_ctx, data, strlen((char *)data));
err = EVP_VerifyFinal(&md_ctx, sig_buf, sig_len, pkey);
EVP_PKEY_free(pkey);
if (err != 1) {
ERR_print_errors_fp(stderr);
exit(1);
}
printf("Signature Verified Ok.\n");
return (0);
}

170
openssl-1.0.2f/demos/sign/sign.txt Normal file
View File

@@ -0,0 +1,170 @@
From ssl-lists-owner@mincom.com Mon Sep 30 22:43:15 1996
Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802
(5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000
Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST)
Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 12:43:39 +1000 (EST)
Received: by orb.mincom.oz.au id AA12688
(5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000
Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST)
From: Eric Young <eay@mincom.com>
X-Sender: eay@orb
To: Sampo Kellomaki <sampo@neuronio.pt>
Cc: ssl-users@mincom.com, sampo@brutus.neuronio.pt
Subject: Re: Signing with envelope routines
In-Reply-To: <199609300037.BAA08729@brutus.neuronio.pt>
Message-Id: <Pine.SOL.3.91.960930121504.11800Y-100000@orb>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: ssl-lists-owner@mincom.com
Precedence: bulk
Status: O
X-Status:
On Mon, 30 Sep 1996, Sampo Kellomaki wrote:
> I have been trying to figure out how to produce signatures with EVP_
> routines. I seem to be able to read in private key and sign some
> data ok, but I can't figure out how I am supposed to read in
> public key so that I could verify my signature. I use self signed
> certificate.
hmm... a rather poorly documented are of the library at this point in time.
> I figured I should use
> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
> fp, NULL, NULL);
> to read in private key and this seems to work Ok.
>
> However when I try analogous
> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
> fp, NULL, NULL);
What you should do is
X509 *x509=PEM_read_X509(fp,NULL,NULL);
/* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp,
* NULL,NULL); */
Then
EVP_PKEY *pkey=X509_extract_key(x509);
There is also a X509_REQ_extract_key(req);
which gets the public key from a certificate request.
I re-worked quite a bit of this when I cleaned up the dependancy on
RSA as the private key.
> I figured that the second argument to PEM_ASN1_read should match the
> name in my PEM encoded object, hence PEM_STRING_X509.
> PEM_STRING_EVP_PKEY seems to be somehow magical
> because it matches whatever private key there happens to be. I could
> not find a similar constant to use with getting the certificate, however.
:-), PEM_STRING_EVP_PKEY is 'magical' :-). In theory I should be using a
standard such as PKCS#8 to store the private key so that the type is
encoded in the asn.1 encoding of the object.
> Is my approach of using PEM_ASN1_read correct? What should I pass in
> as name? Can I use normal (or even self signed) X509 certificate for
> verifying the signature?
The actual public key is kept in the certificate, so basically you have
to load the certificate and then 'unpack' the public key from the
certificate.
> When will SSLeay documentation be written ;-)? If I would contribute
> comments to the code, would Eric take time to review them and include
> them in distribution?
:-) After SSLv3 and PKCS#7 :-). I actually started doing a function list
but what I really need to do is do quite a few 'this is how you do xyz'
type documents. I suppose the current method is to post to ssl-users and
I'll respond :-).
I'll add a 'demo' directory for the next release, I've appended a
modified version of your program that works, you were very close :-).
eric
/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
/* converted to C - eay :-) */
#include <stdio.h>
#include "rsa.h"
#include "evp.h"
#include "objects.h"
#include "x509.h"
#include "err.h"
#include "pem.h"
#include "ssl.h"
void main ()
{
int err;
int sig_len;
unsigned char sig_buf [4096];
static char certfile[] = "plain-cert.pem";
static char keyfile[] = "plain-key.pem";
static char data[] = "I owe you...";
EVP_MD_CTX md_ctx;
EVP_PKEY * pkey;
FILE * fp;
X509 * x509;
/* Just load the crypto library error strings,
* SSL_load_error_strings() loads the crypto AND the SSL ones */
/* SSL_load_error_strings();*/
ERR_load_crypto_strings();
/* Read private key */
fp = fopen (keyfile, "r"); if (fp == NULL) exit (1);
pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
PEM_STRING_EVP_PKEY,
fp,
NULL, NULL);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Do the signature */
EVP_SignInit (&md_ctx, EVP_md5());
EVP_SignUpdate (&md_ctx, data, strlen(data));
sig_len = sizeof(sig_buf);
err = EVP_SignFinal (&md_ctx,
sig_buf,
&sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
/* Read public key */
fp = fopen (certfile, "r"); if (fp == NULL) exit (1);
x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
PEM_STRING_X509,
fp, NULL, NULL);
if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); }
fclose (fp);
/* Get public key - eay */
pkey=X509_extract_key(x509);
if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
/* Verify the signature */
EVP_VerifyInit (&md_ctx, EVP_md5());
EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
err = EVP_VerifyFinal (&md_ctx,
sig_buf,
sig_len,
pkey);
if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
EVP_PKEY_free (pkey);
printf ("Signature Verified Ok.\n");
}

18
openssl-1.0.2f/demos/smime/cacert.pem Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3
WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD
aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN
RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz
i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR
ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT
jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx
CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B
SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD
VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB
ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc
G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo
u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF
1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw==
-----END CERTIFICATE-----

15
openssl-1.0.2f/demos/smime/cakey.pem Normal file
View File

@@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd
c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3
dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB
AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5
HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs
tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS
rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18
9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u
jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is
uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU
+VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP
wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW
8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg==
-----END RSA PRIVATE KEY-----

3
openssl-1.0.2f/demos/smime/encr.txt Normal file
View File

@@ -0,0 +1,3 @@
Content-type: text/plain
Sample OpenSSL Data for PKCS#7 encryption

3
openssl-1.0.2f/demos/smime/sign.txt Normal file
View File

@@ -0,0 +1,3 @@
Content-type: text/plain
Test OpenSSL Signed Content

32
openssl-1.0.2f/demos/smime/signer.pem Normal file
View File

@@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
+Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
lDiQlgX0JtmLgA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
-----END RSA PRIVATE KEY-----

32
openssl-1.0.2f/demos/smime/signer2.pem Normal file
View File

@@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0
WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl
bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ
jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW
ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW
GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X
h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4
aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR
2aX6rl2JEuJ5Yg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM
nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f
nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB
AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF
6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2
CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf
m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX
2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr
upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4
ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL
SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk
gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX
pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A=
-----END RSA PRIVATE KEY-----

78
openssl-1.0.2f/demos/smime/smdec.c Normal file
View File

@@ -0,0 +1,78 @@
/* Simple S/MIME signing example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
EVP_PKEY *rkey = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!rcert || !rkey)
goto err;
/* Open content being signed */
in = BIO_new_file("smencr.txt", "r");
if (!in)
goto err;
/* Sign content */
p7 = SMIME_read_PKCS7(in, NULL);
if (!p7)
goto err;
out = BIO_new_file("encrout.txt", "w");
if (!out)
goto err;
/* Decrypt S/MIME message */
if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (rkey)
EVP_PKEY_free(rkey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

92
openssl-1.0.2f/demos/smime/smenc.c Normal file
View File

@@ -0,0 +1,92 @@
/* Simple S/MIME encrypt example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *rcert = NULL;
STACK_OF(X509) *recips = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
/*
* On OpenSSL 0.9.9 only:
* for streaming set PKCS7_STREAM
*/
int flags = PKCS7_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in recipient certificate */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
if (!rcert)
goto err;
/* Create recipient STACK and add recipient cert to it */
recips = sk_X509_new_null();
if (!recips || !sk_X509_push(recips, rcert))
goto err;
/*
* sk_X509_pop_free will free up recipient STACK and its contents so set
* rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
/* Open content being encrypted */
in = BIO_new_file("encr.txt", "r");
if (!in)
goto err;
/* encrypt content */
p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
if (!p7)
goto err;
out = BIO_new_file("smencr.txt", "w");
if (!out)
goto err;
/* Write out S/MIME message */
if (!SMIME_write_PKCS7(out, p7, in, flags))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Encrypting Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (rcert)
X509_free(rcert);
if (recips)
sk_X509_pop_free(recips, X509_free);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

88
openssl-1.0.2f/demos/smime/smsign.c Normal file
View File

@@ -0,0 +1,88 @@
/* Simple S/MIME signing example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL;
EVP_PKEY *skey = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
/*
* For simple S/MIME signing use PKCS7_DETACHED. On OpenSSL 0.9.9 only:
* for streaming detached set PKCS7_DETACHED|PKCS7_STREAM for streaming
* non-detached set PKCS7_STREAM
*/
int flags = PKCS7_DETACHED | PKCS7_STREAM;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Read in signer certificate and private key */
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!scert || !skey)
goto err;
/* Open content being signed */
in = BIO_new_file("sign.txt", "r");
if (!in)
goto err;
/* Sign content */
p7 = PKCS7_sign(scert, skey, NULL, in, flags);
if (!p7)
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
if (!(flags & PKCS7_STREAM))
BIO_reset(in);
/* Write out S/MIME message */
if (!SMIME_write_PKCS7(out, p7, in, flags))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

102
openssl-1.0.2f/demos/smime/smsign2.c Normal file
View File

@@ -0,0 +1,102 @@
/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL;
X509 *scert = NULL, *scert2 = NULL;
EVP_PKEY *skey = NULL, *skey2 = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
tbio = BIO_new_file("signer.pem", "r");
if (!tbio)
goto err;
scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
BIO_free(tbio);
tbio = BIO_new_file("signer2.pem", "r");
if (!tbio)
goto err;
scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
BIO_reset(tbio);
skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
if (!scert2 || !skey2)
goto err;
in = BIO_new_file("sign.txt", "r");
if (!in)
goto err;
p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM | PKCS7_PARTIAL);
if (!p7)
goto err;
/* Add each signer in turn */
if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0))
goto err;
if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0))
goto err;
out = BIO_new_file("smout.txt", "w");
if (!out)
goto err;
/* NB: content included and finalized by SMIME_write_PKCS7 */
if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM))
goto err;
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Signing Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (scert)
X509_free(scert);
if (skey)
EVP_PKEY_free(skey);
if (scert2)
X509_free(scert2);
if (skey)
EVP_PKEY_free(skey2);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

85
openssl-1.0.2f/demos/smime/smver.c Normal file
View File

@@ -0,0 +1,85 @@
/* Simple S/MIME verification example */
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/err.h>
int main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
X509_STORE *st = NULL;
X509 *cacert = NULL;
PKCS7 *p7 = NULL;
int ret = 1;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Set up trusted CA certificate store */
st = X509_STORE_new();
/* Read in signer certificate and private key */
tbio = BIO_new_file("cacert.pem", "r");
if (!tbio)
goto err;
cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
if (!cacert)
goto err;
if (!X509_STORE_add_cert(st, cacert))
goto err;
/* Open content being signed */
in = BIO_new_file("smout.txt", "r");
if (!in)
goto err;
/* Sign content */
p7 = SMIME_read_PKCS7(in, &cont);
if (!p7)
goto err;
/* File to output verified content to */
out = BIO_new_file("smver.txt", "w");
if (!out)
goto err;
if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) {
fprintf(stderr, "Verification Failure\n");
goto err;
}
fprintf(stderr, "Verification Successful\n");
ret = 0;
err:
if (ret) {
fprintf(stderr, "Error Verifying Data\n");
ERR_print_errors_fp(stderr);
}
if (p7)
PKCS7_free(p7);
if (cacert)
X509_free(cacert);
if (in)
BIO_free(in);
if (out)
BIO_free(out);
if (tbio)
BIO_free(tbio);
return ret;
}

172
openssl-1.0.2f/demos/spkigen.c Normal file
View File

@@ -0,0 +1,172 @@
/* NOCW */
/*-
* demos/spkigen.c
* 18-Mar-1997 - eay - A quick hack :-)
* version 1.1, it would probably help to save or load the
* private key :-)
*/
#include <stdio.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/asn1.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
/*
* The following two don't exist in SSLeay but they are in here as examples
*/
#define PEM_write_SPKI(fp,x) \
PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\
(char *)x,NULL,NULL,0,NULL)
int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
/* These are defined in the next version of SSLeay */
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key);
#define RSA_F4 0x10001
#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
(char *)(rsa))
int main(argc, argv)
int argc;
char *argv[];
{
RSA *rsa = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
char buf[128];
int ok = 0, i;
FILE *fp;
pkey = EVP_PKEY_new();
if (argc < 2) {
/*
* Generate an RSA key, the random state should have been seeded with
* lots of calls to RAND_seed(....)
*/
fprintf(stderr, "generating RSA key, could take some time...\n");
if ((rsa = RSA_generate_key(512, RSA_F4, NULL)) == NULL)
goto err;
} else {
if ((fp = fopen(argv[1], "r")) == NULL) {
perror(argv[1]);
goto err;
}
if ((rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL)) == NULL)
goto err;
fclose(fp);
}
if (!EVP_PKEY_assign_RSA(pkey, rsa))
goto err;
rsa = NULL;
/* lets make the spki and set the public key and challenge */
if ((spki = NETSCAPE_SPKI_new()) == NULL)
goto err;
if (!SPKI_set_pubkey(spki, pkey))
goto err;
fprintf(stderr, "please enter challenge string:");
fflush(stderr);
buf[0] = '\0';
fgets(buf, sizeof buf, stdin);
i = strlen(buf);
if (i > 0)
buf[--i] = '\0';
if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge, buf, i))
goto err;
if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()))
goto err;
PEM_write_SPKI(stdout, spki);
if (argc < 2)
PEM_write_RSAPrivateKey(stdout, pkey->pkey.rsa, NULL, NULL, 0, NULL);
ok = 1;
err:
if (!ok) {
fprintf(stderr, "something bad happened....");
ERR_print_errors_fp(stderr);
}
NETSCAPE_SPKI_free(spki);
EVP_PKEY_free(pkey);
exit(!ok);
}
/* This function is in the next version of SSLeay */
int EVP_PKEY_assign(pkey, type, key)
EVP_PKEY *pkey;
int type;
char *key;
{
if (pkey == NULL)
return (0);
if (pkey->pkey.ptr != NULL) {
if (pkey->type == EVP_PKEY_RSA)
RSA_free(pkey->pkey.rsa);
/* else memory leak */
}
pkey->type = type;
pkey->pkey.ptr = key;
return (1);
}
/*
* While I have a X509_set_pubkey() and X509_REQ_set_pubkey(),
* SPKI_set_pubkey() does not currently exist so here is a version of it. The
* next SSLeay release will probably have X509_set_pubkey(),
* X509_REQ_set_pubkey() and NETSCAPE_SPKI_set_pubkey() as macros calling the
* same function
*/
int SPKI_set_pubkey(x, pkey)
NETSCAPE_SPKI *x;
EVP_PKEY *pkey;
{
int ok = 0;
X509_PUBKEY *pk;
X509_ALGOR *a;
ASN1_OBJECT *o;
unsigned char *s, *p;
int i;
if (x == NULL)
return (0);
if ((pk = X509_PUBKEY_new()) == NULL)
goto err;
a = pk->algor;
/* set the algorithm id */
if ((o = OBJ_nid2obj(pkey->type)) == NULL)
goto err;
ASN1_OBJECT_free(a->algorithm);
a->algorithm = o;
/* Set the parameter list */
if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
ASN1_TYPE_free(a->parameter);
a->parameter = ASN1_TYPE_new();
a->parameter->type = V_ASN1_NULL;
}
i = i2d_PublicKey(pkey, NULL);
if ((s = (unsigned char *)malloc(i + 1)) == NULL)
goto err;
p = s;
i2d_PublicKey(pkey, &p);
if (!ASN1_BIT_STRING_set(pk->public_key, s, i))
goto err;
free(s);
X509_PUBKEY_free(x->spkac->pubkey);
x->spkac->pubkey = pk;
pk = NULL;
ok = 1;
err:
if (pk != NULL)
X509_PUBKEY_free(pk);
return (ok);
}

110
openssl-1.0.2f/demos/ssl/cli.cpp Normal file
View File

@@ -0,0 +1,110 @@
/* cli.cpp - Minimal ssleay client for Unix
30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
Simplified to be even more minimal
12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
#include <stdio.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
void main ()
{
int err;
int sd;
struct sockaddr_in sa;
SSL_CTX* ctx;
SSL* ssl;
X509* server_cert;
char* str;
char buf [4096];
SSL_METHOD *meth;
SSLeay_add_ssl_algorithms();
meth = SSLv2_client_method();
SSL_load_error_strings();
ctx = SSL_CTX_new (meth); CHK_NULL(ctx);
CHK_SSL(err);
/* ----------------------------------------------- */
/* Create a socket and connect to server using normal socket calls. */
sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket");
memset (&sa, '\0', sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */
sa.sin_port = htons (1111); /* Server Port number */
err = connect(sd, (struct sockaddr*) &sa,
sizeof(sa)); CHK_ERR(err, "connect");
/* ----------------------------------------------- */
/* Now we have TCP conncetion. Start SSL negotiation. */
ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_connect (ssl); CHK_SSL(err);
/* Following two steps are optional and not required for
data exchange to be successful. */
/* Get the cipher - opt */
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get server's certificate (note: beware of dynamic allocation) - opt */
server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert);
printf ("Server certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (server_cert);
/* --------------------------------------------------- */
/* DATA EXCHANGE - Send a message and receive a reply. */
err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err);
err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
printf ("Got %d chars:'%s'\n", err, buf);
SSL_shutdown (ssl); /* send SSL/TLS close_notify */
/* Clean up. */
close (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - cli.cpp */

98
openssl-1.0.2f/demos/ssl/inetdsrv.cpp Normal file
View File

@@ -0,0 +1,98 @@
/* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf
* 30.9.1996, Sampo Kellomaki <sampo@iki.fi>
* From /etc/inetd.conf:
* 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
*/
#include <stdio.h>
#include <errno.h>
#include "rsa.h" /* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define HOME "/usr/users/sampo/demo/"
#define CERTF HOME "plain-cert.pem"
#define KEYF HOME "plain-key.pem"
#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) \
{ fprintf(log, "%s %d\n", (s), errno); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
void main ()
{
int err;
SSL_CTX* ctx;
SSL* ssl;
X509* client_cert;
char* str;
char buf [4096];
FILE* log;
log = fopen ("/dev/console", "a"); CHK_NULL(log);
fprintf (log, "inetdserv %ld\n", (long)getpid());
SSL_load_error_strings();
ctx = SSL_CTX_new (); CHK_NULL(ctx);
err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM);
CHK_SSL (err);
err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM);
CHK_SSL (err);
/* inetd has already opened the TCP connection, so we can get right
down to business. */
ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, fileno(stdin));
err = SSL_accept (ssl); CHK_SSL(err);
/* Get the cipher - opt */
fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get client's certificate (note: beware of dynamic allocation) - opt */
client_cert = SSL_get_peer_certificate (ssl);
if (client_cert != NULL) {
fprintf (log, "Client certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (client_cert));
CHK_NULL(str);
fprintf (log, "\t subject: %s\n", str);
OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert));
CHK_NULL(str);
fprintf (log, "\t issuer: %s\n", str);
OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (client_cert);
} else
fprintf (log, "Client doe not have certificate.\n");
/* ------------------------------------------------- */
/* DATA EXCHANGE: Receive message and send reply */
err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
fprintf (log, "Got %d chars:'%s'\n", err, buf);
err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear."));
CHK_SSL(err);
/* Clean up. */
fclose (log);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - inetdserv.cpp */

152
openssl-1.0.2f/demos/ssl/serv.cpp Normal file
View File

@@ -0,0 +1,152 @@
/* serv.cpp - Minimal ssleay server for Unix
30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
Simplified to be even more minimal
12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <memory.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <openssl/rsa.h> /* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
/* define HOME to be dir for key and cert files... */
#define HOME "./"
/* Make these what you want for cert & key files */
#define CERTF HOME "foo-cert.pem"
#define KEYF HOME "foo-cert.pem"
#define CHK_NULL(x) if ((x)==NULL) exit (1)
#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
void main ()
{
int err;
int listen_sd;
int sd;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
size_t client_len;
SSL_CTX* ctx;
SSL* ssl;
X509* client_cert;
char* str;
char buf [4096];
SSL_METHOD *meth;
/* SSL preliminaries. We keep the certificate and key with the context. */
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
meth = SSLv23_server_method();
ctx = SSL_CTX_new (meth);
if (!ctx) {
ERR_print_errors_fp(stderr);
exit(2);
}
if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(3);
}
if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
exit(4);
}
if (!SSL_CTX_check_private_key(ctx)) {
fprintf(stderr,"Private key does not match the certificate public key\n");
exit(5);
}
/* ----------------------------------------------- */
/* Prepare TCP socket for receiving connections */
listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket");
memset (&sa_serv, '\0', sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (1111); /* Server Port number */
err = bind(listen_sd, (struct sockaddr*) &sa_serv,
sizeof (sa_serv)); CHK_ERR(err, "bind");
/* Receive a TCP connection. */
err = listen (listen_sd, 5); CHK_ERR(err, "listen");
client_len = sizeof(sa_cli);
sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
CHK_ERR(sd, "accept");
close (listen_sd);
printf ("Connection from %lx, port %x\n",
sa_cli.sin_addr.s_addr, sa_cli.sin_port);
/* ----------------------------------------------- */
/* TCP connection is ready. Do server side SSL. */
ssl = SSL_new (ctx); CHK_NULL(ssl);
SSL_set_fd (ssl, sd);
err = SSL_accept (ssl); CHK_SSL(err);
/* Get the cipher - opt */
printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
/* Get client's certificate (note: beware of dynamic allocation) - opt */
client_cert = SSL_get_peer_certificate (ssl);
if (client_cert != NULL) {
printf ("Client certificate:\n");
str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t subject: %s\n", str);
OPENSSL_free (str);
str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
CHK_NULL(str);
printf ("\t issuer: %s\n", str);
OPENSSL_free (str);
/* We could do all sorts of certificate verification stuff here before
deallocating the certificate. */
X509_free (client_cert);
} else
printf ("Client does not have certificate.\n");
/* DATA EXCHANGE - Receive message and send reply. */
err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
buf[err] = '\0';
printf ("Got %d chars:'%s'\n", err, buf);
err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err);
/* Clean up. */
close (sd);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/* EOF - serv.cpp */

98
openssl-1.0.2f/demos/ssltest-ecc/ECC-RSAcertgen.sh Executable file
View File

@@ -0,0 +1,98 @@
#!/bin/sh
# For a list of supported curves, use "apps/openssl ecparam -list_curves".
# Path to the openssl distribution
OPENSSL_DIR=../..
# Path to the openssl program
OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
# Option to find configuration file
OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
# Directory where certificates are stored
CERTS_DIR=./Certs
# Directory where private key files are stored
KEYS_DIR=$CERTS_DIR
# Directory where combo files (containing a certificate and corresponding
# private key together) are stored
COMBO_DIR=$CERTS_DIR
# cat command
CAT=/bin/cat
# rm command
RM=/bin/rm
# mkdir command
MKDIR=/bin/mkdir
# The certificate will expire these many days after the issue date.
DAYS=1500
TEST_CA_FILE=rsa1024TestCA
TEST_SERVER_CURVE=sect163r1
TEST_SERVER_FILE=sect163r1-rsaTestServer
TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (sect163r1 key signed with RSA)"
TEST_CLIENT_CURVE=sect163r1
TEST_CLIENT_FILE=sect163r1-rsaTestClient
TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (sect163r1 key signed with RSA)"
# Generating an EC certificate involves the following main steps
# 1. Generating curve parameters (if needed)
# 2. Generating a certificate request
# 3. Signing the certificate request
# 4. [Optional] One can combine the cert and private key into a single
# file and also delete the certificate request
$MKDIR -p $CERTS_DIR
$MKDIR -p $KEYS_DIR
$MKDIR -p $COMBO_DIR
echo "GENERATING A TEST SERVER CERTIFICATE (ECC key signed with RSA)"
echo "=============================================================="
$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem
$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
-keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
-newkey ec:$TEST_SERVER_CURVE.pem -new \
-out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
$OPENSSL_CMD x509 -req -days $DAYS \
-in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
-CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
-CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
-out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
# Display the certificate
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
# Place the certificate and key in a common file
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
> $COMBO_DIR/$TEST_SERVER_FILE.pem
$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
# Remove the cert request file (no longer needed)
$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
echo "GENERATING A TEST CLIENT CERTIFICATE (ECC key signed with RSA)"
echo "=============================================================="
$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem
$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
-keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
-newkey ec:$TEST_CLIENT_CURVE.pem -new \
-out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
$OPENSSL_CMD x509 -req -days $DAYS \
-in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
-CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
-CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
-out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
# Display the certificate
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
# Place the certificate and key in a common file
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
> $COMBO_DIR/$TEST_CLIENT_FILE.pem
$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
# Remove the cert request file (no longer needed)
$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem

164
openssl-1.0.2f/demos/ssltest-ecc/ECCcertgen.sh Executable file
View File

@@ -0,0 +1,164 @@
#!/bin/sh
# For a list of supported curves, use "apps/openssl ecparam -list_curves".
# Path to the openssl distribution
OPENSSL_DIR=../..
# Path to the openssl program
OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
# Option to find configuration file
OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
# Directory where certificates are stored
CERTS_DIR=./Certs
# Directory where private key files are stored
KEYS_DIR=$CERTS_DIR
# Directory where combo files (containing a certificate and corresponding
# private key together) are stored
COMBO_DIR=$CERTS_DIR
# cat command
CAT=/bin/cat
# rm command
RM=/bin/rm
# mkdir command
MKDIR=/bin/mkdir
# The certificate will expire these many days after the issue date.
DAYS=1500
TEST_CA_CURVE=secp160r1
TEST_CA_FILE=secp160r1TestCA
TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (Elliptic curve secp160r1)"
TEST_SERVER_CURVE=secp160r2
TEST_SERVER_FILE=secp160r2TestServer
TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (Elliptic curve secp160r2)"
TEST_CLIENT_CURVE=secp160r2
TEST_CLIENT_FILE=secp160r2TestClient
TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (Elliptic curve secp160r2)"
# Generating an EC certificate involves the following main steps
# 1. Generating curve parameters (if needed)
# 2. Generating a certificate request
# 3. Signing the certificate request
# 4. [Optional] One can combine the cert and private key into a single
# file and also delete the certificate request
$MKDIR -p $CERTS_DIR
$MKDIR -p $KEYS_DIR
$MKDIR -p $COMBO_DIR
echo "Generating self-signed CA certificate (on curve $TEST_CA_CURVE)"
echo "==============================================================="
$OPENSSL_CMD ecparam -name $TEST_CA_CURVE -out $TEST_CA_CURVE.pem
# Generate a new certificate request in $TEST_CA_FILE.req.pem. A
# new ecdsa (actually ECC) key pair is generated on the parameters in
# $TEST_CA_CURVE.pem and the private key is saved in $TEST_CA_FILE.key.pem
# WARNING: By using the -nodes option, we force the private key to be
# stored in the clear (rather than encrypted with a password).
$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
-keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
-newkey ec:$TEST_CA_CURVE.pem -new \
-out $CERTS_DIR/$TEST_CA_FILE.req.pem
# Sign the certificate request in $TEST_CA_FILE.req.pem using the
# private key in $TEST_CA_FILE.key.pem and include the CA extension.
# Make the certificate valid for 1500 days from the time of signing.
# The certificate is written into $TEST_CA_FILE.cert.pem
$OPENSSL_CMD x509 -req -days $DAYS \
-in $CERTS_DIR/$TEST_CA_FILE.req.pem \
-extfile $OPENSSL_DIR/apps/openssl.cnf \
-extensions v3_ca \
-signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
-out $CERTS_DIR/$TEST_CA_FILE.cert.pem
# Display the certificate
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
# Place the certificate and key in a common file
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
> $COMBO_DIR/$TEST_CA_FILE.pem
$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
# Remove the cert request file (no longer needed)
$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
echo "GENERATING A TEST SERVER CERTIFICATE (on elliptic curve $TEST_SERVER_CURVE)"
echo "=========================================================================="
# Generate parameters for curve $TEST_SERVER_CURVE, if needed
$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem
# Generate a new certificate request in $TEST_SERVER_FILE.req.pem. A
# new ecdsa (actually ECC) key pair is generated on the parameters in
# $TEST_SERVER_CURVE.pem and the private key is saved in
# $TEST_SERVER_FILE.key.pem
# WARNING: By using the -nodes option, we force the private key to be
# stored in the clear (rather than encrypted with a password).
$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
-keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
-newkey ec:$TEST_SERVER_CURVE.pem -new \
-out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
# Sign the certificate request in $TEST_SERVER_FILE.req.pem using the
# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in
# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number
# file for this CA, create one. Make the certificate valid for $DAYS days
# from the time of signing. The certificate is written into
# $TEST_SERVER_FILE.cert.pem
$OPENSSL_CMD x509 -req -days $DAYS \
-in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
-CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
-CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
-out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
# Display the certificate
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
# Place the certificate and key in a common file
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
> $COMBO_DIR/$TEST_SERVER_FILE.pem
$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
# Remove the cert request file (no longer needed)
$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
echo "GENERATING A TEST CLIENT CERTIFICATE (on elliptic curve $TEST_CLIENT_CURVE)"
echo "=========================================================================="
# Generate parameters for curve $TEST_CLIENT_CURVE, if needed
$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem
# Generate a new certificate request in $TEST_CLIENT_FILE.req.pem. A
# new ecdsa (actually ECC) key pair is generated on the parameters in
# $TEST_CLIENT_CURVE.pem and the private key is saved in
# $TEST_CLIENT_FILE.key.pem
# WARNING: By using the -nodes option, we force the private key to be
# stored in the clear (rather than encrypted with a password).
$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
-keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
-newkey ec:$TEST_CLIENT_CURVE.pem -new \
-out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
# Sign the certificate request in $TEST_CLIENT_FILE.req.pem using the
# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in
# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number
# file for this CA, create one. Make the certificate valid for $DAYS days
# from the time of signing. The certificate is written into
# $TEST_CLIENT_FILE.cert.pem
$OPENSSL_CMD x509 -req -days $DAYS \
-in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
-CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
-CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
-out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
# Display the certificate
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
# Place the certificate and key in a common file
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
> $COMBO_DIR/$TEST_CLIENT_FILE.pem
$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
# Remove the cert request file (no longer needed)
$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem

15
openssl-1.0.2f/demos/ssltest-ecc/README Normal file
View File

@@ -0,0 +1,15 @@
Scripts for using ECC ciphersuites with test/testssl
(these ciphersuites are described in the Internet Draft available at
http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-03.txt).
Use ECCcertgen.sh, RSAcertgen.sh, ECC-RSAcertgen.sh to generate
root, client and server certs of the following types:
ECC certs signed with ECDSA
RSA certs signed with RSA
ECC certs signed with RSA
Afterwards, you can use ssltest.sh to run the various tests;
specify one of the following options:
aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa

121
openssl-1.0.2f/demos/ssltest-ecc/RSAcertgen.sh Executable file
View File

@@ -0,0 +1,121 @@
#!/bin/sh
# For a list of supported curves, use "apps/openssl ecparam -list_curves".
# Path to the openssl distribution
OPENSSL_DIR=../..
# Path to the openssl program
OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
# Option to find configuration file
OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
# Directory where certificates are stored
CERTS_DIR=./Certs
# Directory where private key files are stored
KEYS_DIR=$CERTS_DIR
# Directory where combo files (containing a certificate and corresponding
# private key together) are stored
COMBO_DIR=$CERTS_DIR
# cat command
CAT=/bin/cat
# rm command
RM=/bin/rm
# mkdir command
MKDIR=/bin/mkdir
# The certificate will expire these many days after the issue date.
DAYS=1500
TEST_CA_FILE=rsa1024TestCA
TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)"
TEST_SERVER_FILE=rsa1024TestServer
TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)"
TEST_CLIENT_FILE=rsa1024TestClient
TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)"
# Generating an EC certificate involves the following main steps
# 1. Generating curve parameters (if needed)
# 2. Generating a certificate request
# 3. Signing the certificate request
# 4. [Optional] One can combine the cert and private key into a single
# file and also delete the certificate request
$MKDIR -p $CERTS_DIR
$MKDIR -p $KEYS_DIR
$MKDIR -p $COMBO_DIR
echo "Generating self-signed CA certificate (RSA)"
echo "==========================================="
$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
-keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
-newkey rsa:1024 -new \
-out $CERTS_DIR/$TEST_CA_FILE.req.pem
$OPENSSL_CMD x509 -req -days $DAYS \
-in $CERTS_DIR/$TEST_CA_FILE.req.pem \
-extfile $OPENSSL_DIR/apps/openssl.cnf \
-extensions v3_ca \
-signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
-out $CERTS_DIR/$TEST_CA_FILE.cert.pem
# Display the certificate
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
# Place the certificate and key in a common file
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
> $COMBO_DIR/$TEST_CA_FILE.pem
$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
# Remove the cert request file (no longer needed)
$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
echo "GENERATING A TEST SERVER CERTIFICATE (RSA)"
echo "=========================================="
$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
-keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
-newkey rsa:1024 -new \
-out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
$OPENSSL_CMD x509 -req -days $DAYS \
-in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
-CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
-CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
-out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
# Display the certificate
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
# Place the certificate and key in a common file
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
> $COMBO_DIR/$TEST_SERVER_FILE.pem
$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
# Remove the cert request file (no longer needed)
$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)"
echo "=========================================="
$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
-keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
-newkey rsa:1024 -new \
-out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
$OPENSSL_CMD x509 -req -days $DAYS \
-in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
-CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
-CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
-out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
# Display the certificate
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
# Place the certificate and key in a common file
$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
> $COMBO_DIR/$TEST_CLIENT_FILE.pem
$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
# Remove the cert request file (no longer needed)
$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem

188
openssl-1.0.2f/demos/ssltest-ecc/ssltest.sh Executable file
View File

@@ -0,0 +1,188 @@
#! /bin/sh
# Tests ECC cipher suites using ssltest. Requires one argument which could
# be aecdh or ecdh-ecdsa or ecdhe-ecdsa or ecdh-rsa or ecdhe-rsa.
# A second optional argument can be one of ssl2 ssl3 or tls1
if [ "$1" = "" ]; then
(echo "Usage: $0 test [ protocol ]"
echo " where test is one of aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa"
echo " and protocol (optional) is one of ssl2, ssl3, tls1"
echo "Run RSAcertgen.sh, ECC-RSAcertgen.sh, ECCcertgen.sh first."
) >&2
exit 1
fi
OPENSSL_DIR=../..
CERTS_DIR=./Certs
SSLTEST=$OPENSSL_DIR/test/ssltest
# SSL protocol version to test (one of ssl2 ssl3 or tls1)"
SSLVERSION=
# These don't really require any certificates
AECDH_CIPHER_LIST="AECDH-AES256-SHA AECDH-AES128-SHA AECDH-DES-CBC3-SHA AECDH-RC4-SHA AECDH-NULL-SHA"
# These require ECC certificates signed with ECDSA
# The EC public key must be authorized for key agreement.
ECDH_ECDSA_CIPHER_LIST="ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA"
# These require ECC certificates.
# The EC public key must be authorized for digital signature.
ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-NULL-SHA"
# These require ECC certificates signed with RSA.
# The EC public key must be authorized for key agreement.
ECDH_RSA_CIPHER_LIST="ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA"
# These require RSA certificates.
# The RSA public key must be authorized for digital signature.
ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-NULL-SHA"
# List of Elliptic curves over which we wish to test generation of
# ephemeral ECDH keys when using AECDH or ECDHE ciphers
# NOTE: secp192r1 = prime192v1 and secp256r1 = prime256v1
#ELLIPTIC_CURVE_LIST="secp112r1 sect113r2 secp128r1 sect131r1 secp160k1 sect163r2 wap-wsg-idm-ecid-wtls7 c2pnb163v3 c2pnb176v3 c2tnb191v3 secp192r1 prime192v3 sect193r2 secp224r1 wap-wsg-idm-ecid-wtls10 sect239k1 prime239v2 secp256r1 prime256v1 sect283k1 secp384r1 sect409r1 secp521r1 sect571r1"
ELLIPTIC_CURVE_LIST="sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp160k1 secp160r1 secp160r2 secp192k1 prime192v1 secp224k1 secp224r1 secp256k1 prime256v1 secp384r1 secp521r1"
DEFAULT_CURVE="sect163r2"
if [ "$2" = "" ]; then
if [ "$SSL_VERSION" = "" ]; then
SSL_VERSION=""
else
SSL_VERSION="-$SSL_VERSION"
fi
else
SSL_VERSION="-$2"
fi
#==============================================================
# Anonymous cipher suites do not require key or certificate files
# but ssltest expects a cert file and complains if it can't
# open the default one.
SERVER_PEM=$OPENSSL_DIR/apps/server.pem
if [ "$1" = "aecdh" ]; then
for cipher in $AECDH_CIPHER_LIST
do
echo "Testing $cipher"
$SSLTEST $SSL_VERSION -cert $SERVER_PEM -cipher $cipher
done
#--------------------------------------------------------------
for curve in $ELLIPTIC_CURVE_LIST
do
echo "Testing AECDH-NULL-SHA (with $curve)"
$SSLTEST $SSL_VERSION -cert $SERVER_PEM \
-named_curve $curve -cipher AECDH-NULL-SHA
done
for curve in $ELLIPTIC_CURVE_LIST
do
echo "Testing AECDH-RC4-SHA (with $curve)"
$SSLTEST $SSL_VERSION -cert $SERVER_PEM \
-named_curve $curve -cipher AECDH-RC4-SHA
done
fi
#==============================================================
# Both ECDH-ECDSA and ECDHE-ECDSA cipher suites require
# the server to have an ECC certificate signed with ECDSA.
CA_PEM=$CERTS_DIR/secp160r1TestCA.pem
SERVER_PEM=$CERTS_DIR/secp160r2TestServer.pem
CLIENT_PEM=$CERTS_DIR/secp160r2TestClient.pem
if [ "$1" = "ecdh-ecdsa" ]; then
for cipher in $ECDH_ECDSA_CIPHER_LIST
do
echo "Testing $cipher (with server authentication)"
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-cipher $cipher
echo "Testing $cipher (with server and client authentication)"
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-c_cert $CLIENT_PEM -client_auth \
-cipher $cipher
done
fi
#==============================================================
if [ "$1" = "ecdhe-ecdsa" ]; then
for cipher in $ECDHE_ECDSA_CIPHER_LIST
do
echo "Testing $cipher (with server authentication)"
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-cipher $cipher -named_curve $DEFAULT_CURVE
echo "Testing $cipher (with server and client authentication)"
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-c_cert $CLIENT_PEM -client_auth \
-cipher $cipher -named_curve $DEFAULT_CURVE
done
#--------------------------------------------------------------
for curve in $ELLIPTIC_CURVE_LIST
do
echo "Testing ECDHE-ECDSA-AES128-SHA (2-way auth with $curve)"
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-c_cert $CLIENT_PEM -client_auth \
-cipher ECDHE-ECDSA-AES128-SHA -named_curve $curve
done
fi
#==============================================================
# ECDH-RSA cipher suites require the server to have an ECC
# certificate signed with RSA.
CA_PEM=$CERTS_DIR/rsa1024TestCA.pem
SERVER_PEM=$CERTS_DIR/sect163r1-rsaTestServer.pem
CLIENT_PEM=$CERTS_DIR/sect163r1-rsaTestClient.pem
if [ "$1" = "ecdh-rsa" ]; then
for cipher in $ECDH_RSA_CIPHER_LIST
do
echo "Testing $cipher (with server authentication)"
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-cipher $cipher
echo "Testing $cipher (with server and client authentication)"
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-c_cert $CLIENT_PEM -client_auth \
-cipher $cipher
done
fi
#==============================================================
# ECDHE-RSA cipher suites require the server to have an RSA cert.
CA_PEM=$CERTS_DIR/rsa1024TestCA.pem
SERVER_PEM=$CERTS_DIR/rsa1024TestServer.pem
CLIENT_PEM=$CERTS_DIR/rsa1024TestClient.pem
if [ "$1" = "ecdhe-rsa" ]; then
for cipher in $ECDHE_RSA_CIPHER_LIST
do
echo "Testing $cipher (with server authentication)"
echo $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-cipher $cipher -named_curve $DEFAULT_CURVE
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-cipher $cipher -named_curve $DEFAULT_CURVE
echo "Testing $cipher (with server and client authentication)"
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-c_cert $CLIENT_PEM -client_auth \
-cipher $cipher -named_curve $DEFAULT_CURVE
done
fi
#==============================================================

9
openssl-1.0.2f/demos/state_machine/Makefile Normal file
View File

@@ -0,0 +1,9 @@
CFLAGS=-I../../include -Wall -Werror -g
all: state_machine
state_machine: state_machine.o
$(CC) -o state_machine state_machine.o -L../.. -lssl -lcrypto
test: state_machine
./state_machine 10000 ../../apps/server.pem ../../apps/server.pem

407
openssl-1.0.2f/demos/state_machine/state_machine.c Normal file
View File

@@ -0,0 +1,407 @@
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* Nuron, a leader in hardware encryption technology, generously
* sponsored the development of this demo by Ben Laurie.
*
* See http://www.nuron.com/.
*/
/*
* the aim of this demo is to provide a fully working state-machine
* style SSL implementation, i.e. one where the main loop acquires
* some data, then converts it from or to SSL by feeding it into the
* SSL state machine. It then does any I/O required by the state machine
* and loops.
*
* In order to keep things as simple as possible, this implementation
* listens on a TCP socket, which it expects to get an SSL connection
* on (for example, from s_client) and from then on writes decrypted
* data to stdout and encrypts anything arriving on stdin. Verbose
* commentary is written to stderr.
*
* This implementation acts as a server, but it can also be done for a client. */
#include <openssl/ssl.h>
#include <assert.h>
#include <unistd.h>
#include <string.h>
#include <openssl/err.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
/*
* die_unless is intended to work like assert, except that it happens always,
* even if NDEBUG is defined. Use assert as a stopgap.
*/
#define die_unless(x) assert(x)
typedef struct {
SSL_CTX *pCtx;
BIO *pbioRead;
BIO *pbioWrite;
SSL *pSSL;
} SSLStateMachine;
void SSLStateMachine_print_error(SSLStateMachine * pMachine,
const char *szErr)
{
unsigned long l;
fprintf(stderr, "%s\n", szErr);
while ((l = ERR_get_error())) {
char buf[1024];
ERR_error_string_n(l, buf, sizeof buf);
fprintf(stderr, "Error %lx: %s\n", l, buf);
}
}
SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile,
const char *szKeyFile)
{
SSLStateMachine *pMachine = malloc(sizeof *pMachine);
int n;
die_unless(pMachine);
pMachine->pCtx = SSL_CTX_new(SSLv23_server_method());
die_unless(pMachine->pCtx);
n = SSL_CTX_use_certificate_file(pMachine->pCtx, szCertificateFile,
SSL_FILETYPE_PEM);
die_unless(n > 0);
n = SSL_CTX_use_PrivateKey_file(pMachine->pCtx, szKeyFile,
SSL_FILETYPE_PEM);
die_unless(n > 0);
pMachine->pSSL = SSL_new(pMachine->pCtx);
die_unless(pMachine->pSSL);
pMachine->pbioRead = BIO_new(BIO_s_mem());
pMachine->pbioWrite = BIO_new(BIO_s_mem());
SSL_set_bio(pMachine->pSSL, pMachine->pbioRead, pMachine->pbioWrite);
SSL_set_accept_state(pMachine->pSSL);
return pMachine;
}
void SSLStateMachine_read_inject(SSLStateMachine * pMachine,
const unsigned char *aucBuf, int nBuf)
{
int n = BIO_write(pMachine->pbioRead, aucBuf, nBuf);
/*
* If it turns out this assert fails, then buffer the data here and just
* feed it in in churn instead. Seems to me that it should be guaranteed
* to succeed, though.
*/
assert(n == nBuf);
fprintf(stderr, "%d bytes of encrypted data fed to state machine\n", n);
}
int SSLStateMachine_read_extract(SSLStateMachine * pMachine,
unsigned char *aucBuf, int nBuf)
{
int n;
if (!SSL_is_init_finished(pMachine->pSSL)) {
fprintf(stderr, "Doing SSL_accept\n");
n = SSL_accept(pMachine->pSSL);
if (n == 0)
fprintf(stderr, "SSL_accept returned zero\n");
if (n < 0) {
int err;
if ((err =
SSL_get_error(pMachine->pSSL, n)) == SSL_ERROR_WANT_READ) {
fprintf(stderr, "SSL_accept wants more data\n");
return 0;
}
SSLStateMachine_print_error(pMachine, "SSL_accept error");
exit(7);
}
return 0;
}
n = SSL_read(pMachine->pSSL, aucBuf, nBuf);
if (n < 0) {
int err = SSL_get_error(pMachine->pSSL, n);
if (err == SSL_ERROR_WANT_READ) {
fprintf(stderr, "SSL_read wants more data\n");
return 0;
}
SSLStateMachine_print_error(pMachine, "SSL_read error");
exit(8);
}
fprintf(stderr, "%d bytes of decrypted data read from state machine\n",
n);
return n;
}
int SSLStateMachine_write_can_extract(SSLStateMachine * pMachine)
{
int n = BIO_pending(pMachine->pbioWrite);
if (n)
fprintf(stderr, "There is encrypted data available to write\n");
else
fprintf(stderr, "There is no encrypted data available to write\n");
return n;
}
int SSLStateMachine_write_extract(SSLStateMachine * pMachine,
unsigned char *aucBuf, int nBuf)
{
int n;
n = BIO_read(pMachine->pbioWrite, aucBuf, nBuf);
fprintf(stderr, "%d bytes of encrypted data read from state machine\n",
n);
return n;
}
void SSLStateMachine_write_inject(SSLStateMachine * pMachine,
const unsigned char *aucBuf, int nBuf)
{
int n = SSL_write(pMachine->pSSL, aucBuf, nBuf);
/*
* If it turns out this assert fails, then buffer the data here and just
* feed it in in churn instead. Seems to me that it should be guaranteed
* to succeed, though.
*/
assert(n == nBuf);
fprintf(stderr, "%d bytes of unencrypted data fed to state machine\n", n);
}
int OpenSocket(int nPort)
{
int nSocket;
struct sockaddr_in saServer;
struct sockaddr_in saClient;
int one = 1;
int nSize;
int nFD;
int nLen;
nSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (nSocket < 0) {
perror("socket");
exit(1);
}
if (setsockopt
(nSocket, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof one) < 0) {
perror("setsockopt");
exit(2);
}
memset(&saServer, 0, sizeof saServer);
saServer.sin_family = AF_INET;
saServer.sin_port = htons(nPort);
nSize = sizeof saServer;
if (bind(nSocket, (struct sockaddr *)&saServer, nSize) < 0) {
perror("bind");
exit(3);
}
if (listen(nSocket, 512) < 0) {
perror("listen");
exit(4);
}
nLen = sizeof saClient;
nFD = accept(nSocket, (struct sockaddr *)&saClient, &nLen);
if (nFD < 0) {
perror("accept");
exit(5);
}
fprintf(stderr, "Incoming accepted on port %d\n", nPort);
return nFD;
}
int main(int argc, char **argv)
{
SSLStateMachine *pMachine;
int nPort;
int nFD;
const char *szCertificateFile;
const char *szKeyFile;
char rbuf[1];
int nrbuf = 0;
if (argc != 4) {
fprintf(stderr, "%s <port> <certificate file> <key file>\n", argv[0]);
exit(6);
}
nPort = atoi(argv[1]);
szCertificateFile = argv[2];
szKeyFile = argv[3];
SSL_library_init();
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
ERR_load_crypto_strings();
nFD = OpenSocket(nPort);
pMachine = SSLStateMachine_new(szCertificateFile, szKeyFile);
for (;;) {
fd_set rfds, wfds;
unsigned char buf[1024];
int n;
FD_ZERO(&rfds);
FD_ZERO(&wfds);
/* Select socket for input */
FD_SET(nFD, &rfds);
/* check whether there's decrypted data */
if (!nrbuf)
nrbuf = SSLStateMachine_read_extract(pMachine, rbuf, 1);
/* if there's decrypted data, check whether we can write it */
if (nrbuf)
FD_SET(1, &wfds);
/* Select socket for output */
if (SSLStateMachine_write_can_extract(pMachine))
FD_SET(nFD, &wfds);
/* Select stdin for input */
FD_SET(0, &rfds);
/* Wait for something to do something */
n = select(nFD + 1, &rfds, &wfds, NULL, NULL);
assert(n > 0);
/* Socket is ready for input */
if (FD_ISSET(nFD, &rfds)) {
n = read(nFD, buf, sizeof buf);
if (n == 0) {
fprintf(stderr, "Got EOF on socket\n");
exit(0);
}
assert(n > 0);
SSLStateMachine_read_inject(pMachine, buf, n);
}
/* stdout is ready for output (and hence we have some to send it) */
if (FD_ISSET(1, &wfds)) {
assert(nrbuf == 1);
buf[0] = rbuf[0];
nrbuf = 0;
n = SSLStateMachine_read_extract(pMachine, buf + 1,
sizeof buf - 1);
if (n < 0) {
SSLStateMachine_print_error(pMachine, "read extract failed");
break;
}
assert(n >= 0);
++n;
if (n > 0) { /* FIXME: has to be true now */
int w;
w = write(1, buf, n);
/* FIXME: we should push back any unwritten data */
assert(w == n);
}
}
/*
* Socket is ready for output (and therefore we have output to send)
*/
if (FD_ISSET(nFD, &wfds)) {
int w;
n = SSLStateMachine_write_extract(pMachine, buf, sizeof buf);
assert(n > 0);
w = write(nFD, buf, n);
/* FIXME: we should push back any unwritten data */
assert(w == n);
}
/* Stdin is ready for input */
if (FD_ISSET(0, &rfds)) {
n = read(0, buf, sizeof buf);
if (n == 0) {
fprintf(stderr, "Got EOF on stdin\n");
exit(0);
}
assert(n > 0);
SSLStateMachine_write_inject(pMachine, buf, n);
}
}
/* not reached */
return 0;
}

Some files were not shown because too many files have changed in this diff Show More