diff options
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/asn1pars.c | 61 | ||||
| -rw-r--r-- | apps/ca-cert.srl | 2 | ||||
| -rw-r--r-- | apps/ca.c | 39 | ||||
| -rw-r--r-- | apps/cert.der | bin | 0 -> 380 bytes | |||
| -rw-r--r-- | apps/crl.c | 5 | ||||
| -rw-r--r-- | apps/dgst.c | 2 | ||||
| -rw-r--r-- | apps/dsaparam.c | 21 | ||||
| -rw-r--r-- | apps/g_ssleay.pl | 2 | ||||
| -rw-r--r-- | apps/gmon.out | bin | 0 -> 260700 bytes | |||
| -rw-r--r-- | apps/mklinks | 2 | ||||
| -rw-r--r-- | apps/oid.cnf | 6 | ||||
| -rw-r--r-- | apps/openssl.c | 1 | ||||
| -rw-r--r-- | apps/openssl.cnf | 3 | ||||
| -rw-r--r-- | apps/privkey.pem | 25 | ||||
| -rw-r--r-- | apps/progs.h | 1 | ||||
| -rw-r--r-- | apps/progs.pl | 2 | ||||
| -rw-r--r-- | apps/req.c | 23 | ||||
| -rw-r--r-- | apps/rmlinks | 2 | ||||
| -rw-r--r-- | apps/rsa/01.pem | 15 | ||||
| -rw-r--r-- | apps/rsa/1.txt | 50 | ||||
| -rw-r--r-- | apps/rsa/SecureServer.pem | 47 | ||||
| -rw-r--r-- | apps/rsa/s.txt | 49 | ||||
| -rw-r--r-- | apps/s_cb.c | 5 | ||||
| -rw-r--r-- | apps/s_client.c | 14 | ||||
| -rw-r--r-- | apps/s_server.c | 40 | ||||
| -rw-r--r-- | apps/s_time.c | 3 | ||||
| -rw-r--r-- | apps/sc.c | 780 | ||||
| -rw-r--r-- | apps/server.pem | 14 | ||||
| -rw-r--r-- | apps/sess_id.c | 5 | ||||
| -rw-r--r-- | apps/speed.c | 23 | ||||
| -rw-r--r-- | apps/ssleay.c | 1 | ||||
| -rw-r--r-- | apps/ssleay.cnf | 3 | ||||
| -rw-r--r-- | apps/verify.c | 1 | ||||
| -rw-r--r-- | apps/version.c | 9 | ||||
| -rw-r--r-- | apps/x509.c | 83 |
35 files changed, 1233 insertions, 106 deletions
diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 3d38228..edeffaa 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -56,6 +56,10 @@ * [including the GNU Public Licence.] */ +/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to + * add the -strparse option which parses nested binarary structures + */ + #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -65,11 +69,6 @@ #include "x509.h" #include "pem.h" -#define FORMAT_UNDEF 0 -#define FORMAT_ASN1 1 -#define FORMAT_TEXT 2 -#define FORMAT_PEM 3 - /* -inform arg - input format - default PEM (DER or PEM) * -in arg - input file - default stdin * -i - indent the details by depth @@ -85,13 +84,16 @@ int MAIN(argc, argv) int argc; char **argv; { - int i,badops=0,offset=0,ret=1; + int i,badops=0,offset=0,ret=1,j; unsigned int length=0; - long num; + long num,tmplen; BIO *in=NULL,*out=NULL,*b64=NULL; int informat,indent=0; char *infile=NULL,*str=NULL,*prog,*oidfile=NULL; + unsigned char *tmpbuf; BUF_MEM *buf=NULL; + STACK *osk=NULL; + ASN1_TYPE *at=NULL; informat=FORMAT_PEM; @@ -104,6 +106,11 @@ char **argv; prog=argv[0]; argc--; argv++; + if ((osk=sk_new_null()) == NULL) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto end; + } while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) @@ -136,6 +143,11 @@ char **argv; length= atoi(*(++argv)); if (length == 0) goto bad; } + else if (strcmp(*argv,"-strparse") == 0) + { + if (--argc < 1) goto bad; + sk_push(osk,*(++argv)); + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -157,6 +169,9 @@ bad: BIO_printf(bio_err," -length arg lenth of section in file\n"); BIO_printf(bio_err," -i indent entries\n"); BIO_printf(bio_err," -oid file file of extra oid definitions\n"); + BIO_printf(bio_err," -strparse offset\n"); + BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); + BIO_printf(bio_err," ASN1 blob wrappings\n"); goto end; } @@ -218,6 +233,36 @@ bad: } str=buf->data; + /* If any structs to parse go through in sequence */ + + if (sk_num(osk)) + { + tmpbuf=(unsigned char *)str; + tmplen=num; + for (i=0; i<sk_num(osk); i++) + { + j=atoi(sk_value(osk,i)); + if (j == 0) + { + BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i)); + continue; + } + tmpbuf+=j; + tmplen-=j; + if (d2i_ASN1_TYPE(&at,&tmpbuf,tmplen) == NULL) + { + BIO_printf(bio_err,"Error parsing structure\n"); + ERR_print_errors(bio_err); + goto end; + } + /* hmm... this is a little evil but it works */ + tmpbuf=at->value.asn1_string->data; + tmplen=at->value.asn1_string->length; + } + str=(char *)tmpbuf; + num=tmplen; + } + if (length == 0) length=(unsigned int)num; if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent)) { @@ -232,6 +277,8 @@ end: if (ret != 0) ERR_print_errors(bio_err); if (buf != NULL) BUF_MEM_free(buf); + if (at != NULL) ASN1_TYPE_free(at); + if (osk != NULL) sk_free(osk); OBJ_cleanup(); EXIT(ret); } diff --git a/apps/ca-cert.srl b/apps/ca-cert.srl index 75016ea..eeee65e 100644 --- a/apps/ca-cert.srl +++ b/apps/ca-cert.srl @@ -1 +1 @@ -03 +05 @@ -431,6 +431,29 @@ bad: } } + if (conf != NULL) + { + p=CONF_get_string(conf,NULL,"oid_file"); + if (p != NULL) + { + BIO *oid_bio; + + oid_bio=BIO_new_file(p,"r"); + if (oid_bio == NULL) + { + /* + BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); + ERR_print_errors(bio_err); + */ + } + else + { + OBJ_create_objects(oid_bio); + BIO_free(oid_bio); + } + } + } + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); Sout=BIO_new(BIO_s_file()); @@ -490,6 +513,12 @@ bad: goto err; } + if (!X509_check_private_key(x509,pkey)) + { + BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); + goto err; + } + f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) preserve=1; @@ -700,7 +729,7 @@ bad: } if (verbose) { - if ((f=BN_bn2ascii(serial)) == NULL) goto err; + if ((f=BN_bn2hex(serial)) == NULL) goto err; BIO_printf(bio_err,"next serial number is %s\n",f); Free(f); } @@ -1273,7 +1302,7 @@ int verbose; if (i == 0) { ok=0; - BIO_printf(bio_err,"Signature did not match the certificate request\n"); + BIO_printf(bio_err,"Signature did not match the certificate\n"); goto err; } else @@ -1530,7 +1559,7 @@ again2: BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n"); row[DB_name]=X509_NAME_oneline(subject,NULL,0); - row[DB_serial]=BN_bn2ascii(serial); + row[DB_serial]=BN_bn2hex(serial); if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { BIO_printf(bio_err,"Malloc failure\n"); @@ -1661,6 +1690,8 @@ again2: } } + if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1(); + #ifndef NO_DSA pktmp=X509_get_pubkey(ret); if (EVP_PKEY_missing_parameters(pktmp) && @@ -2022,7 +2053,7 @@ char *sec; default: BIO_printf(bio_err,"Don't know how to pack extension %s\n",cv->name); goto err; - break; + /* break; */ } if ((x=X509_EXTENSION_create_by_NID(NULL,nid,0,str)) == NULL) diff --git a/apps/cert.der b/apps/cert.der Binary files differnew file mode 100644 index 0000000..58d9fd8 --- /dev/null +++ b/apps/cert.der @@ -71,11 +71,6 @@ #undef POSTFIX #define POSTFIX ".rvk" -#define FORMAT_UNDEF 0 -#define FORMAT_ASN1 1 -#define FORMAT_TEXT 2 -#define FORMAT_PEM 3 - static char *crl_usage[]={ "usage: crl args\n", "\n", diff --git a/apps/dgst.c b/apps/dgst.c index eea291d..86d60c5 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -146,6 +146,8 @@ char **argv; LN_sha,LN_sha); BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", LN_mdc2,LN_mdc2); + BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + LN_ripemd160,LN_ripemd160); err=1; goto end; } diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 6e99289..de1d0cc 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -80,6 +80,7 @@ * -text * -C * -noout + * -genkey */ #ifndef NOPROTO @@ -97,7 +98,7 @@ char **argv; BIO *in=NULL,*out=NULL; int informat,outformat,noout=0,C=0,ret=1; char *infile,*outfile,*prog,*inrand=NULL; - int numbits= -1,num; + int numbits= -1,num,genkey=0; char buffer[200],*randfile=NULL; apps_startup(); @@ -140,6 +141,8 @@ char **argv; text=1; else if (strcmp(*argv,"-C") == 0) C=1; + else if (strcmp(*argv,"-genkey") == 0) + genkey=1; else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -315,6 +318,22 @@ bad: goto end; } } + if (genkey) + { + DSA *dsakey; + + if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end; + if (!DSA_generate_key(dsakey)) goto end; + if (outformat == FORMAT_ASN1) + i=i2d_DSAPrivateKey_bio(out,dsakey); + else if (outformat == FORMAT_PEM) + i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL); + else { + BIO_printf(bio_err,"bad output format specified for outfile\n"); + goto end; + } + DSA_free(dsakey); + } ret=0; end: if (in != NULL) BIO_free(in); diff --git a/apps/g_ssleay.pl b/apps/g_ssleay.pl index cd05fe6..4c63e86 100644 --- a/apps/g_ssleay.pl +++ b/apps/g_ssleay.pl @@ -49,7 +49,7 @@ foreach (@ARGV) { print $str; } } -foreach ("md2","md5","sha","sha1","mdc2") +foreach ("md2","md5","sha","sha1","mdc2","rmd160") { push(@files,$_); printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_; diff --git a/apps/gmon.out b/apps/gmon.out Binary files differnew file mode 100644 index 0000000..abab8b9 --- /dev/null +++ b/apps/gmon.out diff --git a/apps/mklinks b/apps/mklinks index 55a56b3..d9be1c3 100644 --- a/apps/mklinks +++ b/apps/mklinks @@ -1,5 +1,5 @@ #!/bin/sh -for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb +for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 rmd160 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb do echo making symlink for $i /bin/rm -f $i diff --git a/apps/oid.cnf b/apps/oid.cnf new file mode 100644 index 0000000..faf425a --- /dev/null +++ b/apps/oid.cnf @@ -0,0 +1,6 @@ +2.99999.1 SET.ex1 SET x509v3 extension 1 +2.99999.2 SET.ex2 SET x509v3 extension 2 +2.99999.3 SET.ex3 SET x509v3 extension 3 +2.99999.4 SET.ex4 SET x509v3 extension 4 +2.99999.5 SET.ex5 SET x509v3 extension 5 +2.99999.6 SET.ex6 SET x509v3 extension 6 diff --git a/apps/openssl.c b/apps/openssl.c index eac411b..739a0e8 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -241,6 +241,7 @@ end: ERR_remove_state(0); EVP_cleanup(); + ERR_free_strings(); CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 0b3bfa6..2621d90 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -4,6 +4,7 @@ # RANDFILE = $ENV::HOME/.rnd +oid_file = $ENV::HOME/.oid #################################################################### [ ca ] @@ -90,6 +91,8 @@ commonName_max = 64 emailAddress = Email Address emailAddress_max = 40 +SET-ex3 = SET extension number 3 + [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 diff --git a/apps/privkey.pem b/apps/privkey.pem index b567e41..0af4647 100644 --- a/apps/privkey.pem +++ b/apps/privkey.pem @@ -1,11 +1,18 @@ ------BEGIN DSA PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,1BF8E9CE60B9941C +DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF -JuhgIvVRrxCRedTTC9ABlIByMsq6IcpqyDZwOPS4rxTtVWvjj1BMHtoCebK7CKMZ -dLsvztfSkdAYmTGK62C73RwlmnMxB4JXhTLaoAX2eL9iylojTWRg+/0Y4rbIKmUe -hrmwrHld7vnfE9XHL8OoaFp6aJ8BB9B8HIfdJMnrNcTWJSGS6gYPTWPdm7ZCykEV -2fFEX6IqWjBjaRm36Esj5mHLRVhBbi2n/jy5IhZeqjEsQ8adYGUulzPSe5xc2JZa -+OO4ch/RRqWTFP59eNPfdke3UE7uNlUhPnYDAOXhSdMJBzI+T9RQXU2y/tMOrYYK -3+jNQcQ9q1Xy1s5dz/BOvw== ------END DSA PRIVATE KEY----- +6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9 +Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo +F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3 +XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE +jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy +vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh +JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf +PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM +POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS +gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz +8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v +Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC +dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw== +-----END RSA PRIVATE KEY----- diff --git a/apps/progs.h b/apps/progs.h index ec00396..578bfcf 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -118,6 +118,7 @@ FUNCTION functions[] = { {FUNC_TYPE_MD,"sha",dgst_main}, {FUNC_TYPE_MD,"sha1",dgst_main}, {FUNC_TYPE_MD,"mdc2",dgst_main}, + {FUNC_TYPE_MD,"rmd160",dgst_main}, {FUNC_TYPE_CIPHER,"base64",enc_main}, #ifndef NO_DES {FUNC_TYPE_CIPHER,"des",enc_main}, diff --git a/apps/progs.pl b/apps/progs.pl index cd05fe6..4c63e86 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -49,7 +49,7 @@ foreach (@ARGV) { print $str; } } -foreach ("md2","md5","sha","sha1","mdc2") +foreach ("md2","md5","sha","sha1","mdc2","rmd160") { push(@files,$_); printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_; @@ -392,6 +392,29 @@ bad: } } + if (req_conf != NULL) + { + p=CONF_get_string(req_conf,NULL,"oid_file"); + if (p != NULL) + { + BIO *oid_bio; + + oid_bio=BIO_new_file(p,"r"); + if (oid_bio == NULL) + { + /* + BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); + ERR_print_errors(bio_err); + */ + } + else + { + OBJ_create_objects(oid_bio); + BIO_free(oid_bio); + } + } + } + if ((md_alg == NULL) && ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL)) { diff --git a/apps/rmlinks b/apps/rmlinks index 7c4f898..0056736 100644 --- a/apps/rmlinks +++ b/apps/rmlinks @@ -1,5 +1,5 @@ #!/bin/sh -for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb +for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 rmd160 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb do echo removing $i /bin/rm -f $i diff --git a/apps/rsa/01.pem b/apps/rsa/01.pem new file mode 100644 index 0000000..36ec575 --- /dev/null +++ b/apps/rsa/01.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4 +MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV +BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0 +cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv +bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb +qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU +MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D +gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/ +LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k +Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq +Pjrmw2eSgbdmmdumWAcNPVbV +-----END CERTIFICATE----- diff --git a/apps/rsa/1.txt b/apps/rsa/1.txt new file mode 100644 index 0000000..95a862e --- /dev/null +++ b/apps/rsa/1.txt @@ -0,0 +1,50 @@ +issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Validity + Not Before: May 18 00:00:00 1998 GMT + Not After : May 18 23:59:59 1999 GMT + Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e: + d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3: + 83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40: + 11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a: + ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb: + f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61: + 75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df: + 51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5: + b0:91:2d:85:ad:2a:1c:e7:f7 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe: + d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9: + e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37: + 6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5: + 7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05: + 1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e: + 3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5 +-----BEGIN CERTIFICATE----- +MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4 +MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV +BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0 +cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv +bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb +qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU +MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D +gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/ +LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k +Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq +Pjrmw2eSgbdmmdumWAcNPVbV +-----END CERTIFICATE----- diff --git a/apps/rsa/SecureServer.pem b/apps/rsa/SecureServer.pem new file mode 100644 index 0000000..7c8ffb2 --- /dev/null +++ b/apps/rsa/SecureServer.pem @@ -0,0 +1,47 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0 + Signature Algorithm: md2WithRSAEncryption + Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Validity + Not Before: Nov 9 00:00:00 1994 GMT + Not After : Jan 7 23:59:59 2010 GMT + Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1000 bit) + Modulus (1000 bit): + 00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25: + 01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03: + e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86: + 37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9: + 4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07: + 65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48: + b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49: + 54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5: + dd:2d:d6:c8:1e:7b + Exponent: 65537 (0x10001) + Signature Algorithm: md2WithRSAEncryption + 65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3: + c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5: + b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49: + c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b: + 4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39: + 16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04: + f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50 +-----BEGIN CERTIFICATE----- +MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0 +MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV +BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy +dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ +ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII +0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI +uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI +hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3 +YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc +1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA== +-----END CERTIFICATE----- diff --git a/apps/rsa/s.txt b/apps/rsa/s.txt new file mode 100644 index 0000000..7de7e07 --- /dev/null +++ b/apps/rsa/s.txt @@ -0,0 +1,49 @@ +issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0 + Signature Algorithm: md2WithRSAEncryption + Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Validity + Not Before: Nov 9 00:00:00 1994 GMT + Not After : Jan 7 23:59:59 2010 GMT + Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1000 bit) + Modulus (1000 bit): + 00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25: + 01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03: + e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86: + 37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9: + 4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07: + 65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48: + b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49: + 54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5: + dd:2d:d6:c8:1e:7b + Exponent: 65537 (0x10001) + Signature Algorithm: md2WithRSAEncryption + 65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3: + c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5: + b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49: + c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b: + 4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39: + 16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04: + f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50 +-----BEGIN CERTIFICATE----- +MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0 +MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV +BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy +dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ +ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII +0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI +uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI +hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3 +YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc +1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA== +-----END CERTIFICATE----- diff --git a/apps/s_cb.c b/apps/s_cb.c index cd086bb..7fa855c 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -130,8 +130,10 @@ char *key_file; { if (cert_file != NULL) { + /* SSL *ssl; X509 *x509; + */ if (SSL_CTX_use_certificate_file(ctx,cert_file, SSL_FILETYPE_PEM) <= 0) @@ -149,6 +151,8 @@ char *key_file; return(0); } + /* + In theory this is no longer needed ssl=SSL_new(ctx); x509=SSL_get_certificate(ssl); @@ -156,6 +160,7 @@ char *key_file; EVP_PKEY_copy_parameters(X509_get_pubkey(x509), SSL_get_privatekey(ssl)); SSL_free(ssl); + */ /* If we are using DSA, we can copy the parameters from * the private key */ diff --git a/apps/s_client.c b/apps/s_client.c index e783eb7..e0cb245 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -131,7 +131,7 @@ static void sc_usage() BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'ssleay ciphers'\n"); - BIO_printf(bio_err," command to se what is available\n"); + BIO_printf(bio_err," command to see what is available\n"); } @@ -551,7 +551,15 @@ re_start: #ifdef RENEG { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } } #endif +#if 1 k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ ); +#else +/* Demo for pending and peek :-) */ + k=SSL_read(con,sbuf,16); +{ char zbuf[10240]; +printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240)); +} +#endif switch (SSL_get_error(con,k)) { @@ -588,7 +596,7 @@ re_start: case SSL_ERROR_SSL: ERR_print_errors(bio_err); goto shut; - break; + /* break; */ } } @@ -658,7 +666,7 @@ int full; sk=SSL_get_peer_cert_chain(s); if (sk != NULL) { - BIO_printf(bio,"---\nCertficate chain\n"); + BIO_printf(bio,"---\nCertificate chain\n"); for (i=0; i<sk_num(sk); i++) { X509_NAME_oneline(X509_get_subject_name((X509 *) diff --git a/apps/s_server.c b/apps/s_server.c index 5012ef2..c9651b8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -136,7 +136,8 @@ static DH *get_dh512() /* static int load_CA(SSL_CTX *ctx, char *file);*/ #undef BUFSIZZ -#define BUFSIZZ 8*1024 +#define BUFSIZZ 16*1024 +static int bufsize=32; static int accept_socket= -1; #define TEST_CERT "server.pem" @@ -562,7 +563,7 @@ int s; SSL *con=NULL; BIO *sbio; - if ((buf=Malloc(BUFSIZZ)) == NULL) + if ((buf=Malloc(bufsize)) == NULL) { BIO_printf(bio_err,"out of memory\n"); goto err; @@ -614,7 +615,7 @@ int s; if (i <= 0) continue; if (FD_ISSET(fileno(stdin),&readfds)) { - i=read(fileno(stdin),buf,128/*BUFSIZZ*/); + i=read(fileno(stdin),buf,bufsize); if (!s_quiet) { if ((i <= 0) || (buf[0] == 'Q')) @@ -641,7 +642,7 @@ int s; printf("SSL_do_handshake -> %d\n",i); i=0; /*13; */ continue; - strcpy(buf,"server side RE-NEGOTIATE\n"); + /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ } if ((buf[0] == 'R') && ((buf[1] == '\0') || (buf[1] == '\r'))) @@ -653,7 +654,7 @@ int s; printf("SSL_do_handshake -> %d\n",i); i=0; /* 13; */ continue; - strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); + /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ } if (buf[0] == 'P') { @@ -688,7 +689,7 @@ int s; ERR_print_errors(bio_err); ret=1; goto err; - break; + /* break; */ case SSL_ERROR_ZERO_RETURN: BIO_printf(bio_s_out,"DONE\n"); ret=1; @@ -718,12 +719,14 @@ int s; } else { - i=SSL_read(con,(char *)buf,128 /*BUFSIZZ */); +again: + i=SSL_read(con,(char *)buf,bufsize); switch (SSL_get_error(con,i)) { case SSL_ERROR_NONE: write(fileno(stdout),buf, (unsigned int)i); + if (SSL_pending(con)) goto again; break; case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: @@ -755,7 +758,7 @@ err: BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); if (buf != NULL) { - memset(buf,0,BUFSIZZ); + memset(buf,0,bufsize); Free(buf); } if (ret >= 0) @@ -820,6 +823,10 @@ SSL *con; str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); + if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & + TLS1_FLAGS_TLS_PADDING_BUG) + BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); + return(1); } @@ -865,7 +872,7 @@ static int www_body(hostname, s) char *hostname; int s; { - char buf[1024]; + char *buf=NULL; int ret=1; int i,j,k,blank,dot; struct stat st_buf; @@ -874,6 +881,8 @@ int s; BIO *io,*ssl_bio,*sbio; long total_bytes; + buf=Malloc(bufsize); + if (buf == NULL) return(0); io=BIO_new(BIO_f_buffer()); ssl_bio=BIO_new(BIO_f_ssl()); if ((io == NULL) || (ssl_bio == NULL)) goto err; @@ -891,7 +900,7 @@ int s; #endif /* lets make the output buffer a reasonable size */ - if (!BIO_set_write_buffer_size(io,253 /*16*1024*/)) goto err; + if (!BIO_set_write_buffer_size(io,bufsize)) goto err; if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err; @@ -937,14 +946,14 @@ int s; case SSL_ERROR_ZERO_RETURN: ret=1; goto err; - break; + /* break; */ } SSL_renegotiate(con); SSL_write(con,NULL,0); } - i=BIO_gets(io,buf,sizeof(buf)-1); + i=BIO_gets(io,buf,bufsize-1); if (i < 0) /* error */ { if (!BIO_should_retry(io)) @@ -1004,7 +1013,7 @@ int s; BIO_puts(io,"\n"); } BIO_puts(io,"\n"); - p=SSL_get_shared_ciphers(con,buf,sizeof(buf)); + p=SSL_get_shared_ciphers(con,buf,bufsize); if (p != NULL) { BIO_printf(io,"---\nCiphers common between both SSL end points:\n"); @@ -1129,9 +1138,10 @@ int s; total_bytes=0; for (;;) { - i=BIO_read(file,buf,1024); + i=BIO_read(file,buf,bufsize); if (i <= 0) break; +#ifdef RENEG total_bytes+=i; fprintf(stderr,"%d\n",i); if (total_bytes > 3*1024) @@ -1140,6 +1150,7 @@ int s; fprintf(stderr,"RENEGOTIATE\n"); SSL_renegotiate(con); } +#endif for (j=0; j<i; ) { @@ -1194,6 +1205,7 @@ err: if (ret >= 0) BIO_printf(bio_s_out,"ACCEPT\n"); + if (buf != NULL) Free(buf); if (io != NULL) BIO_free_all(io); /* if (ssl_bio != NULL) BIO_free(ssl_bio);*/ return(ret); diff --git a/apps/s_time.c b/apps/s_time.c index 7571c20..02f54f9 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -111,7 +111,8 @@ struct tms { #include <sys/select.h> #endif -#ifdef sun +#if defined(sun) || defined(__ultrix) +#define _POSIX_SOURCE #include <limits.h> #include <sys/param.h> #endif diff --git a/apps/sc.c b/apps/sc.c new file mode 100644 index 0000000..0c00c37 --- /dev/null +++ b/apps/sc.c @@ -0,0 +1,780 @@ +/* apps/s_client.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#define USE_SOCKETS +#ifdef NO_STDIO +#define APPS_WIN16 +#endif +#include "apps.h" +#include "x509.h" +#include "ssl.h" +#include "err.h" +#include "pem.h" +#include "s_apps.h" + +#ifdef WINDOWS +/* Most of the #if(n)def WINDOWS put in by Gerrit van Niekerk + <gerritvn@osi.co.za> to support the keyboard under Windows. + Tested using Win95, *should* work with NT and Win3.x +*/ +#include <conio.h> +#endif + +#undef PROG +#define PROG s_client_main + +/*#define SSL_HOST_NAME "www.netscape.com" */ +/*#define SSL_HOST_NAME "193.118.187.102" */ +#define SSL_HOST_NAME "localhost" + +/*#define TEST_CERT "client.pem" */ /* no default cert. */ + +#undef BUFSIZZ +#define BUFSIZZ 1024*8 + +extern int verify_depth; +extern int verify_error; + +#ifdef FIONBIO +static int c_nbio=0; +#endif +static int c_Pause=0; +static int c_debug=0; + +#ifndef NOPROTO +static void sc_usage(void); +static void print_stuff(BIO *berr,SSL *con,int full); +#else +static void sc_usage(); +static void print_stuff(); +#endif + +static BIO *bio_c_out=NULL; +static int c_quiet=0; + +static void sc_usage() + { + BIO_printf(bio_err,"usage: client args\n"); + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err," -host host - use -connect instead\n"); + BIO_printf(bio_err," -port port - use -connect instead\n"); + BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); + + BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); + BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n"); + BIO_printf(bio_err," not specified but cert file is.\n"); + BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); + BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err," -debug - extra output\n"); + BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); + BIO_printf(bio_err," -state - print the 'ssl' states\n"); +#ifdef FIONBIO + BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); +#endif + BIO_printf(bio_err," -quiet - no s_client output\n"); + BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); + BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); + BIO_printf(bio_err," -tls1 - just use TLSv1\n"); + BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); + BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); + BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'ssleay ciphers'\n"); + BIO_printf(bio_err," command to see what is available\n"); + + } + +int MAIN(argc, argv) +int argc; +char **argv; + { + int off=0; + SSL *con=NULL,*con2=NULL; + int s,k,width,state=0; + char *cbuf=NULL,*sbuf=NULL; + int cbuf_len,cbuf_off; + int sbuf_len,sbuf_off; + fd_set readfds,writefds; + short port=PORT; + int full_log=1; + char *host=SSL_HOST_NAME; + char *cert_file=NULL,*key_file=NULL; + char *CApath=NULL,*CAfile=NULL,*cipher=NULL; + int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; + int write_tty,read_tty,write_ssl,read_ssl,tty_on; + SSL_CTX *ctx=NULL; + int ret=1,in_init=1,i,nbio_test=0; + SSL_METHOD *meth=NULL; + BIO *sbio; + /*static struct timeval timeout={10,0};*/ + +#if !defined(NO_SSL2) && !defined(NO_SSL3) + meth=SSLv23_client_method(); +#elif !defined(NO_SSL3) + meth=SSLv3_client_method(); +#elif !defined(NO_SSL2) + meth=SSLv2_client_method(); +#endif + + apps_startup(); + c_Pause=0; + c_quiet=0; + c_debug=0; + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) || + ((sbuf=Malloc(BUFSIZZ)) == NULL)) + { + BIO_printf(bio_err,"out of memory\n"); + goto end; + } + + verify_depth=0; + verify_error=X509_V_OK; +#ifdef FIONBIO + c_nbio=0; +#endif +#ifdef WINDOWS + c_nbio = 1; +#endif + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-host") == 0) + { + if (--argc < 1) goto bad; + host= *(++argv); + } + else if (strcmp(*argv,"-port") == 0) + { + if (--argc < 1) goto bad; + port=atoi(*(++argv)); + if (port == 0) goto bad; + } + else if (strcmp(*argv,"-connect") == 0) + { + if (--argc < 1) goto bad; + if (!extract_host_port(*(++argv),&host,NULL,&port)) + goto bad; + } + else if (strcmp(*argv,"-verify") == 0) + { + verify=SSL_VERIFY_PEER; + if (--argc < 1) goto bad; + verify_depth=atoi(*(++argv)); + BIO_printf(bio_err,"verify depth is %d\n",verify_depth); + } + else if (strcmp(*argv,"-cert") == 0) + { + if (--argc < 1) goto bad; + cert_file= *(++argv); + } + else if (strcmp(*argv,"-quiet") == 0) + c_quiet=1; + else if (strcmp(*argv,"-pause") == 0) + c_Pause=1; + else if (strcmp(*argv,"-debug") == 0) + c_debug=1; + else if (strcmp(*argv,"-nbio_test") == 0) + nbio_test=1; + else if (strcmp(*argv,"-state") == 0) + state=1; +#ifndef NO_SSL2 + else if (strcmp(*argv,"-ssl2") == 0) + meth=SSLv2_client_method(); +#endif +#ifndef NO_SSL3 + else if (strcmp(*argv,"-ssl3") == 0) + meth=SSLv3_client_method(); +#endif +#ifndef NO_TLS1 + else if (strcmp(*argv,"-tls1") == 0) + meth=TLSv1_client_method(); +#endif + else if (strcmp(*argv,"-bugs") == 0) + bugs=1; + else if (strcmp(*argv,"-key") == 0) + { + if (--argc < 1) goto bad; + key_file= *(++argv); + } + else if (strcmp(*argv,"-reconnect") == 0) + { + reconnect=5; + } + else if (strcmp(*argv,"-CApath") == 0) + { + if (--argc < 1) goto bad; + CApath= *(++argv); + } + else if (strcmp(*argv,"-CAfile") == 0) + { + if (--argc < 1) goto bad; + CAfile= *(++argv); + } + else if (strcmp(*argv,"-no_tls1") == 0) + off|=SSL_OP_NO_TLSv1; + else if (strcmp(*argv,"-no_ssl3") == 0) + off|=SSL_OP_NO_SSLv3; + else if (strcmp(*argv,"-no_ssl2") == 0) + off|=SSL_OP_NO_SSLv2; + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; + cipher= *(++argv); + } +#ifdef FIONBIO + else if (strcmp(*argv,"-nbio") == 0) + { c_nbio=1; } +#endif + else + { + BIO_printf(bio_err,"unknown option %s\n",*argv); + badop=1; + break; + } + argc--; + argv++; + } + if (badop) + { +bad: + sc_usage(); + goto end; + } + + if (bio_c_out == NULL) + { + if (c_quiet) + { + bio_c_out=BIO_new(BIO_s_null()); + } + else + { + if (bio_c_out == NULL) + bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE); + } + } + + SSLeay_add_ssl_algorithms(); + ctx=SSL_CTX_new(meth); + if (ctx == NULL) + { + ERR_print_errors(bio_err); + goto end; + } + + if (bugs) + SSL_CTX_set_options(ctx,SSL_OP_ALL|off); + else + SSL_CTX_set_options(ctx,off); + + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + if (cipher != NULL) + SSL_CTX_set_cipher_list(ctx,cipher); +#if 0 + else + SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER")); +#endif + + SSL_CTX_set_verify(ctx,verify,verify_callback); + if (!set_cert_stuff(ctx,cert_file,key_file)) + goto end; + + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx))) + { + /* BIO_printf(bio_err,"error seting default verify locations\n"); */ + ERR_print_errors(bio_err); + /* goto end; */ + } + + SSL_load_error_strings(); + + con=(SSL *)SSL_new(ctx); +/* SSL_set_cipher_list(con,"RC4-MD5"); */ + +re_start: + + if (init_client(&s,host,port) == 0) + { + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); + SHUTDOWN(s); + goto end; + } + BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s); + +#ifdef FIONBIO + if (c_nbio) + { + unsigned long l=1; + BIO_printf(bio_c_out,"turning on non blocking io\n"); + if (BIO_socket_ioctl(s,FIONBIO,&l) < 0) + { + ERR_print_errors(bio_err); + goto end; + } + } +#endif + if (c_Pause & 0x01) con->debug=1; + sbio=BIO_new_socket(s,BIO_NOCLOSE); + + if (nbio_test) + { + BIO *test; + + test=BIO_new(BIO_f_nbio_test()); + sbio=BIO_push(test,sbio); + } + + if (c_debug) + { + con->debug=1; + BIO_set_callback(sbio,bio_dump_cb); + BIO_set_callback_arg(sbio,bio_c_out); + } + + SSL_set_bio(con,sbio,sbio); + SSL_set_connect_state(con); + + /* ok, lets connect */ + width=SSL_get_fd(con)+1; + + read_tty=1; + write_tty=0; + tty_on=0; + read_ssl=1; + write_ssl=1; + + cbuf_len=0; + cbuf_off=0; + sbuf_len=0; + sbuf_off=0; + + for (;;) + { + FD_ZERO(&readfds); + FD_ZERO(&writefds); + + if (SSL_in_init(con) && !SSL_total_renegotiations(con)) + { + in_init=1; + tty_on=0; + } + else + { + tty_on=1; + if (in_init) + { + in_init=0; + print_stuff(bio_c_out,con,full_log); + if (full_log > 0) full_log--; + + if (reconnect) + { + reconnect--; + BIO_printf(bio_c_out,"drop connection and then reconnect\n"); + SSL_shutdown(con); + SSL_set_connect_state(con); + SHUTDOWN(SSL_get_fd(con)); + goto re_start; + } + } + } + +#ifndef WINDOWS + if (tty_on) + { + if (read_tty) FD_SET(fileno(stdin),&readfds); + if (write_tty) FD_SET(fileno(stdout),&writefds); + } +#endif + if (read_ssl) + FD_SET(SSL_get_fd(con),&readfds); + if (write_ssl) + FD_SET(SSL_get_fd(con),&writefds); + +/* printf("mode tty(%d %d%d) ssl(%d%d)\n", + tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ + +#ifndef WINDOWS + i=select(width,&readfds,&writefds,NULL,NULL); + if ( i < 0) + { + BIO_printf(bio_err,"bad select %d\n", + get_last_socket_error()); + goto shut; + /* goto end; */ + } + + if (FD_ISSET(SSL_get_fd(con),&writefds)) +#else + if (write_ssl) +#endif + { + k=SSL_write(con,&(cbuf[cbuf_off]), + (unsigned int)cbuf_len); + switch (SSL_get_error(con,k)) + { + case SSL_ERROR_NONE: + cbuf_off+=k; + cbuf_len-=k; + if (k <= 0) goto end; + /* we have done a write(con,NULL,0); */ + if (cbuf_len <= 0) + { + read_tty=1; + write_ssl=0; + } + else /* if (cbuf_len > 0) */ + { + read_tty=0; + write_ssl=1; + } + break; + case SSL_ERROR_WANT_WRITE: +#ifndef WINDOWS + BIO_printf(bio_c_out,"write W BLOCK\n"); +#endif + write_ssl=1; + read_tty=0; + break; + case SSL_ERROR_WANT_READ: +#ifndef WINDOWS + BIO_printf(bio_c_out,"write R BLOCK\n"); +#endif + write_tty=0; + read_ssl=1; + write_ssl=0; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_c_out,"write X BLOCK\n"); + break; + case SSL_ERROR_ZERO_RETURN: + if (cbuf_len != 0) + { + BIO_printf(bio_c_out,"shutdown\n"); + goto shut; + } + else + { + read_tty=1; + write_ssl=0; + break; + } + + case SSL_ERROR_SYSCALL: + if ((k != 0) || (cbuf_len != 0)) + { + BIO_printf(bio_err,"write:errno=%d\n", + get_last_socket_error()); + goto shut; + } + else + { + read_tty=1; + write_ssl=0; + } + break; + case SSL_ERROR_SSL: + ERR_print_errors(bio_err); + goto shut; + } + } +#ifndef WINDOWS + else if (FD_ISSET(fileno(stdout),&writefds)) +#else + else if (tty_on && write_tty) +#endif + { + i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len); + + if (i <= 0) + { + BIO_printf(bio_c_out,"DONE\n"); + goto shut; + /* goto end; */ + } + + sbuf_len-=i;; + sbuf_off+=i; + if (sbuf_len <= 0) + { + read_ssl=1; + write_tty=0; + } + } +#ifndef WINDOWS + else if (FD_ISSET(SSL_get_fd(con),&readfds)) +#else + if (read_ssl) +#endif + { +#ifdef RENEG +{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } } +#endif + k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ ); + + switch (SSL_get_error(con,k)) + { + case SSL_ERROR_NONE: + if (k <= 0) + goto end; + sbuf_off=0; + sbuf_len=k; + + read_ssl=0; + write_tty=1; + break; + case SSL_ERROR_WANT_WRITE: +#ifndef WINDOWS + BIO_printf(bio_c_out,"read W BLOCK\n"); +#endif + write_ssl=1; + read_tty=0; + break; + case SSL_ERROR_WANT_READ: +#ifndef WINDOWS + BIO_printf(bio_c_out,"read R BLOCK\n"); +#endif + write_tty=0; + read_ssl=1; + if ((read_tty == 0) && (write_ssl == 0)) + write_ssl=1; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_printf(bio_c_out,"read X BLOCK\n"); + break; + case SSL_ERROR_SYSCALL: + BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error()); + goto shut; + case SSL_ERROR_ZERO_RETURN: + BIO_printf(bio_c_out,"closed\n"); + goto shut; + case SSL_ERROR_SSL: + ERR_print_errors(bio_err); + goto shut; + break; + } + } + +#ifndef WINDOWS + else if (FD_ISSET(fileno(stdin),&readfds)) + { + i=read(fileno(stdin),cbuf,BUFSIZZ); +#else + if (tty_on && read_tty && _kbhit()) + { + i = 1; + cbuf[0] = _getch(); +#endif + + if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q'))) + { + BIO_printf(bio_err,"DONE\n"); + goto shut; + } + + if ((!c_quiet) && (cbuf[0] == 'R')) + { + SSL_renegotiate(con); + read_tty=0; + write_ssl=1; + } + else + { + cbuf_len=i; + cbuf_off=0; + } + + read_tty=0; + write_ssl=1; + } + } +shut: + SSL_shutdown(con); + SHUTDOWN(SSL_get_fd(con)); + ret=0; +end: + if (con != NULL) SSL_free(con); + if (con2 != NULL) SSL_free(con2); + if (ctx != NULL) SSL_CTX_free(ctx); + if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); } + if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); } + if (bio_c_out != NULL) + { + BIO_free(bio_c_out); + bio_c_out=NULL; + } + EXIT(ret); + } + + +static void print_stuff(bio,s,full) +BIO *bio; +SSL *s; +int full; + { + X509 *peer=NULL; + char *p; + static char *space=" "; + char buf[BUFSIZ]; + STACK *sk; + SSL_CIPHER *c; + X509_NAME *xn; + int j,i; + + if (full) + { + sk=SSL_get_peer_cert_chain(s); + if (sk != NULL) + { + BIO_printf(bio,"---\nCertificate chain\n"); + for (i=0; i<sk_num(sk); i++) + { + X509_NAME_oneline(X509_get_subject_name((X509 *) + sk_value(sk,i)),buf,BUFSIZ); + BIO_printf(bio,"%2d s:%s\n",i,buf); + X509_NAME_oneline(X509_get_issuer_name((X509 *) + sk_value(sk,i)),buf,BUFSIZ); + BIO_printf(bio," i:%s\n",buf); + } + } + + BIO_printf(bio,"---\n"); + peer=SSL_get_peer_certificate(s); + if (peer != NULL) + { + BIO_printf(bio,"Server certificate\n"); + PEM_write_bio_X509(bio,peer); + X509_NAME_oneline(X509_get_subject_name(peer), + buf,BUFSIZ); + BIO_printf(bio,"subject=%s\n",buf); + X509_NAME_oneline(X509_get_issuer_name(peer), + buf,BUFSIZ); + BIO_printf(bio,"issuer=%s\n",buf); + } + else + BIO_printf(bio,"no peer certificate available\n"); + + sk=SSL_get_client_CA_list(s); + if ((sk != NULL) && (sk_num(sk) > 0)) + { + BIO_printf(bio,"---\nAcceptable client certificate CA names\n"); + for (i=0; i<sk_num(sk); i++) + { + xn=(X509_NAME *)sk_value(sk,i); + X509_NAME_oneline(xn,buf,sizeof(buf)); + BIO_write(bio,buf,strlen(buf)); + BIO_write(bio,"\n",1); + } + } + else + { + BIO_printf(bio,"---\nNo client certificate CA names sent\n"); + } + p=SSL_get_shared_ciphers(s,buf,BUFSIZ); + if (p != NULL) + { + BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n"); + j=i=0; + while (*p) + { + if (*p == ':') + { + BIO_write(bio,space,15-j%25); + i++; + j=0; + BIO_write(bio,((i%3)?" ":"\n"),1); + } + else + { + BIO_write(bio,p,1); + j++; + } + p++; + } + BIO_write(bio,"\n",1); + } + + BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", + BIO_number_read(SSL_get_rbio(s)), + BIO_number_written(SSL_get_wbio(s))); + } + BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, ")); + c=SSL_get_current_cipher(s); + BIO_printf(bio,"%s, Cipher is %s\n", + SSL_CIPHER_get_version(c), + SSL_CIPHER_get_name(c)); + if (peer != NULL) + BIO_printf(bio,"Server public key is %d bit\n", + EVP_PKEY_bits(X509_get_pubkey(peer))); + SSL_SESSION_print(bio,SSL_get_session(s)); + BIO_printf(bio,"---\n"); + if (peer != NULL) + X509_free(peer); + } + diff --git a/apps/server.pem b/apps/server.pem index eabb927..c57b325 100644 --- a/apps/server.pem +++ b/apps/server.pem @@ -1,17 +1,17 @@ issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) -----BEGIN CERTIFICATE----- -MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD -VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5 -MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4 +MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2// -Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW -mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i -xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH -irObpESxAZLySCmPPg== +Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9 +JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO +IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ +FUGcPZf9ND22Etc+AQ== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD diff --git a/apps/sess_id.c b/apps/sess_id.c index 2fad36a..a606ca3 100644 --- a/apps/sess_id.c +++ b/apps/sess_id.c @@ -69,11 +69,6 @@ #undef PROG #define PROG sess_id_main -#define FORMAT_UNDEF 0 -#define FORMAT_ASN1 1 -#define FORMAT_TEXT 2 -#define FORMAT_PEM 3 - static char *sess_id_usage[]={ "usage: crl args\n", "\n", diff --git a/apps/speed.c b/apps/speed.c index 0003934..9e20b72 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -60,8 +60,8 @@ #undef SECONDS #define SECONDS 3 -#define RSA_SECONDS 10 -#define DSA_SECONDS 10 +#define RSA_SECONDS 10 +#define DSA_SECONDS 10 /* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ /* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ @@ -107,7 +107,8 @@ struct tms { #include <sys/timeb.h> #endif -#ifdef sun +#if defined(sun) || defined(__ultrix) +#define _POSIX_SOURCE #include <limits.h> #include <sys/param.h> #endif @@ -361,13 +362,19 @@ char **argv; int pr_header=0; apps_startup(); +#ifdef NO_DSA + memset(dsa_key,0,sizeof(dsa_key)); +#endif if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); +#ifndef NO_RSA + memset(rsa_key,0,sizeof(rsa_key)); for (i=0; i<RSA_NUM; i++) rsa_key[i]=NULL; +#endif if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL) { @@ -679,7 +686,7 @@ char **argv; rsa_doit[i]=0; else { - if (rsa_c[i] == 0) + if (rsa_c[i][0] == 0) { rsa_c[i][0]=1; rsa_c[i][1]=20; @@ -969,6 +976,8 @@ char **argv; for (j=0; j<RSA_NUM; j++) { if (!rsa_doit[j]) continue; + rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j], + RSA_PKCS1_PADDING); pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j], RSA_SECONDS); /* RSA_blinding_on(rsa_key[j],NULL); */ @@ -992,6 +1001,8 @@ char **argv; rsa_count=count; #if 1 + rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j], + RSA_PKCS1_PADDING); pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j], RSA_SECONDS); Time_F(START); @@ -1031,6 +1042,8 @@ char **argv; if (!dsa_doit[j]) continue; DSA_generate_key(dsa_key[j]); /* DSA_sign_setup(dsa_key[j],NULL); */ + rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, + &kk,dsa_key[j]); pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j], DSA_SECONDS); Time_F(START); @@ -1052,6 +1065,8 @@ char **argv; dsa_results[j][0]=d/(double)count; rsa_count=count; + rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, + kk,dsa_key[j]); pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j], DSA_SECONDS); Time_F(START); diff --git a/apps/ssleay.c b/apps/ssleay.c index eac411b..739a0e8 100644 --- a/apps/ssleay.c +++ b/apps/ssleay.c @@ -241,6 +241,7 @@ end: ERR_remove_state(0); EVP_cleanup(); + ERR_free_strings(); CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) diff --git a/apps/ssleay.cnf b/apps/ssleay.cnf index 0b3bfa6..2621d90 100644 --- a/apps/ssleay.cnf +++ b/apps/ssleay.cnf @@ -4,6 +4,7 @@ # RANDFILE = $ENV::HOME/.rnd +oid_file = $ENV::HOME/.oid #################################################################### [ ca ] @@ -90,6 +91,8 @@ commonName_max = 64 emailAddress = Email Address emailAddress_max = 40 +SET-ex3 = SET extension number 3 + [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 diff --git a/apps/verify.c b/apps/verify.c index 8cd675f..2179110 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -141,6 +141,7 @@ char **argv; X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); + ERR_clear_error(); if (argc < 1) check(cert_ctx,NULL); else for (i=0; i<argc; i++) diff --git a/apps/version.c b/apps/version.c index fcf1f08..8d154ea 100644 --- a/apps/version.c +++ b/apps/version.c @@ -71,7 +71,7 @@ int argc; char **argv; { int i,ret=0; - int cflags=0,version=0,date=0,options=0; + int cflags=0,version=0,date=0,options=0,platform=0; apps_startup(); @@ -90,11 +90,13 @@ char **argv; cflags=1; else if (strcmp(argv[i],"-o") == 0) options=1; + else if (strcmp(argv[i],"-p") == 0) + platform=1; else if (strcmp(argv[i],"-a") == 0) - date=version=cflags=options=1; + date=version=cflags=options=platform=1; else { - BIO_printf(bio_err,"usage:version [-a] [-v] [-b] [-o] [-f]\n"); + BIO_printf(bio_err,"usage:version -[avbofp]\n"); ret=1; goto end; } @@ -102,6 +104,7 @@ char **argv; if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION)); if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON)); + if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM)); if (options) { printf("options:"); diff --git a/apps/x509.c b/apps/x509.c index f5e8be1..94d57bb 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -79,11 +79,6 @@ #define POSTFIX ".srl" #define DEF_DAYS 30 -#define FORMAT_UNDEF 0 -#define FORMAT_ASN1 1 -#define FORMAT_TEXT 2 -#define FORMAT_PEM 3 - #define CERT_HDR "certificate" static char *x509_usage[]={ @@ -219,7 +214,7 @@ char **argv; days=atoi(*(++argv)); if (days == 0) { - BIO_printf(bio_err,"bad number of days\n"); + BIO_printf(STDout,"bad number of days\n"); goto bad; } } @@ -400,9 +395,13 @@ bad: X509_gmtime_adj(X509_get_notBefore(x),0); X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); +#if 0 X509_PUBKEY_free(ci->key); ci->key=req->req_info->pubkey; req->req_info->pubkey=NULL; +#else + X509_set_pubkey(x,X509_REQ_get_pubkey(req)); +#endif } else x=load_cert(infile,informat); @@ -445,24 +444,23 @@ bad: { X509_NAME_oneline(X509_get_issuer_name(x), buf,256); - fprintf(stdout,"issuer= %s\n",buf); + BIO_printf(STDout,"issuer= %s\n",buf); } else if (subject == i) { X509_NAME_oneline(X509_get_subject_name(x), buf,256); - fprintf(stdout,"subject=%s\n",buf); + BIO_printf(STDout,"subject=%s\n",buf); } else if (serial == i) { - fprintf(stdout,"serial="); + BIO_printf(STDout,"serial="); i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber); - fprintf(stdout,"\n"); + BIO_printf(STDout,"\n"); } else if (hash == i) { - fprintf(stdout,"%08lx\n", - X509_subject_name_hash(x)); + BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } else #ifndef NO_RSA @@ -473,16 +471,16 @@ bad: pkey=X509_get_pubkey(x); if (pkey == NULL) { - fprintf(stdout,"Modulus=unavailable\n"); + BIO_printf(bio_err,"Modulus=unavailable\n"); ERR_print_errors(bio_err); goto end; } - fprintf(stdout,"Modulus="); + BIO_printf(STDout,"Modulus="); if (pkey->type == EVP_PKEY_RSA) BN_print(STDout,pkey->pkey.rsa->n); else - fprintf(stdout,"Wrong Algorithm type"); - fprintf(stdout,"\n"); + BIO_printf(STDout,"Wrong Algorithm type"); + BIO_printf(STDout,"\n"); } else #endif @@ -494,47 +492,49 @@ bad: X509_NAME_oneline(X509_get_subject_name(x), buf,256); - printf("/* subject:%s */\n",buf); + BIO_printf(STDout,"/* subject:%s */\n",buf); m=X509_NAME_oneline( X509_get_issuer_name(x),buf,256); - printf("/* issuer :%s */\n",buf); + BIO_printf(STDout,"/* issuer :%s */\n",buf); z=i2d_X509(x,NULL); m=Malloc(z); d=(unsigned char *)m; z=i2d_X509_NAME(X509_get_subject_name(x),&d); - printf("unsigned char XXX_subject_name[%d]={\n",z); + BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { - printf("0x%02X,",d[y]); - if ((y & 0x0f) == 0x0f) printf("\n"); + BIO_printf(STDout,"0x%02X,",d[y]); + if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n"); } - if (y%16 != 0) printf("\n"); - printf("};\n"); + if (y%16 != 0) BIO_printf(STDout,"\n"); + BIO_printf(STDout,"};\n"); z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d); - printf("unsigned char XXX_public_key[%d]={\n",z); + BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { - printf("0x%02X,",d[y]); - if ((y & 0x0f) == 0x0f) printf("\n"); + BIO_printf(STDout,"0x%02X,",d[y]); + if ((y & 0x0f) == 0x0f) + BIO_printf(STDout,"\n"); } - if (y%16 != 0) printf("\n"); - printf("};\n"); + if (y%16 != 0) BIO_printf(STDout,"\n"); + BIO_printf(STDout,"};\n"); z=i2d_X509(x,&d); - printf("unsigned char XXX_certificate[%d]={\n",z); + BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { - printf("0x%02X,",d[y]); - if ((y & 0x0f) == 0x0f) printf("\n"); + BIO_printf(STDout,"0x%02X,",d[y]); + if ((y & 0x0f) == 0x0f) + BIO_printf(STDout,"\n"); } - if (y%16 != 0) printf("\n"); - printf("};\n"); + if (y%16 != 0) BIO_printf(STDout,"\n"); + BIO_printf(STDout,"};\n"); Free(m); } @@ -565,10 +565,10 @@ bad: BIO_printf(bio_err,"out of memory\n"); goto end; } - fprintf(stdout,"MD5 Fingerprint="); + BIO_printf(STDout,"MD5 Fingerprint="); for (j=0; j<(int)n; j++) { - fprintf(stdout,"%02X%c",md[j], + BIO_printf(STDout,"%02X%c",md[j], (j+1 == (int)n) ?'\n':':'); } @@ -602,6 +602,7 @@ bad: if (CApkey->type == EVP_PKEY_DSA) digest=EVP_dss1(); #endif + if (!x509_certify(ctx,CAfile,digest,x,xca, CApkey, CAserial,CA_createserial,days)) @@ -802,6 +803,12 @@ int days; if (!reqfile && !X509_verify_cert(&xsc)) goto end; + if (!X509_check_private_key(xca,pkey)) + { + BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); + goto end; + } + if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end; if (!X509_set_serialNumber(x,bs)) goto end; @@ -856,15 +863,15 @@ X509_STORE_CTX *ctx; * DEPTH_ZERO_SELF_.... */ if (ok) { - printf("error with certificate to be certified - should be self signed\n"); + BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n"); return(0); } else { err_cert=X509_STORE_CTX_get_current_cert(ctx); X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); - printf("%s\n",buf); - printf("error with certificate - error %d at depth %d\n%s\n", + BIO_printf(bio_err,"%s\n",buf); + BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n", err,X509_STORE_CTX_get_error_depth(ctx), X509_verify_cert_error_string(err)); return(1); |