added openssl from AOSP sources

This commit is contained in:
JosePereira 2012-06-10 19:35:02 +01:00
parent 586790a2b2
commit 4b16b77623
1110 changed files with 406223 additions and 0 deletions

9
jni/openssl/Android.mk Normal file
View File

@ -0,0 +1,9 @@
LOCAL_PATH := $(call my-dir)
subdirs := $(addprefix $(LOCAL_PATH)/,$(addsuffix /Android.mk, \
crypto \
ssl \
# apps \
))
include $(subdirs)

60
jni/openssl/CleanSpec.mk Normal file
View File

@ -0,0 +1,60 @@
# Copyright (C) 2007 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# If you don't need to do a full clean build but would like to touch
# a file or delete some intermediate files, add a clean step to the end
# of the list. These steps will only be run once, if they haven't been
# run before.
#
# E.g.:
# $(call add-clean-step, touch -c external/sqlite/sqlite3.h)
# $(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/STATIC_LIBRARIES/libz_intermediates)
#
# Always use "touch -c" and "rm -f" or "rm -rf" to gracefully deal with
# files that are missing or have been moved.
#
# Use $(PRODUCT_OUT) to get to the "out/target/product/blah/" directory.
# Use $(OUT_DIR) to refer to the "out" directory.
#
# If you need to re-do something that's already mentioned, just copy
# the command and add it to the bottom of the list. E.g., if a change
# that you made last week required touching a file and a change you
# made today requires touching the same file, just copy the old
# touch step and add it to the end of the list.
#
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************
# For example:
#$(call add-clean-step, rm -rf $(OUT_DIR)/target/common/obj/APPS/AndroidTests_intermediates)
#$(call add-clean-step, rm -rf $(OUT_DIR)/target/common/obj/JAVA_LIBRARIES/core_intermediates)
#$(call add-clean-step, find $(OUT_DIR) -type f -name "IGTalkSession*" -print0 | xargs -0 rm -f)
#$(call add-clean-step, rm -rf $(PRODUCT_OUT)/data/*)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/ssltest_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/ssltest_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/ssltest_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/ssltest_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/ssltest_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/STATIC_LIBRARIES/libssl_static_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/STATIC_LIBRARIES/libcrypto_static_intermediates)
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************

View File

127
jni/openssl/NOTICE Normal file
View File

@ -0,0 +1,127 @@
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/

View File

@ -0,0 +1,92 @@
OpenSSL on the Android platform.
---
The code in this directory is based on $OPENSSL_VERSION in the file
openssl.version. See patches/README for more information on how the
code differs from $OPENSSL_VERSION.
Porting New Versions of OpenSSL.
--
The following steps are recommended for porting new OpenSSL versions.
1) Retrieve the appropriate version of the OpenSSL source from
www.openssl.org/source (in openssl-*.tar.gz file). Check the PGP
signature (found in matching openssl-*.tar.gz.asc file) with:
gpg openssl-*.tar.gz.asc
If the public key is not found, import the the one with the
matching RSA key ID from http://www.openssl.org/about/, using:
gpg --import # paste PGP public key block on stdin
2) Update the variables in openssl.config and openssl.version as appropriate.
At the very least you will need to update the openssl.version.
Similarly update ThirdPartyProject.prop.
3) Run:
./import_openssl.sh import openssl-*.tar.gz
4) If there are any errors, then modify openssl.config, openssl.version
and patches in patches/ as appropriate. You might want to use:
./import_openssl.sh regenerate patches/*.patch
Repeat step 3.
5) Cleanup before building with:
m -j16 clean-libcrypto clean-libssl clean-openssl clean-ssltest
6) Build openssl from the external/openssl directory with:
mm -j16 snod && adb remount && adb sync system
If there are build errors, then patches/*.mk, openssl.config, or
android-config.mk may need updating.
7) Run tests to make sure things are working:
# Run local openssl tests
(cd android.testssl/ && ./testssl.sh)
# Build and sync libcore tests
(croot && cd libcore && mm -j16 snod && adb remount && adb sync)
# Run tests from libcore
(croot && vogar --classpath out/target/common/obj/JAVA_LIBRARIES/core-tests-support_intermediates/classes.jar --classpath out/target/common/obj/JAVA_LIBRARIES/core-tests_intermediates/classes.jar javax.net.ssl tests.api.javax.net)
# Run tests from Harmony
(croot && vogar --classpath harmony_tests.jar tests.api.java.math.BigIntegerTest org.apache.harmony.tests.java.math)
# try an https website
adb shell am start https://online.citibank.com # confirm result in browser
The vogar tool can be found externally at http://code.google.com/p/vogar/
Within Google it can be run with ~dalvik-prebuild/vogar/bin/vogar
harmony_tests.jar is built from Subversion http://harmony.apache.org/
Within Google it can be found at ~dalvik-prebuild/bin/harmony_tests.jar
# You can also run openssl s_server as a test server on the device:
adb push ./android.testssl/CAss.cnf /sdcard/CAss.cnf
adb shell openssl req -config /sdcard/CAss.cnf -x509 -nodes -days 365 -subj '/C=US/ST=California/L=Mountain View/CN=localhost' -newkey rsa:1024 -keyout /sdcard/server.pem -out /sdcard/server.pem
adb shell openssl s_server -cert /sdcard/server.pem -www -verify 1
adb shell am start https://localhost:4433 # confirm result in browser
8) Do a full build before checking in:
m -j16
Optionally, check whether build flags (located in android-config.mk
need to be updated. Doing this step will help ensure that the
compiled library is appropriately optimized for speed and size. To
update build flags:
a) source openssl.config
b) tar -zxf openssl-*.tar.gz
c) cd openssl-*/
d) ./Configure $CONFIGURE_ARGS
e) examine Makefile and compare with ../android-config.mk
f) modify ../openssl.config as appropriate and go to step 3) above.
Alternatively, ."/import_openssl.sh import" now prints the
post-Configure Makefile for review before deleting in on import.

View File

@ -0,0 +1,10 @@
# Copyright 2010 Google Inc. All Rights Reserved.
#Fri Jul 16 10:03:09 PDT 2010
currentVersion=1.0.0e
version=1.0.0e
isNative=true
feedurl=http\://www.openssl.org/
name=openssl
keywords=openssl
onDevice=true
homepage=http\://www.openssl.org/

View File

@ -0,0 +1,17 @@
#
# These flags represent the build-time configuration of openssl for android
#
# They were pruned from the "Makefile" generated by running ./Configure from import_openssl.sh
#
# From CLFAG=
LOCAL_CFLAGS += -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN #-DTERMIO
# From DEPFLAG=
LOCAL_CFLAGS += -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CAST -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_IDEA -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SHA0 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_STORE -DOPENSSL_NO_WHIRLPOOL
# Extra
LOCAL_CFLAGS += -DOPENSSL_NO_HW -DOPENSSL_NO_ENGINE -DZLIB
# Debug
# LOCAL_CFLAGS += -DCIPHER_DEBUG

View File

@ -0,0 +1,76 @@
#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = /sdcard/android.testssl/.rnd
####################################################################
[ req ]
default_bits = 512
default_keyfile = keySS.pem
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
default_md = sha1
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_value = AU
organizationName = Organization Name (eg, company)
organizationName_value = Dodgy Brothers
commonName = Common Name (eg, YOUR name)
commonName_value = Dodgy CA
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = v3_ca # The extentions to add to the cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true,pathlen:1
keyUsage = cRLSign, keyCertSign
issuerAltName=issuer:copy

View File

@ -0,0 +1,36 @@
#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = /sdcard/android.testssl/.rnd
####################################################################
[ req ]
default_bits = 512
default_keyfile = keySS.pem
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
default_md = md2
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_value = AU
organizationName = Organization Name (eg, company)
organizationName_value = Dodgy Brothers
0.commonName = Common Name (eg, YOUR name)
0.commonName_value = Brother 1
1.commonName = Common Name (eg, YOUR name)
1.commonName_value = Brother 2
[ v3_ee ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
basicConstraints = CA:false
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
issuerAltName=issuer:copy

View File

@ -0,0 +1,376 @@
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)
-----BEGIN CERTIFICATE-----
MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5
MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl
cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm
RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa
6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf
JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB
gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6
dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
-----END RSA PRIVATE KEY-----
subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
notBefore=950413210656Z
notAfter =970412210656Z
-----BEGIN X509 CERTIFICATE-----
MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
-----END X509 CERTIFICATE-----
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-----BEGIN CERTIFICATE-----
MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
-----END RSA PRIVATE KEY-----
-----BEGIN X509 CERTIFICATE-----
MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
-----END X509 CERTIFICATE-----
-----BEGIN X509 CERTIFICATE-----
MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
LC7obsrHD8XAHG+ZRG==
-----END X509 CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
S7ELuYGtmYgYm9NZOIr7yU0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
GJNMJ4L0AJ/ac+SmHZc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
-----END CERTIFICATE-----
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-----BEGIN CERTIFICATE-----
MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
-----END RSA PRIVATE KEY-----
subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
notBefore=941104185834Z
notAfter =991103185834Z
-----BEGIN X509 CERTIFICATE-----
MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
-----END X509 CERTIFICATE-----
subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
notBefore=941109235417Z
notAfter =991231235417Z
-----BEGIN X509 CERTIFICATE-----
MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
-----END X509 CERTIFICATE-----
subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
/OU=Certification Services Division/CN=Thawte Server CA
/Email=server-certs@thawte.com
issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
/OU=Certification Services Division/CN=Thawte Server CA
/Email=server-certs@thawte.com
-----BEGIN CERTIFICATE-----
MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
3VZdLbCVIhNoEsysrxCpxcI=
-----END CERTIFICATE-----
Tims test GCI CA
-----BEGIN CERTIFICATE-----
MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
-----END CERTIFICATE-----
subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
-----BEGIN CERTIFICATE-----
MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
-----END CERTIFICATE-----
subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-----BEGIN CERTIFICATE-----
MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
-----END CERTIFICATE-----
subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
-----BEGIN CERTIFICATE-----
MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
-----END CERTIFICATE-----

View File

@ -0,0 +1,163 @@
#!/bin/sh
if [ "$1" = "" ]; then
key=../apps/server.pem
else
key="$1"
fi
if [ "$2" = "" ]; then
cert=../apps/server.pem
else
cert="$2"
fi
ssltest="adb shell /system/bin/ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
if adb shell /system/bin/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
dsa_cert=YES
else
dsa_cert=NO
fi
if [ "$3" = "" ]; then
CA="-CApath ../certs"
else
CA="-CAfile $3"
fi
if [ "$4" = "" ]; then
extra=""
else
extra="$4"
fi
#############################################################################
echo test sslv2
$ssltest -ssl2 $extra || exit 1
echo test sslv2 with server authentication
$ssltest -ssl2 -server_auth $CA $extra || exit 1
if [ $dsa_cert = NO ]; then
echo test sslv2 with client authentication
$ssltest -ssl2 -client_auth $CA $extra || exit 1
echo test sslv2 with both client and server authentication
$ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
fi
echo test sslv3
$ssltest -ssl3 $extra || exit 1
echo test sslv3 with server authentication
$ssltest -ssl3 -server_auth $CA $extra || exit 1
echo test sslv3 with client authentication
$ssltest -ssl3 -client_auth $CA $extra || exit 1
echo test sslv3 with both client and server authentication
$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3
$ssltest $extra || exit 1
echo test sslv2/sslv3 with server authentication
$ssltest -server_auth $CA $extra || exit 1
echo test sslv2/sslv3 with client authentication
$ssltest -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication
$ssltest -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication and small client buffers
$ssltest -server_auth -client_auth -c_small_records $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication and small server buffers
$ssltest -server_auth -client_auth -s_small_records $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication and small client and server buffers
$ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough
$ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1
echo test sslv2 via BIO pair
$ssltest -bio_pair -ssl2 $extra || exit 1
echo test sslv2 with server authentication via BIO pair
$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
if [ $dsa_cert = NO ]; then
echo test sslv2 with client authentication via BIO pair
$ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
echo test sslv2 with both client and server authentication via BIO pair
$ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
fi
echo test sslv3 via BIO pair
$ssltest -bio_pair -ssl3 $extra || exit 1
echo test sslv3 with server authentication via BIO pair
$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
echo test sslv3 with client authentication via BIO pair
$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
echo test sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 via BIO pair
$ssltest $extra || exit 1
if [ $dsa_cert = NO ]; then
echo test sslv2/sslv3 w/o DHE via BIO pair
$ssltest -bio_pair -no_dhe $extra || exit 1
fi
echo test sslv2/sslv3 with 1024bit DHE via BIO pair
$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
echo test sslv2/sslv3 with server authentication
$ssltest -bio_pair -server_auth $CA $extra || exit 1
echo test sslv2/sslv3 with client authentication via BIO pair
$ssltest -bio_pair -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
#############################################################################
if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
echo skipping anonymous DH tests
else
echo test tls1 with 1024bit anonymous DH, multiple handshakes
$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
fi
if [ `adb shell /system/bin/openssl no-rsa` = no-dh ]; then
echo skipping RSA tests
else
echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
echo skipping RSA+DHE tests
else
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
fi
fi
echo test tls1 with PSK
$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
echo test tls1 with PSK via BIO pair
$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
exit 0

View File

@ -0,0 +1,77 @@
#!/bin/bash
#
# Copyright (C) 2010 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Android testssl.sh driver script for openssl's testssl
#
# based on openssl's test/testss script and test/Makefile's test_ssl target
#
set -e
trap "echo Exiting on unexpected error." ERR
device=/sdcard/android.testssl
digest='-sha1'
reqcmd="adb shell /system/bin/openssl req"
x509cmd="adb shell /system/bin/openssl x509 $digest"
CAkey="$device/keyCA.ss"
CAcert="$device/certCA.ss"
CAreq="$device/reqCA.ss"
CAconf="$device/CAss.cnf"
Uconf="$device/Uss.cnf"
Ureq="$device/reqU.ss"
Ukey="$device/keyU.ss"
Ucert="$device/certU.ss"
echo
echo "setting up"
adb remount
adb shell rm -r $device
adb shell mkdir $device
echo
echo "pushing test files to device"
adb push . $device
echo
echo "make a certificate request using 'req'"
adb shell "echo \"string to make the random number generator think it has entropy\" >> $device/.rnd"
req_new='-new'
$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new
echo
echo "convert the certificate request into a self signed certificate using 'x509'"
$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca
echo
echo "make a user certificate request using 'req'"
$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new
echo
echo "sign user certificate request with the just created CA via 'x509'"
$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee
echo
echo "running testssl"
./testssl $Ukey $Ucert $CAcert
echo
echo "cleaning up"
adb shell rm -r $device

View File

@ -0,0 +1,87 @@
# Copyright 2006 The Android Open Source Project
LOCAL_PATH:= $(call my-dir)
local_src_files:= \
app_rand.c \
apps.c \
asn1pars.c \
ca.c \
ciphers.c \
crl.c \
crl2p7.c \
dgst.c \
dh.c \
dhparam.c \
dsa.c \
dsaparam.c \
ecparam.c \
ec.c \
enc.c \
engine.c \
errstr.c \
gendh.c \
gendsa.c \
genpkey.c \
genrsa.c \
nseq.c \
ocsp.c \
openssl.c \
passwd.c \
pkcs12.c \
pkcs7.c \
pkcs8.c \
pkey.c \
pkeyparam.c \
pkeyutl.c \
prime.c \
rand.c \
req.c \
rsa.c \
rsautl.c \
s_cb.c \
s_client.c \
s_server.c \
s_socket.c \
s_time.c \
sess_id.c \
smime.c \
speed.c \
spkac.c \
verify.c \
version.c \
x509.c
local_shared_libraries := \
libssl \
libcrypto
local_c_includes := \
external/openssl \
external/openssl/include
local_cflags := -DMONOLITH
# These flags omit whole features from the commandline "openssl".
# However, portions of these features are actually turned on.
local_cflags += -DOPENSSL_NO_DTLS1
include $(CLEAR_VARS)
LOCAL_MODULE:= openssl
LOCAL_MODULE_TAGS := optional
LOCAL_SRC_FILES := $(local_src_files)
LOCAL_SHARED_LIBRARIES := $(local_shared_libraries)
LOCAL_C_INCLUDES := $(local_c_includes)
LOCAL_CFLAGS := $(local_cflags)
include $(LOCAL_PATH)/../android-config.mk
include $(BUILD_EXECUTABLE)
include $(CLEAR_VARS)
LOCAL_MODULE:= openssl
LOCAL_MODULE_TAGS := optional
LOCAL_SRC_FILES := $(local_src_files)
LOCAL_SHARED_LIBRARIES := $(local_shared_libraries)
LOCAL_C_INCLUDES := $(local_c_includes)
LOCAL_CFLAGS := $(local_cflags)
include $(LOCAL_PATH)/../android-config.mk
include $(BUILD_HOST_EXECUTABLE)

189
jni/openssl/apps/CA.pl Normal file
View File

@ -0,0 +1,189 @@
#!/usr/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
#
#
# Steve Henson
# shenson@bigfoot.com
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
my $openssl;
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
} else {
$openssl = "openssl";
$ENV{OPENSSL} = $openssl;
}
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365"; # 1 year
$CADAYS="-days 1095"; # 3 years
$REQ="$openssl req $SSLEAY_CONFIG";
$CA="$openssl ca $SSLEAY_CONFIG";
$VERIFY="$openssl verify";
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
$RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
# create the directory hierarchy
mkdir $CATOP, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
$FILE = <STDIN>;
chop $FILE;
# ask user for existing CA certificate
if ($FILE) {
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
$RET=$?;
} else {
print "Making CA certificate ...\n";
system ("$REQ -new -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " .
"-out ${CATOP}/$CACERT $CADAYS -batch " .
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
"-extensions v3_ca " .
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
$RET=$?;
} elsif (/^(-sign|-signreq)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^(-signCA)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-extensions v3_ca -infiles newreq.pem");
$RET=$?;
print "Signed CA certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles tmp.pem");
$RET = $?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^-verify$/) {
if (shift) {
foreach $j (@ARGV) {
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
$RET=$? if ($? != 0);
}
exit $RET;
} else {
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
$RET=$?;
exit 0;
}
} else {
print STDERR "Unknown arg $_\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
}
exit $RET;
sub cp_pem {
my ($infile, $outfile, $bound) = @_;
open IN, $infile;
open OUT, ">$outfile";
my $flag = 0;
while (<IN>) {
$flag = 1 if (/^-----BEGIN.*$bound/) ;
print OUT $_ if ($flag);
if (/^-----END.*$bound/) {
close IN;
close OUT;
return;
}
}
}

189
jni/openssl/apps/CA.pl.in Normal file
View File

@ -0,0 +1,189 @@
#!/usr/local/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
#
#
# Steve Henson
# shenson@bigfoot.com
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
my $openssl;
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
} else {
$openssl = "openssl";
$ENV{OPENSSL} = $openssl;
}
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365"; # 1 year
$CADAYS="-days 1095"; # 3 years
$REQ="$openssl req $SSLEAY_CONFIG";
$CA="$openssl ca $SSLEAY_CONFIG";
$VERIFY="$openssl verify";
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
$RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
# create the directory hierarchy
mkdir $CATOP, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
$FILE = <STDIN>;
chop $FILE;
# ask user for existing CA certificate
if ($FILE) {
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
$RET=$?;
} else {
print "Making CA certificate ...\n";
system ("$REQ -new -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " .
"-out ${CATOP}/$CACERT $CADAYS -batch " .
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
"-extensions v3_ca " .
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
$RET=$?;
} elsif (/^(-sign|-signreq)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^(-signCA)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-extensions v3_ca -infiles newreq.pem");
$RET=$?;
print "Signed CA certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles tmp.pem");
$RET = $?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^-verify$/) {
if (shift) {
foreach $j (@ARGV) {
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
$RET=$? if ($? != 0);
}
exit $RET;
} else {
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
$RET=$?;
exit 0;
}
} else {
print STDERR "Unknown arg $_\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
}
exit $RET;
sub cp_pem {
my ($infile, $outfile, $bound) = @_;
open IN, $infile;
open OUT, ">$outfile";
my $flag = 0;
while (<IN>) {
$flag = 1 if (/^-----BEGIN.*$bound/) ;
print OUT $_ if ($flag);
if (/^-----END.*$bound/) {
close IN;
close OUT;
return;
}
}
}

198
jni/openssl/apps/CA.sh Normal file
View File

@ -0,0 +1,198 @@
#!/bin/sh
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
cp_pem() {
infile=$1
outfile=$2
bound=$3
flag=0
exec <$infile;
while read line; do
if [ $flag -eq 1 ]; then
echo $line|grep "^-----END.*$bound" 2>/dev/null 1>/dev/null
if [ $? -eq 0 ] ; then
echo $line >>$outfile
break
else
echo $line >>$outfile
fi
fi
echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null
if [ $? -eq 0 ]; then
echo $line >$outfile
flag=1
fi
done
}
usage() {
echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2
}
if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year
CADAYS="-days 1095" # 3 years
REQ="$OPENSSL req $SSLEAY_CONFIG"
CA="$OPENSSL ca $SSLEAY_CONFIG"
VERIFY="$OPENSSL verify"
X509="$OPENSSL x509"
PKCS12="openssl pkcs12"
if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
CAKEY=./cakey.pem
CAREQ=./careq.pem
CACERT=./cacert.pem
RET=0
while [ "$1" != "" ] ; do
case $1 in
-\?|-h|-help)
usage
exit 0
;;
-newcert)
# create a certificate
$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
RET=$?
echo "Certificate is in newcert.pem, private key is in newkey.pem"
;;
-newreq)
# create a certificate request
$REQ -new -keyout newkey.pem -out newreq.pem $DAYS
RET=$?
echo "Request is in newreq.pem, private key is in newkey.pem"
;;
-newreq-nodes)
# create a certificate request
$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
RET=$?
echo "Request (and private key) is in newreq.pem"
;;
-newca)
# if explicitly asked for or it doesn't exist then setup the directory
# structure that Eric likes to manage things
NEW="1"
if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
# create the directory hierarchy
mkdir -p ${CATOP}
mkdir -p ${CATOP}/certs
mkdir -p ${CATOP}/crl
mkdir -p ${CATOP}/newcerts
mkdir -p ${CATOP}/private
touch ${CATOP}/index.txt
fi
if [ ! -f ${CATOP}/private/$CAKEY ]; then
echo "CA certificate filename (or enter to create)"
read FILE
# ask user for existing CA certificate
if [ "$FILE" ]; then
cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE
cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE
RET=$?
if [ ! -f "${CATOP}/serial" ]; then
$X509 -in ${CATOP}/$CACERT -noout -next_serial \
-out ${CATOP}/serial
fi
else
echo "Making CA certificate ..."
$REQ -new -keyout ${CATOP}/private/$CAKEY \
-out ${CATOP}/$CAREQ
$CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \
-keyfile ${CATOP}/private/$CAKEY -selfsign \
-extensions v3_ca \
-infiles ${CATOP}/$CAREQ
RET=$?
fi
fi
;;
-xsign)
$CA -policy policy_anything -infiles newreq.pem
RET=$?
;;
-pkcs12)
if [ -z "$2" ] ; then
CNAME="My Certificate"
else
CNAME="$2"
fi
$PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \
-out newcert.p12 -export -name "$CNAME"
RET=$?
exit $RET
;;
-sign|-signreq)
$CA -policy policy_anything -out newcert.pem -infiles newreq.pem
RET=$?
cat newcert.pem
echo "Signed certificate is in newcert.pem"
;;
-signCA)
$CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem
RET=$?
echo "Signed CA certificate is in newcert.pem"
;;
-signcert)
echo "Cert passphrase will be requested twice - bug?"
$X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
$CA -policy policy_anything -out newcert.pem -infiles tmp.pem
RET=$?
cat newcert.pem
echo "Signed certificate is in newcert.pem"
;;
-verify)
shift
if [ -z "$1" ]; then
$VERIFY -CAfile $CATOP/$CACERT newcert.pem
RET=$?
else
for j
do
$VERIFY -CAfile $CATOP/$CACERT $j
if [ $? != 0 ]; then
RET=$?
fi
done
fi
exit $RET
;;
*)
echo "Unknown arg $i" >&2
usage
exit 1
;;
esac
shift
done
exit $RET

218
jni/openssl/apps/app_rand.c Normal file
View File

@ -0,0 +1,218 @@
/* apps/app_rand.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define NON_MAIN
#include "apps.h"
#undef NON_MAIN
#include <openssl/bio.h>
#include <openssl/rand.h>
static int seeded = 0;
static int egdsocket = 0;
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
{
int consider_randfile = (file == NULL);
char buffer[200];
#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_e,"Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
BIO_printf(bio_e," done\n");
#endif
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
else if (RAND_egd(file) > 0)
{
/* we try if the given filename is an EGD socket.
if it is, we don't write anything back to the file. */
egdsocket = 1;
return 1;
}
if (file == NULL || !RAND_load_file(file, -1))
{
if (RAND_status() == 0)
{
if (!dont_warn)
{
BIO_printf(bio_e,"unable to load 'random state'\n");
BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
BIO_printf(bio_e,"with much random data.\n");
if (consider_randfile) /* explanation does not apply when a file is explicitly named */
{
BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
}
}
return 0;
}
}
seeded = 1;
return 1;
}
long app_RAND_load_files(char *name)
{
char *p,*n;
int last;
long tot=0;
int egd;
for (;;)
{
last=0;
for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
if (*p == '\0') last=1;
*p='\0';
n=name;
name=p+1;
if (*n == '\0') break;
egd=RAND_egd(n);
if (egd > 0)
tot+=egd;
else
tot+=RAND_load_file(n,-1);
if (last) break;
}
if (tot > 512)
app_RAND_allow_write_file();
return(tot);
}
int app_RAND_write_file(const char *file, BIO *bio_e)
{
char buffer[200];
if (egdsocket || !seeded)
/* If we did not manage to read the seed file,
* we should not write a low-entropy seed file back --
* it would suppress a crucial warning the next time
* we want to use it. */
return 0;
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
if (file == NULL || !RAND_write_file(file))
{
BIO_printf(bio_e,"unable to write 'random state'\n");
return 0;
}
return 1;
}
void app_RAND_allow_write_file(void)
{
seeded = 1;
}

3063
jni/openssl/apps/apps.c Normal file

File diff suppressed because it is too large Load Diff

364
jni/openssl/apps/apps.h Normal file
View File

@ -0,0 +1,364 @@
/* apps/apps.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_APPS_H
#define HEADER_APPS_H
#include "e_os.h"
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
#include <openssl/txt_db.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#ifndef OPENSSL_NO_OCSP
#include <openssl/ocsp.h>
#endif
#include <openssl/ossl_typ.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
int app_RAND_write_file(const char *file, BIO *bio_e);
/* When `file' is NULL, use defaults.
* `bio_e' is for error messages. */
void app_RAND_allow_write_file(void);
long app_RAND_load_files(char *file); /* `file' is a list of files to read,
* separated by LIST_SEPARATOR_CHAR
* (see e_os.h). The string is
* destroyed! */
#ifndef MONOLITH
#define MAIN(a,v) main(a,v)
#ifndef NON_MAIN
CONF *config=NULL;
BIO *bio_err=NULL;
#else
extern CONF *config;
extern BIO *bio_err;
#endif
#else
#define MAIN(a,v) PROG(a,v)
extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
#endif
#ifndef OPENSSL_SYS_NETWARE
#include <signal.h>
#endif
#ifdef SIGPIPE
#define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
#else
#define do_pipe_sig()
#endif
#ifdef OPENSSL_NO_COMP
#define zlib_cleanup()
#else
#define zlib_cleanup() COMP_zlib_cleanup()
#endif
#if defined(MONOLITH) && !defined(OPENSSL_C)
# define apps_startup() \
do_pipe_sig()
# define apps_shutdown()
#else
# ifndef OPENSSL_NO_ENGINE
# define apps_startup() \
do { do_pipe_sig(); CRYPTO_malloc_init(); \
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
# define apps_shutdown() \
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
ERR_free_strings(); zlib_cleanup();} while(0)
# else
# define apps_startup() \
do { do_pipe_sig(); CRYPTO_malloc_init(); \
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
setup_ui_method(); } while(0)
# define apps_shutdown() \
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
ERR_free_strings(); zlib_cleanup(); } while(0)
# endif
#endif
#ifdef OPENSSL_SYSNAME_WIN32
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
#else
# define openssl_fdset(a,b) FD_SET(a, b)
#endif
typedef struct args_st
{
char **data;
int count;
} ARGS;
#define PW_MIN_LENGTH 4
typedef struct pw_cb_data
{
const void *password;
const char *prompt_info;
} PW_CB_DATA;
int password_callback(char *buf, int bufsiz, int verify,
PW_CB_DATA *cb_data);
int setup_ui_method(void);
void destroy_ui_method(void);
int should_retry(int i);
int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s);
void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
#ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
#endif
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
#ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
#endif
#ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
char *host, char *path, char *port, int use_ssl,
STACK_OF(CONF_VALUE) *headers,
int req_timeout);
#endif
int load_config(BIO *err, CONF *cnf);
char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, const char *str);
#define DB_type 0
#define DB_exp_date 1
#define DB_rev_date 2
#define DB_serial 3 /* index - unique */
#define DB_file 4
#define DB_name 5 /* index - unique when active and not disabled */
#define DB_NUMBER 6
#define DB_TYPE_REV 'R'
#define DB_TYPE_EXP 'E'
#define DB_TYPE_VAL 'V'
typedef struct db_attr_st
{
int unique_subject;
} DB_ATTR;
typedef struct ca_db_st
{
DB_ATTR attributes;
TXT_DB *db;
} CA_DB;
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db);
int save_index(const char *dbfile, const char *suffix, CA_DB *db);
int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
void free_index(CA_DB *db);
#define index_name_cmp_noconst(a, b) \
index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
int parse_yesno(const char *str, int def);
X509_NAME *parse_name(char *str, long chtype, int multirdn);
int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param);
#ifndef OPENSSL_NO_PSK
extern char *psk_key;
#endif
#ifndef OPENSSL_NO_JPAKE
void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
#endif
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
#define FORMAT_PEM 3
#define FORMAT_NETSCAPE 4
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
#define FORMAT_ENGINE 7
#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
* adding yet another param to load_*key() */
#define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */
#define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
#define FORMAT_MSBLOB 11 /* MS Key blob format */
#define FORMAT_PVK 12 /* MS PVK file format */
#define EXT_COPY_NONE 0
#define EXT_COPY_ADD 1
#define EXT_COPY_ALL 2
#define NETSCAPE_CERT_HDR "certificate"
#define APP_PASS_LEN 1024
#define SERIAL_RAND_BITS 64
int app_isdir(const char *);
int raw_read_stdin(void *,int);
int raw_write_stdout(const void *,int);
#define TM_START 0
#define TM_STOP 1
double app_tminterval (int stop,int usertime);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
#endif

445
jni/openssl/apps/asn1pars.c Normal file
View File

@ -0,0 +1,445 @@
/* apps/asn1pars.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* A nice addition from Dr Stephen Henson <steve@openssl.org> to
* add the -strparse option which parses nested binary structures
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
/* -inform arg - input format - default PEM (DER or PEM)
* -in arg - input file - default stdin
* -i - indent the details by depth
* -offset - where in the file to start
* -length - how many bytes to use
* -oid file - extra oid description file
*/
#undef PROG
#define PROG asn1parse_main
int MAIN(int, char **);
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
int MAIN(int argc, char **argv)
{
int i,badops=0,offset=0,ret=1,j;
unsigned int length=0;
long num,tmplen;
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
int informat,indent=0, noout = 0, dump = 0;
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
char *genstr=NULL, *genconf=NULL;
unsigned char *tmpbuf;
const unsigned char *ctmpbuf;
BUF_MEM *buf=NULL;
STACK_OF(OPENSSL_STRING) *osk=NULL;
ASN1_TYPE *at=NULL;
informat=FORMAT_PEM;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
prog=argv[0];
argc--;
argv++;
if ((osk=sk_OPENSSL_STRING_new_null()) == NULL)
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto end;
}
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
derfile= *(++argv);
}
else if (strcmp(*argv,"-i") == 0)
{
indent=1;
}
else if (strcmp(*argv,"-noout") == 0) noout = 1;
else if (strcmp(*argv,"-oid") == 0)
{
if (--argc < 1) goto bad;
oidfile= *(++argv);
}
else if (strcmp(*argv,"-offset") == 0)
{
if (--argc < 1) goto bad;
offset= atoi(*(++argv));
}
else if (strcmp(*argv,"-length") == 0)
{
if (--argc < 1) goto bad;
length= atoi(*(++argv));
if (length == 0) goto bad;
}
else if (strcmp(*argv,"-dump") == 0)
{
dump= -1;
}
else if (strcmp(*argv,"-dlimit") == 0)
{
if (--argc < 1) goto bad;
dump= atoi(*(++argv));
if (dump <= 0) goto bad;
}
else if (strcmp(*argv,"-strparse") == 0)
{
if (--argc < 1) goto bad;
sk_OPENSSL_STRING_push(osk,*(++argv));
}
else if (strcmp(*argv,"-genstr") == 0)
{
if (--argc < 1) goto bad;
genstr= *(++argv);
}
else if (strcmp(*argv,"-genconf") == 0)
{
if (--argc < 1) goto bad;
genconf= *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file (output format is always DER\n");
BIO_printf(bio_err," -noout arg don't produce any output\n");
BIO_printf(bio_err," -offset arg offset into file\n");
BIO_printf(bio_err," -length arg length of section in file\n");
BIO_printf(bio_err," -i indent entries\n");
BIO_printf(bio_err," -dump dump unknown data in hex form\n");
BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n");
BIO_printf(bio_err," -oid file file of extra oid definitions\n");
BIO_printf(bio_err," -strparse offset\n");
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
BIO_printf(bio_err," ASN1 blob wrappings\n");
BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n");
BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
goto end;
}
ERR_load_crypto_strings();
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
if (oidfile != NULL)
{
if (BIO_read_filename(in,oidfile) <= 0)
{
BIO_printf(bio_err,"problems opening %s\n",oidfile);
ERR_print_errors(bio_err);
goto end;
}
OBJ_create_objects(in);
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (derfile) {
if(!(derout = BIO_new_file(derfile, "wb"))) {
BIO_printf(bio_err,"problems opening %s\n",derfile);
ERR_print_errors(bio_err);
goto end;
}
}
if ((buf=BUF_MEM_new()) == NULL) goto end;
if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
if (genstr || genconf)
{
num = do_generate(bio_err, genstr, genconf, buf);
if (num < 0)
{
ERR_print_errors(bio_err);
goto end;
}
}
else
{
if (informat == FORMAT_PEM)
{
BIO *tmp;
if ((b64=BIO_new(BIO_f_base64())) == NULL)
goto end;
BIO_push(b64,in);
tmp=in;
in=b64;
b64=tmp;
}
num=0;
for (;;)
{
if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
i=BIO_read(in,&(buf->data[num]),BUFSIZ);
if (i <= 0) break;
num+=i;
}
}
str=buf->data;
/* If any structs to parse go through in sequence */
if (sk_OPENSSL_STRING_num(osk))
{
tmpbuf=(unsigned char *)str;
tmplen=num;
for (i=0; i<sk_OPENSSL_STRING_num(osk); i++)
{
ASN1_TYPE *atmp;
int typ;
j=atoi(sk_OPENSSL_STRING_value(osk,i));
if (j == 0)
{
BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i));
continue;
}
tmpbuf+=j;
tmplen-=j;
atmp = at;
ctmpbuf = tmpbuf;
at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
ASN1_TYPE_free(atmp);
if(!at)
{
BIO_printf(bio_err,"Error parsing structure\n");
ERR_print_errors(bio_err);
goto end;
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
|| (typ == V_ASN1_NULL))
{
BIO_printf(bio_err, "Can't parse %s type\n",
typ == V_ASN1_NULL ? "NULL" : "OBJECT");
ERR_print_errors(bio_err);
goto end;
}
/* hmm... this is a little evil but it works */
tmpbuf=at->value.asn1_string->data;
tmplen=at->value.asn1_string->length;
}
str=(char *)tmpbuf;
num=tmplen;
}
if (offset >= num)
{
BIO_printf(bio_err, "Error: offset too large\n");
goto end;
}
num -= offset;
if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
if(derout) {
if(BIO_write(derout, str + offset, length) != (int)length) {
BIO_printf(bio_err, "Error writing output\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (!noout &&
!ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
indent,dump))
{
ERR_print_errors(bio_err);
goto end;
}
ret=0;
end:
BIO_free(derout);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (b64 != NULL) BIO_free(b64);
if (ret != 0)
ERR_print_errors(bio_err);
if (buf != NULL) BUF_MEM_free(buf);
if (at != NULL) ASN1_TYPE_free(at);
if (osk != NULL) sk_OPENSSL_STRING_free(osk);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
{
CONF *cnf = NULL;
int len;
long errline;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
if (genconf)
{
cnf = NCONF_new(NULL);
if (!NCONF_load(cnf, genconf, &errline))
goto conferr;
if (!genstr)
genstr = NCONF_get_string(cnf, "default", "asn1");
if (!genstr)
{
BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
goto err;
}
}
atyp = ASN1_generate_nconf(genstr, cnf);
NCONF_free(cnf);
cnf = NULL;
if (!atyp)
return -1;
len = i2d_ASN1_TYPE(atyp, NULL);
if (len <= 0)
goto err;
if (!BUF_MEM_grow(buf,len))
goto err;
p=(unsigned char *)buf->data;
i2d_ASN1_TYPE(atyp, &p);
ASN1_TYPE_free(atyp);
return len;
conferr:
if (errline > 0)
BIO_printf(bio, "Error on line %ld of config file '%s'\n",
errline, genconf);
else
BIO_printf(bio, "Error loading config file '%s'\n", genconf);
err:
NCONF_free(cnf);
ASN1_TYPE_free(atyp);
return -1;
}

View File

@ -0,0 +1 @@
07

View File

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
-----END CERTIFICATE REQUEST-----

2985
jni/openssl/apps/ca.c Normal file

File diff suppressed because it is too large Load Diff

11
jni/openssl/apps/cert.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
-----END CERTIFICATE-----

231
jni/openssl/apps/ciphers.c Normal file
View File

@ -0,0 +1,231 @@
/* apps/ciphers.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
#undef PROG
#define PROG ciphers_main
static const char *ciphers_usage[]={
"usage: ciphers args\n",
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
" -V - even more verbose\n",
" -ssl2 - SSL2 mode\n",
" -ssl3 - SSL3 mode\n",
" -tls1 - TLS1 mode\n",
NULL
};
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int ret=1,i;
int verbose=0,Verbose=0;
const char **pp;
const char *p;
int badops=0;
SSL_CTX *ctx=NULL;
SSL *ssl=NULL;
char *ciphers=NULL;
const SSL_METHOD *meth=NULL;
STACK_OF(SSL_CIPHER) *sk;
char buf[512];
BIO *STDout=NULL;
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
#elif !defined(OPENSSL_NO_SSL3)
meth=SSLv3_server_method();
#elif !defined(OPENSSL_NO_SSL2)
meth=SSLv2_server_method();
#endif
apps_startup();
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
}
#endif
if (!load_config(bio_err, NULL))
goto end;
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-v") == 0)
verbose=1;
else if (strcmp(*argv,"-V") == 0)
verbose=Verbose=1;
#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
#ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv,"-?") == 0))
{
badops=1;
break;
}
else
{
ciphers= *argv;
}
argc--;
argv++;
}
if (badops)
{
for (pp=ciphers_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,"%s",*pp);
goto end;
}
OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(meth);
if (ctx == NULL) goto err;
if (ciphers != NULL) {
if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl=SSL_new(ctx);
if (ssl == NULL) goto err;
if (!verbose)
{
for (i=0; ; i++)
{
p=SSL_get_cipher_list(ssl,i);
if (p == NULL) break;
if (i != 0) BIO_printf(STDout,":");
BIO_printf(STDout,"%s",p);
}
BIO_printf(STDout,"\n");
}
else /* verbose */
{
sk=SSL_get_ciphers(ssl);
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk,i);
if (Verbose)
{
unsigned long id = c->id;
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x02000000L)
BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
else if ((id & 0xff000000L) == 0x03000000L)
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
else
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
}
}
ret=0;
if (0)
{
err:
SSL_load_error_strings();
ERR_print_errors(bio_err);
}
end:
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free_all(STDout);
apps_shutdown();
OPENSSL_EXIT(ret);
}

View File

@ -0,0 +1,24 @@
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit)
-----BEGIN CERTIFICATE-----
MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5
MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl
cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw
Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt
XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5
NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3
UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE
9TKwhS4GlwbtCfxSKQ==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
-----END RSA PRIVATE KEY-----

1362
jni/openssl/apps/cms.c Normal file

File diff suppressed because it is too large Load Diff

446
jni/openssl/apps/crl.c Normal file
View File

@ -0,0 +1,446 @@
/* apps/crl.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#undef PROG
#define PROG crl_main
#undef POSTFIX
#define POSTFIX ".rvk"
static const char *crl_usage[]={
"usage: crl args\n",
"\n",
" -inform arg - input format - default PEM (DER or PEM)\n",
" -outform arg - output format - default PEM\n",
" -text - print out a text format version\n",
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -hash - print hash value\n",
" -fingerprint - print the crl fingerprint\n",
" -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n",
" -nextupdate - nextUpdate field\n",
" -crlnumber - print CRL number\n",
" -noout - no CRL output\n",
" -CAfile name - verify CRL using certificates in file \"name\"\n",
" -CApath dir - verify CRL using certificates in \"dir\"\n",
" -nameopt arg - various certificate name options\n",
NULL
};
static X509_CRL *load_crl(char *file, int format);
static BIO *bio_out=NULL;
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
unsigned long nmflag = 0;
X509_CRL *x=NULL;
char *CAfile = NULL, *CApath = NULL;
int ret=1,i,num,badops=0;
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
int fingerprint = 0, crlnumber = 0;
const char **pp;
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
X509_LOOKUP *lookup = NULL;
X509_OBJECT xobj;
EVP_PKEY *pkey;
int do_ver = 0;
const EVP_MD *md_alg,*digest=EVP_sha1();
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
if (bio_out == NULL)
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
{
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
#endif
}
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
argc--;
argv++;
num=0;
while (argc >= 1)
{
#ifdef undef
if (strcmp(*argv,"-p") == 0)
{
if (--argc < 1) goto bad;
if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
}
#endif
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-CApath") == 0)
{
if (--argc < 1) goto bad;
CApath = *(++argv);
do_ver = 1;
}
else if (strcmp(*argv,"-CAfile") == 0)
{
if (--argc < 1) goto bad;
CAfile = *(++argv);
do_ver = 1;
}
else if (strcmp(*argv,"-verify") == 0)
do_ver = 1;
else if (strcmp(*argv,"-text") == 0)
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
else if (strcmp(*argv,"-nameopt") == 0)
{
if (--argc < 1) goto bad;
if (!set_name_ex(&nmflag, *(++argv))) goto bad;
}
else if (strcmp(*argv,"-issuer") == 0)
issuer= ++num;
else if (strcmp(*argv,"-lastupdate") == 0)
lastupdate= ++num;
else if (strcmp(*argv,"-nextupdate") == 0)
nextupdate= ++num;
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-fingerprint") == 0)
fingerprint= ++num;
else if (strcmp(*argv,"-crlnumber") == 0)
crlnumber= ++num;
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
digest=md_alg;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
for (pp=crl_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,"%s",*pp);
goto end;
}
ERR_load_crypto_strings();
x=load_crl(infile,informat);
if (x == NULL) { goto end; }
if(do_ver) {
store = X509_STORE_new();
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
if (lookup == NULL) goto end;
if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
if (lookup == NULL) goto end;
if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
ERR_clear_error();
if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
BIO_printf(bio_err,
"Error initialising X509 store\n");
goto end;
}
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
X509_CRL_get_issuer(x), &xobj);
if(i <= 0) {
BIO_printf(bio_err,
"Error getting CRL issuer certificate\n");
goto end;
}
pkey = X509_get_pubkey(xobj.data.x509);
X509_OBJECT_free_contents(&xobj);
if(!pkey) {
BIO_printf(bio_err,
"Error getting CRL issuer public key\n");
goto end;
}
i = X509_CRL_verify(x, pkey);
EVP_PKEY_free(pkey);
if(i < 0) goto end;
if(i == 0) BIO_printf(bio_err, "verify failure\n");
else BIO_printf(bio_err, "verify OK\n");
}
if (num)
{
for (i=1; i<=num; i++)
{
if (issuer == i)
{
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
}
if (crlnumber == i)
{
ASN1_INTEGER *crlnum;
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number,
NULL, NULL);
BIO_printf(bio_out,"crlNumber=");
if (crlnum)
{
i2a_ASN1_INTEGER(bio_out, crlnum);
ASN1_INTEGER_free(crlnum);
}
else
BIO_puts(bio_out, "<NONE>");
BIO_printf(bio_out,"\n");
}
if (hash == i)
{
BIO_printf(bio_out,"%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
if (lastupdate == i)
{
BIO_printf(bio_out,"lastUpdate=");
ASN1_TIME_print(bio_out,
X509_CRL_get_lastUpdate(x));
BIO_printf(bio_out,"\n");
}
if (nextupdate == i)
{
BIO_printf(bio_out,"nextUpdate=");
if (X509_CRL_get_nextUpdate(x))
ASN1_TIME_print(bio_out,
X509_CRL_get_nextUpdate(x));
else
BIO_printf(bio_out,"NONE");
BIO_printf(bio_out,"\n");
}
if (fingerprint == i)
{
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
if (!X509_CRL_digest(x,digest,md,&n))
{
BIO_printf(bio_err,"out of memory\n");
goto end;
}
BIO_printf(bio_out,"%s Fingerprint=",
OBJ_nid2sn(EVP_MD_type(digest)));
for (j=0; j<(int)n; j++)
{
BIO_printf(bio_out,"%02X%c",md[j],
(j+1 == (int)n)
?'\n':':');
}
}
}
}
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (text) X509_CRL_print(out, x);
if (noout)
{
ret = 0;
goto end;
}
if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_CRL_bio(out,x);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_X509_CRL(out,x);
else
{
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
ret=0;
end:
BIO_free_all(out);
BIO_free_all(bio_out);
bio_out=NULL;
X509_CRL_free(x);
if(store) {
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
apps_shutdown();
OPENSSL_EXIT(ret);
}
static X509_CRL *load_crl(char *infile, int format)
{
X509_CRL *x=NULL;
BIO *in=NULL;
in=BIO_new(BIO_s_file());
if (in == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (format == FORMAT_ASN1)
x=d2i_X509_CRL_bio(in,NULL);
else if (format == FORMAT_PEM)
x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
else {
BIO_printf(bio_err,"bad input format specified for input crl\n");
goto end;
}
if (x == NULL)
{
BIO_printf(bio_err,"unable to load CRL\n");
ERR_print_errors(bio_err);
goto end;
}
end:
BIO_free(in);
return(x);
}

337
jni/openssl/apps/crl2p7.c Normal file
View File

@ -0,0 +1,337 @@
/* apps/crl2p7.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
* and donated 'to the cause' along with lots and lots of other fixes to
* the library. */
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include "apps.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include <openssl/objects.h>
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
#undef PROG
#define PROG crl2pkcs7_main
/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int i,badops=0;
BIO *in=NULL,*out=NULL;
int informat,outformat;
char *infile,*outfile,*prog,*certfile;
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
X509_CRL *crl=NULL;
STACK_OF(OPENSSL_STRING) *certflst=NULL;
STACK_OF(X509_CRL) *crl_stack=NULL;
STACK_OF(X509) *cert_stack=NULL;
int ret=1,nocrl=0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-nocrl") == 0)
{
nocrl=1;
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-certfile") == 0)
{
if (--argc < 1) goto bad;
if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(certflst,*(++argv));
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err," (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
ret = 1;
goto end;
}
ERR_load_crypto_strings();
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (!nocrl)
{
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (informat == FORMAT_ASN1)
crl=d2i_X509_CRL_bio(in,NULL);
else if (informat == FORMAT_PEM)
crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
else {
BIO_printf(bio_err,"bad input format specified for input crl\n");
goto end;
}
if (crl == NULL)
{
BIO_printf(bio_err,"unable to load CRL\n");
ERR_print_errors(bio_err);
goto end;
}
}
if ((p7=PKCS7_new()) == NULL) goto end;
if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
p7->type=OBJ_nid2obj(NID_pkcs7_signed);
p7->d.sign=p7s;
p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
p7s->crl=crl_stack;
if (crl != NULL)
{
sk_X509_CRL_push(crl_stack,crl);
crl=NULL; /* now part of p7 for OPENSSL_freeing */
}
if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
p7s->cert=cert_stack;
if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack,certfile) < 0)
{
BIO_printf(bio_err, "error loading certificates\n");
ERR_print_errors(bio_err);
goto end;
}
}
sk_OPENSSL_STRING_free(certflst);
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (outformat == FORMAT_ASN1)
i=i2d_PKCS7_bio(out,p7);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_PKCS7(out,p7);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (p7 != NULL) PKCS7_free(p7);
if (crl != NULL) X509_CRL_free(crl);
apps_shutdown();
OPENSSL_EXIT(ret);
}
/*
*----------------------------------------------------------------------
* int add_certs_from_file
*
* Read a list of certificates to be checked from a file.
*
* Results:
* number of certs added if successful, -1 if not.
*----------------------------------------------------------------------
*/
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
{
BIO *in=NULL;
int count=0;
int ret= -1;
STACK_OF(X509_INFO) *sk=NULL;
X509_INFO *xi;
in=BIO_new(BIO_s_file());
if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
{
BIO_printf(bio_err,"error opening the file, %s\n",certfile);
goto end;
}
/* This loads from a file, a stack of x509/crl/pkey sets */
sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);
if (sk == NULL) {
BIO_printf(bio_err,"error reading the file, %s\n",certfile);
goto end;
}
/* scan over it and pull out the CRL's */
while (sk_X509_INFO_num(sk))
{
xi=sk_X509_INFO_shift(sk);
if (xi->x509 != NULL)
{
sk_X509_push(stack,xi->x509);
xi->x509=NULL;
count++;
}
X509_INFO_free(xi);
}
ret=count;
end:
/* never need to OPENSSL_free x */
if (in != NULL) BIO_free(in);
if (sk != NULL) sk_X509_INFO_free(sk);
return(ret);
}

632
jni/openssl/apps/dgst.c Normal file
View File

@ -0,0 +1,632 @@
/* apps/dgst.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
#undef BUFSIZE
#define BUFSIZE 1024*8
#undef PROG
#define PROG dgst_main
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file,BIO *bmd);
static void list_md_fn(const EVP_MD *m,
const char *from, const char *to, void *arg)
{
const char *mname;
/* Skip aliases */
if (!m)
return;
mname = OBJ_nid2ln(EVP_MD_type(m));
/* Skip shortnames */
if (strcmp(from, mname))
return;
/* Skip clones */
if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
return;
if (strchr(mname, ' '))
mname= EVP_MD_name(m);
BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
mname, mname);
}
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
unsigned char *buf=NULL;
int i,err=1;
const EVP_MD *md=NULL,*m;
BIO *in=NULL,*inp;
BIO *bmd=NULL;
BIO *out = NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
int separator=0;
int debug=0;
int keyform=FORMAT_PEM;
const char *outfile = NULL, *keyfile = NULL;
const char *sigfile = NULL, *randfile = NULL;
int out_bin = -1, want_pub = 0, do_verify = 0;
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
char *passargin = NULL, *passin = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
char *hmac_key=NULL;
char *mac_name=NULL;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
apps_startup();
if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
{
BIO_printf(bio_err,"out of memory\n");
goto end;
}
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
/* first check the program name */
program_name(argv[0],pname,sizeof pname);
md=EVP_get_digestbyname(pname);
argc--;
argv++;
while (argc > 0)
{
if ((*argv)[0] != '-') break;
if (strcmp(*argv,"-c") == 0)
separator=1;
else if (strcmp(*argv,"-r") == 0)
separator=2;
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) break;
randfile=*(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) break;
outfile=*(++argv);
}
else if (strcmp(*argv,"-sign") == 0)
{
if (--argc < 1) break;
keyfile=*(++argv);
}
else if (!strcmp(*argv,"-passin"))
{
if (--argc < 1)
break;
passargin=*++argv;
}
else if (strcmp(*argv,"-verify") == 0)
{
if (--argc < 1) break;
keyfile=*(++argv);
want_pub = 1;
do_verify = 1;
}
else if (strcmp(*argv,"-prverify") == 0)
{
if (--argc < 1) break;
keyfile=*(++argv);
do_verify = 1;
}
else if (strcmp(*argv,"-signature") == 0)
{
if (--argc < 1) break;
sigfile=*(++argv);
}
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) break;
keyform=str2fmt(*(++argv));
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) break;
engine= *(++argv);
e = setup_engine(bio_err, engine, 0);
}
#endif
else if (strcmp(*argv,"-hex") == 0)
out_bin = 0;
else if (strcmp(*argv,"-binary") == 0)
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
else if (!strcmp(*argv,"-hmac"))
{
if (--argc < 1)
break;
hmac_key=*++argv;
}
else if (!strcmp(*argv,"-mac"))
{
if (--argc < 1)
break;
mac_name=*++argv;
}
else if (strcmp(*argv,"-sigopt") == 0)
{
if (--argc < 1)
break;
if (!sigopts)
sigopts = sk_OPENSSL_STRING_new_null();
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
break;
}
else if (strcmp(*argv,"-macopt") == 0)
{
if (--argc < 1)
break;
if (!macopts)
macopts = sk_OPENSSL_STRING_new_null();
if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
break;
}
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
md=m;
else
break;
argc--;
argv++;
}
if(do_verify && !sigfile) {
BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
goto end;
}
if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
{
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"-c to output the digest with separating colons\n");
BIO_printf(bio_err,"-r to output the digest in coreutils format\n");
BIO_printf(bio_err,"-d to output debug info\n");
BIO_printf(bio_err,"-hex output as hex dump\n");
BIO_printf(bio_err,"-binary output in binary form\n");
BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
BIO_printf(bio_err,"-out filename output to filename rather than stdout\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-sigopt nm:v signature parameter\n");
BIO_printf(bio_err,"-hmac key create hashed MAC with key\n");
BIO_printf(bio_err,"-mac algorithm create MAC (not neccessarily HMAC)\n");
BIO_printf(bio_err,"-macopt nm:v MAC algorithm parameters or key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
#endif
EVP_MD_do_all_sorted(list_md_fn, bio_err);
goto end;
}
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
if (debug)
{
BIO_set_callback(in,BIO_debug_callback);
/* needed for windows 3.1 */
BIO_set_callback_arg(in,(char *)bio_err);
}
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
{
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if ((in == NULL) || (bmd == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if(out_bin == -1) {
if(keyfile)
out_bin = 1;
else
out_bin = 0;
}
if(randfile)
app_RAND_load_file(randfile, bio_err, 0);
if(outfile) {
if(out_bin)
out = BIO_new_file(outfile, "wb");
else out = BIO_new_file(outfile, "w");
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if(!out) {
BIO_printf(bio_err, "Error opening output file %s\n",
outfile ? outfile : "(stdout)");
ERR_print_errors(bio_err);
goto end;
}
if ((!!mac_name + !!keyfile + !!hmac_key) > 1)
{
BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
goto end;
}
if(keyfile)
{
if (want_pub)
sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
e, "key file");
else
sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
e, "key file");
if (!sigkey)
{
/* load_[pub]key() has already printed an appropriate
message */
goto end;
}
}
if (mac_name)
{
EVP_PKEY_CTX *mac_ctx = NULL;
int r = 0;
if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0))
goto mac_end;
if (macopts)
{
char *macopt;
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
{
macopt = sk_OPENSSL_STRING_value(macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
{
BIO_printf(bio_err,
"MAC parameter error \"%s\"\n",
macopt);
ERR_print_errors(bio_err);
goto mac_end;
}
}
}
if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0)
{
BIO_puts(bio_err, "Error generating key\n");
ERR_print_errors(bio_err);
goto mac_end;
}
r = 1;
mac_end:
if (mac_ctx)
EVP_PKEY_CTX_free(mac_ctx);
if (r == 0)
goto end;
}
if (hmac_key)
{
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
(unsigned char *)hmac_key, -1);
if (!sigkey)
goto end;
}
if (sigkey)
{
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
int r;
if (!BIO_get_md_ctx(bmd, &mctx))
{
BIO_printf(bio_err, "Error getting context\n");
ERR_print_errors(bio_err);
goto end;
}
if (do_verify)
r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
else
r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
if (!r)
{
BIO_printf(bio_err, "Error setting context\n");
ERR_print_errors(bio_err);
goto end;
}
if (sigopts)
{
char *sigopt;
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
{
sigopt = sk_OPENSSL_STRING_value(sigopts, i);
if (pkey_ctrl_string(pctx, sigopt) <= 0)
{
BIO_printf(bio_err,
"parameter error \"%s\"\n",
sigopt);
ERR_print_errors(bio_err);
goto end;
}
}
}
}
/* we use md as a filter, reading from 'in' */
else
{
if (md == NULL)
md = EVP_md5();
if (!BIO_set_md(bmd,md))
{
BIO_printf(bio_err, "Error setting digest %s\n", pname);
ERR_print_errors(bio_err);
goto end;
}
}
if(sigfile && sigkey) {
BIO *sigbio;
sigbio = BIO_new_file(sigfile, "rb");
siglen = EVP_PKEY_size(sigkey);
sigbuf = OPENSSL_malloc(siglen);
if(!sigbio) {
BIO_printf(bio_err, "Error opening signature file %s\n",
sigfile);
ERR_print_errors(bio_err);
goto end;
}
siglen = BIO_read(sigbio, sigbuf, siglen);
BIO_free(sigbio);
if(siglen <= 0) {
BIO_printf(bio_err, "Error reading signature file %s\n",
sigfile);
ERR_print_errors(bio_err);
goto end;
}
}
inp=BIO_push(bmd,in);
if (md == NULL)
{
EVP_MD_CTX *tctx;
BIO_get_md_ctx(bmd, &tctx);
md = EVP_MD_CTX_md(tctx);
}
if (argc == 0)
{
BIO_set_fp(in,stdin,BIO_NOCLOSE);
err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
siglen,NULL,NULL,"stdin",bmd);
}
else
{
const char *md_name = NULL, *sig_name = NULL;
if(!out_bin)
{
if (sigkey)
{
const EVP_PKEY_ASN1_METHOD *ameth;
ameth = EVP_PKEY_get0_asn1(sigkey);
if (ameth)
EVP_PKEY_asn1_get0_info(NULL, NULL,
NULL, NULL, &sig_name, ameth);
}
md_name = EVP_MD_name(md);
}
err = 0;
for (i=0; i<argc; i++)
{
int r;
if (BIO_read_filename(in,argv[i]) <= 0)
{
perror(argv[i]);
err++;
continue;
}
else
r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
siglen,sig_name,md_name, argv[i],bmd);
if(r)
err=r;
(void)BIO_reset(bmd);
}
}
end:
if (buf != NULL)
{
OPENSSL_cleanse(buf,BUFSIZE);
OPENSSL_free(buf);
}
if (in != NULL) BIO_free(in);
if (passin)
OPENSSL_free(passin);
BIO_free_all(out);
EVP_PKEY_free(sigkey);
if (sigopts)
sk_OPENSSL_STRING_free(sigopts);
if (macopts)
sk_OPENSSL_STRING_free(macopts);
if(sigbuf) OPENSSL_free(sigbuf);
if (bmd != NULL) BIO_free(bmd);
apps_shutdown();
OPENSSL_EXIT(err);
}
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file,BIO *bmd)
{
size_t len;
int i;
for (;;)
{
i=BIO_read(bp,(char *)buf,BUFSIZE);
if(i < 0)
{
BIO_printf(bio_err, "Read Error in %s\n",file);
ERR_print_errors(bio_err);
return 1;
}
if (i == 0) break;
}
if(sigin)
{
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
if(i > 0)
BIO_printf(out, "Verified OK\n");
else if(i == 0)
{
BIO_printf(out, "Verification Failure\n");
return 1;
}
else
{
BIO_printf(bio_err, "Error Verifying Data\n");
ERR_print_errors(bio_err);
return 1;
}
return 0;
}
if(key)
{
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
len = BUFSIZE;
if(!EVP_DigestSignFinal(ctx, buf, &len))
{
BIO_printf(bio_err, "Error Signing Data\n");
ERR_print_errors(bio_err);
return 1;
}
}
else
{
len=BIO_gets(bp,(char *)buf,BUFSIZE);
if ((int)len <0)
{
ERR_print_errors(bio_err);
return 1;
}
}
if(binout) BIO_write(out, buf, len);
else if (sep == 2)
{
for (i=0; i<(int)len; i++)
BIO_printf(out, "%02x",buf[i]);
BIO_printf(out, " *%s\n", file);
}
else
{
if (sig_name)
BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file);
else if (md_name)
BIO_printf(out, "%s(%s)= ", md_name, file);
else
BIO_printf(out, "(%s)= ", file);
for (i=0; i<(int)len; i++)
{
if (sep && (i != 0))
BIO_printf(out, ":");
BIO_printf(out, "%02x",buf[i]);
}
BIO_printf(out, "\n");
}
return 0;
}

355
jni/openssl/apps/dh.c Normal file
View File

@ -0,0 +1,355 @@
/* apps/dh.c */
/* obsoleted by dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#undef PROG
#define PROG dh_main
/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -check - check the parameters are ok
* -noout
* -text
* -C
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
DH *dh=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
#ifndef OPENSSL_NO_ENGINE
char *engine;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
#ifndef OPENSSL_NO_ENGINE
engine=NULL;
#endif
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-C") == 0)
C=1;
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -check check the DH parameters\n");
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (informat == FORMAT_ASN1)
dh=d2i_DHparams_bio(in,NULL);
else if (informat == FORMAT_PEM)
dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
else
{
BIO_printf(bio_err,"bad input format specified\n");
goto end;
}
if (dh == NULL)
{
BIO_printf(bio_err,"unable to load DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (text)
{
DHparams_print(out,dh);
#ifdef undef
printf("p=");
BN_print(stdout,dh->p);
printf("\ng=");
BN_print(stdout,dh->g);
printf("\n");
if (dh->length != 0)
printf("recommended private length=%ld\n",dh->length);
#endif
}
if (check)
{
if (!DH_check(dh,&i))
{
ERR_print_errors(bio_err);
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
printf("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
printf("the g value is not a generator\n");
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
if (C)
{
unsigned char *data;
int len,l,bits;
len=BN_num_bytes(dh->p);
bits=BN_num_bits(dh->p);
data=(unsigned char *)OPENSSL_malloc(len);
if (data == NULL)
{
perror("OPENSSL_malloc");
goto end;
}
l=BN_bn2bin(dh->p,data);
printf("static unsigned char dh%d_p[]={",bits);
for (i=0; i<l; i++)
{
if ((i%12) == 0) printf("\n\t");
printf("0x%02X,",data[i]);
}
printf("\n\t};\n");
l=BN_bn2bin(dh->g,data);
printf("static unsigned char dh%d_g[]={",bits);
for (i=0; i<l; i++)
{
if ((i%12) == 0) printf("\n\t");
printf("0x%02X,",data[i]);
}
printf("\n\t};\n\n");
printf("DH *get_dh%d()\n\t{\n",bits);
printf("\tDH *dh;\n\n");
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
bits,bits);
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
bits,bits);
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
printf("\t\treturn(NULL);\n");
printf("\treturn(dh);\n\t}\n");
OPENSSL_free(data);
}
if (!noout)
{
if (outformat == FORMAT_ASN1)
i=i2d_DHparams_bio(out,dh);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DHparams(out,dh);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_DH */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@ -0,0 +1,10 @@
-----BEGIN DH PARAMETERS-----
MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
-----END DH PARAMETERS-----
These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
(http://www.skip-vpn.org/spec/numbers.html).
See there for how they were generated.
Note that g is not a generator, but this is not a problem since p is a safe prime.

View File

@ -0,0 +1,12 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
-----END DH PARAMETERS-----
These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
(http://www.skip-vpn.org/spec/numbers.html).
See there for how they were generated.

View File

@ -0,0 +1,18 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
-----END DH PARAMETERS-----
These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
(http://www.skip-vpn.org/spec/numbers.html).
See there for how they were generated.
Note that g is not a generator, but this is not a problem since p is a safe prime.

View File

@ -0,0 +1,9 @@
-----BEGIN DH PARAMETERS-----
MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
-----END DH PARAMETERS-----
These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
(http://www.skip-vpn.org/spec/numbers.html).
See there for how they were generated.
Note that g is not a generator, but this is not a problem since p is a safe prime.

560
jni/openssl/apps/dhparam.c Normal file
View File

@ -0,0 +1,560 @@
/* apps/dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#undef PROG
#define PROG dhparam_main
#define DEFBITS 512
/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -dsaparam - read or generate DSA parameters, convert to DH
* -check - check the parameters are ok
* -noout
* -text
* -C
*/
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
DH *dh=NULL;
int i,badops=0,text=0;
#ifndef OPENSSL_NO_DSA
int dsaparam=0;
#endif
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
char *inrand=NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
int num = 0, g = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
#ifndef OPENSSL_NO_DSA
else if (strcmp(*argv,"-dsaparam") == 0)
dsaparam=1;
#endif
else if (strcmp(*argv,"-C") == 0)
C=1;
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-2") == 0)
g=2;
else if (strcmp(*argv,"-5") == 0)
g=5;
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
goto bad;
argv++;
argc--;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
#ifndef OPENSSL_NO_DSA
BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n");
#endif
BIO_printf(bio_err," -check check the DH parameters\n");
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -noout no output\n");
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if (g && !num)
num = DEFBITS;
#ifndef OPENSSL_NO_DSA
if (dsaparam)
{
if (g)
{
BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
goto end;
}
}
else
#endif
{
/* DH parameters */
if (num && !g)
g = 2;
}
if(num) {
BN_GENCB cb;
BN_GENCB_set(&cb, dh_cb, bio_err);
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
#ifndef OPENSSL_NO_DSA
if (dsaparam)
{
DSA *dsa = DSA_new();
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
if(!dsa || !DSA_generate_parameters_ex(dsa, num,
NULL, 0, NULL, NULL, &cb))
{
if(dsa) DSA_free(dsa);
ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
}
else
#endif
{
dh = DH_new();
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
BIO_printf(bio_err,"This is going to take a long time\n");
if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
{
if(dh) DH_free(dh);
ERR_print_errors(bio_err);
goto end;
}
}
app_RAND_write_file(NULL, bio_err);
} else {
in=BIO_new(BIO_s_file());
if (in == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (informat != FORMAT_ASN1 && informat != FORMAT_PEM)
{
BIO_printf(bio_err,"bad input format specified\n");
goto end;
}
#ifndef OPENSSL_NO_DSA
if (dsaparam)
{
DSA *dsa;
if (informat == FORMAT_ASN1)
dsa=d2i_DSAparams_bio(in,NULL);
else /* informat == FORMAT_PEM */
dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
}
else
#endif
{
if (informat == FORMAT_ASN1)
dh=d2i_DHparams_bio(in,NULL);
else /* informat == FORMAT_PEM */
dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
if (dh == NULL)
{
BIO_printf(bio_err,"unable to load DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
/* dh != NULL */
}
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (text)
{
DHparams_print(out,dh);
}
if (check)
{
if (!DH_check(dh,&i))
{
ERR_print_errors(bio_err);
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
printf("p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
printf("the g value is not a generator\n");
if (i == 0)
printf("DH parameters appear to be ok.\n");
}
if (C)
{
unsigned char *data;
int len,l,bits;
len=BN_num_bytes(dh->p);
bits=BN_num_bits(dh->p);
data=(unsigned char *)OPENSSL_malloc(len);
if (data == NULL)
{
perror("OPENSSL_malloc");
goto end;
}
printf("#ifndef HEADER_DH_H\n"
"#include <openssl/dh.h>\n"
"#endif\n");
printf("DH *get_dh%d()\n\t{\n",bits);
l=BN_bn2bin(dh->p,data);
printf("\tstatic unsigned char dh%d_p[]={",bits);
for (i=0; i<l; i++)
{
if ((i%12) == 0) printf("\n\t\t");
printf("0x%02X,",data[i]);
}
printf("\n\t\t};\n");
l=BN_bn2bin(dh->g,data);
printf("\tstatic unsigned char dh%d_g[]={",bits);
for (i=0; i<l; i++)
{
if ((i%12) == 0) printf("\n\t\t");
printf("0x%02X,",data[i]);
}
printf("\n\t\t};\n");
printf("\tDH *dh;\n\n");
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
bits,bits);
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
bits,bits);
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
printf("\t\t{ DH_free(dh); return(NULL); }\n");
if (dh->length)
printf("\tdh->length = %ld;\n", dh->length);
printf("\treturn(dh);\n\t}\n");
OPENSSL_free(data);
}
if (!noout)
{
if (outformat == FORMAT_ASN1)
i=i2d_DHparams_bio(out,dh);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DHparams(out,dh);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
{
char c='*';
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write(cb->arg,&c,1);
(void)BIO_flush(cb->arg);
#ifdef LINT
p=n;
#endif
return 1;
}
#else /* !OPENSSL_NO_DH */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@ -0,0 +1,40 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
J6zsFbSEHaQGUmfSeoM=
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
C1Q=
-----END CERTIFICATE-----

View File

@ -0,0 +1,46 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
6TicfImU7UFRn9h00j0lJQ==
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
5rKUjNBhSg==
-----END CERTIFICATE-----

376
jni/openssl/apps/dsa.c Normal file
View File

@ -0,0 +1,376 @@
/* apps/dsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
#undef PROG
#define PROG dsa_main
/* -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -des - encrypt output if PEM format with DES in cbc mode
* -des3 - encrypt output if PEM format
* -idea - encrypt output if PEM format
* -aes128 - encrypt output if PEM format
* -aes192 - encrypt output if PEM format
* -aes256 - encrypt output if PEM format
* -camellia128 - encrypt output if PEM format
* -camellia192 - encrypt output if PEM format
* -camellia256 - encrypt output if PEM format
* -seed - encrypt output if PEM format
* -text - print a text version
* -modulus - print the DSA public key
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
const EVP_CIPHER *enc=NULL;
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
#ifndef OPENSSL_NO_ENGINE
char *engine;
#endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
int pvk_encr = 2;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
#ifndef OPENSSL_NO_ENGINE
engine=NULL;
#endif
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-pvk-strong") == 0)
pvk_encr=2;
else if (strcmp(*argv,"-pvk-weak") == 0)
pvk_encr=1;
else if (strcmp(*argv,"-pvk-none") == 0)
pvk_encr=0;
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-modulus") == 0)
modulus=1;
else if (strcmp(*argv,"-pubin") == 0)
pubin=1;
else if (strcmp(*argv,"-pubout") == 0)
pubout=1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
#endif
#ifndef OPENSSL_NO_SEED
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
#endif
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the DSA public value\n");
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
BIO_printf(bio_err,"read DSA key\n");
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1,
passin, e, "Public Key");
else
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "Private Key");
if (pkey)
{
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
}
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (text)
if (!DSA_print(out,dsa,0))
{
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (modulus)
{
fprintf(stdout,"Public Key=");
BN_print(out,dsa->pub_key);
fprintf(stdout,"\n");
}
if (noout) goto end;
BIO_printf(bio_err,"writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
else i=i2d_DSAPrivateKey_bio(out,dsa);
} else if (outformat == FORMAT_PEM) {
if(pubin || pubout)
i=PEM_write_bio_DSA_PUBKEY(out,dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
NULL,0,NULL, passout);
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
else if (pubin || pubout)
i = i2b_PublicKey_bio(out, pk);
else
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
#endif
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (i <= 0)
{
BIO_printf(bio_err,"unable to write private key\n");
ERR_print_errors(bio_err);
}
else
ret=0;
end:
if(in != NULL) BIO_free(in);
if(out != NULL) BIO_free_all(out);
if(dsa != NULL) DSA_free(dsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_DSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@ -0,0 +1,9 @@
-----BEGIN DSA PARAMETERS-----
MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
Arg=
-----END DSA PARAMETERS-----

View File

@ -0,0 +1,6 @@
-----BEGIN DSA PARAMETERS-----
MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
L8wka5B33qJoplISogOdIA==
-----END DSA PARAMETERS-----

View File

@ -0,0 +1,6 @@
-----BEGIN DSA PARAMETERS-----
MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
ADiRffvSdhrNw5dkqdql
-----END DSA PARAMETERS-----

479
jni/openssl/apps/dsaparam.c Normal file
View File

@ -0,0 +1,479 @@
/* apps/dsaparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
#undef OPENSSL_NO_DEPRECATED
#endif
#ifndef OPENSSL_NO_DSA
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#undef PROG
#define PROG dsaparam_main
/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -noout
* -text
* -C
* -noout
* -genkey
* #ifdef GENCB_TEST
* -timebomb n - interrupt keygen after <n> seconds
* #endif
*/
#ifdef GENCB_TEST
static int stop_keygen_flag = 0;
static void timebomb_sigalarm(int foo)
{
stop_keygen_flag = 1;
}
#endif
static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
DSA *dsa=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,noout=0,C=0,ret=1;
char *infile,*outfile,*prog,*inrand=NULL;
int numbits= -1,num,genkey=0;
int need_rand=0;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
#ifdef GENCB_TEST
int timebomb=0;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if(strcmp(*argv, "-engine") == 0)
{
if (--argc < 1) goto bad;
engine = *(++argv);
}
#endif
#ifdef GENCB_TEST
else if(strcmp(*argv, "-timebomb") == 0)
{
if (--argc < 1) goto bad;
timebomb = atoi(*(++argv));
}
#endif
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-C") == 0)
C=1;
else if (strcmp(*argv,"-genkey") == 0)
{
genkey=1;
need_rand=1;
}
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
need_rand=1;
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (sscanf(*argv,"%d",&num) == 1)
{
/* generate a key */
numbits=num;
need_rand=1;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -text print as text\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -genkey generate a DSA key\n");
BIO_printf(bio_err," -rand files to use for random number input\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
#ifdef GENCB_TEST
BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n");
#endif
BIO_printf(bio_err," number number of bits to use for generating private key\n");
goto end;
}
ERR_load_crypto_strings();
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if (need_rand)
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
if (numbits > 0)
{
BN_GENCB cb;
BN_GENCB_set(&cb, dsa_cb, bio_err);
assert(need_rand);
dsa = DSA_new();
if(!dsa)
{
BIO_printf(bio_err,"Error allocating DSA object\n");
goto end;
}
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
BIO_printf(bio_err,"This could take some time\n");
#ifdef GENCB_TEST
if(timebomb > 0)
{
struct sigaction act;
act.sa_handler = timebomb_sigalarm;
act.sa_flags = 0;
BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
timebomb);
if(sigaction(SIGALRM, &act, NULL) != 0)
{
BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
goto end;
}
alarm(timebomb);
}
#endif
if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
{
#ifdef GENCB_TEST
if(stop_keygen_flag)
{
BIO_printf(bio_err,"DSA key generation time-stopped\n");
/* This is an asked-for behaviour! */
ret = 0;
goto end;
}
#endif
BIO_printf(bio_err,"Error, DSA key generation failed\n");
goto end;
}
}
else if (informat == FORMAT_ASN1)
dsa=d2i_DSAparams_bio(in,NULL);
else if (informat == FORMAT_PEM)
dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
else
{
BIO_printf(bio_err,"bad input format specified\n");
goto end;
}
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (text)
{
DSAparams_print(out,dsa);
}
if (C)
{
unsigned char *data;
int l,len,bits_p;
len=BN_num_bytes(dsa->p);
bits_p=BN_num_bits(dsa->p);
data=(unsigned char *)OPENSSL_malloc(len+20);
if (data == NULL)
{
perror("OPENSSL_malloc");
goto end;
}
l=BN_bn2bin(dsa->p,data);
printf("static unsigned char dsa%d_p[]={",bits_p);
for (i=0; i<l; i++)
{
if ((i%12) == 0) printf("\n\t");
printf("0x%02X,",data[i]);
}
printf("\n\t};\n");
l=BN_bn2bin(dsa->q,data);
printf("static unsigned char dsa%d_q[]={",bits_p);
for (i=0; i<l; i++)
{
if ((i%12) == 0) printf("\n\t");
printf("0x%02X,",data[i]);
}
printf("\n\t};\n");
l=BN_bn2bin(dsa->g,data);
printf("static unsigned char dsa%d_g[]={",bits_p);
for (i=0; i<l; i++)
{
if ((i%12) == 0) printf("\n\t");
printf("0x%02X,",data[i]);
}
printf("\n\t};\n\n");
printf("DSA *get_dsa%d()\n\t{\n",bits_p);
printf("\tDSA *dsa;\n\n");
printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
bits_p,bits_p);
printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
bits_p,bits_p);
printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
bits_p,bits_p);
printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
printf("\treturn(dsa);\n\t}\n");
}
if (!noout)
{
if (outformat == FORMAT_ASN1)
i=i2d_DSAparams_bio(out,dsa);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DSAparams(out,dsa);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (genkey)
{
DSA *dsakey;
assert(need_rand);
if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
if (!DSA_generate_key(dsakey)) goto end;
if (outformat == FORMAT_ASN1)
i=i2d_DSAPrivateKey_bio(out,dsakey);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
DSA_free(dsakey);
}
if (need_rand)
app_RAND_write_file(NULL, bio_err);
ret=0;
end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
{
char c='*';
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write(cb->arg,&c,1);
(void)BIO_flush(cb->arg);
#ifdef LINT
p=n;
#endif
#ifdef GENCB_TEST
if(stop_keygen_flag)
return 0;
#endif
return 1;
}
#else /* !OPENSSL_NO_DSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

406
jni/openssl/apps/ec.c Normal file
View File

@ -0,0 +1,406 @@
/* apps/ec.c */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_EC
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#undef PROG
#define PROG ec_main
/* -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -des - encrypt output if PEM format with DES in cbc mode
* -text - print a text version
* -param_out - print the elliptic curve parameters
* -conv_form arg - specifies the point encoding form
* -param_enc arg - specifies the parameter encoding
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int ret = 1;
EC_KEY *eckey = NULL;
const EC_GROUP *group;
int i, badops = 0;
const EVP_CIPHER *enc = NULL;
BIO *in = NULL, *out = NULL;
int informat, outformat, text=0, noout=0;
int pubin = 0, pubout = 0, param_out = 0;
char *infile, *outfile, *prog, *engine;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int new_form = 0;
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
int new_asn1_flag = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
engine = NULL;
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
outformat = FORMAT_PEM;
prog = argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else if (strcmp(*argv, "-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
else if (strcmp(*argv, "-noout") == 0)
noout = 1;
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-conv_form") == 0)
{
if (--argc < 1)
goto bad;
++argv;
new_form = 1;
if (strcmp(*argv, "compressed") == 0)
form = POINT_CONVERSION_COMPRESSED;
else if (strcmp(*argv, "uncompressed") == 0)
form = POINT_CONVERSION_UNCOMPRESSED;
else if (strcmp(*argv, "hybrid") == 0)
form = POINT_CONVERSION_HYBRID;
else
goto bad;
}
else if (strcmp(*argv, "-param_enc") == 0)
{
if (--argc < 1)
goto bad;
++argv;
new_asn1_flag = 1;
if (strcmp(*argv, "named_curve") == 0)
asn1_flag = OPENSSL_EC_NAMED_CURVE;
else if (strcmp(*argv, "explicit") == 0)
asn1_flag = 0;
else
goto bad;
}
else if (strcmp(*argv, "-param_out") == 0)
param_out = 1;
else if (strcmp(*argv, "-pubin") == 0)
pubin=1;
else if (strcmp(*argv, "-pubout") == 0)
pubout=1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
{
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - "
"DER or PEM\n");
BIO_printf(bio_err, " -outform arg output format - "
"DER or PEM\n");
BIO_printf(bio_err, " -in arg input file\n");
BIO_printf(bio_err, " -passin arg input file pass "
"phrase source\n");
BIO_printf(bio_err, " -out arg output file\n");
BIO_printf(bio_err, " -passout arg output file pass "
"phrase source\n");
BIO_printf(bio_err, " -engine e use engine e, "
"possibly a hardware device.\n");
BIO_printf(bio_err, " -des encrypt PEM output, "
"instead of 'des' every other \n"
" cipher "
"supported by OpenSSL can be used\n");
BIO_printf(bio_err, " -text print the key\n");
BIO_printf(bio_err, " -noout don't print key out\n");
BIO_printf(bio_err, " -param_out print the elliptic "
"curve parameters\n");
BIO_printf(bio_err, " -conv_form arg specifies the "
"point conversion form \n");
BIO_printf(bio_err, " possible values:"
" compressed\n");
BIO_printf(bio_err, " "
" uncompressed (default)\n");
BIO_printf(bio_err, " "
" hybrid\n");
BIO_printf(bio_err, " -param_enc arg specifies the way"
" the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der "
"encoding\n");
BIO_printf(bio_err, " possible values:"
" named_curve (default)\n");
BIO_printf(bio_err," "
"explicit\n");
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
{
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else
{
if (BIO_read_filename(in, infile) <= 0)
{
perror(infile);
goto end;
}
}
BIO_printf(bio_err, "read EC key\n");
if (informat == FORMAT_ASN1)
{
if (pubin)
eckey = d2i_EC_PUBKEY_bio(in, NULL);
else
eckey = d2i_ECPrivateKey_bio(in, NULL);
}
else if (informat == FORMAT_PEM)
{
if (pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL,
NULL);
else
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
passin);
}
else
{
BIO_printf(bio_err, "bad input format specified for key\n");
goto end;
}
if (eckey == NULL)
{
BIO_printf(bio_err,"unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out, stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out, outfile) <= 0)
{
perror(outfile);
goto end;
}
}
group = EC_KEY_get0_group(eckey);
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (new_asn1_flag)
EC_KEY_set_asn1_flag(eckey, asn1_flag);
if (text)
if (!EC_KEY_print(out, eckey, 0))
{
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (noout)
{
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing EC key\n");
if (outformat == FORMAT_ASN1)
{
if (param_out)
i = i2d_ECPKParameters_bio(out, group);
else if (pubin || pubout)
i = i2d_EC_PUBKEY_bio(out, eckey);
else
i = i2d_ECPrivateKey_bio(out, eckey);
}
else if (outformat == FORMAT_PEM)
{
if (param_out)
i = PEM_write_bio_ECPKParameters(out, group);
else if (pubin || pubout)
i = PEM_write_bio_EC_PUBKEY(out, eckey);
else
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
NULL, 0, NULL, passout);
}
else
{
BIO_printf(bio_err, "bad output format specified for "
"outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
}
else
ret=0;
end:
if (in)
BIO_free(in);
if (out)
BIO_free_all(out);
if (eckey)
EC_KEY_free(eckey);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_EC */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

731
jni/openssl/apps/ecparam.c Normal file
View File

@ -0,0 +1,731 @@
/* apps/ecparam.c */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* The elliptic curve binary polynomial software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
*
*/
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_EC
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#undef PROG
#define PROG ecparam_main
/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -noout - do not print the ec parameter
* -text - print the ec parameters in text form
* -check - validate the ec parameters
* -C - print a 'C' function creating the parameters
* -name arg - use the ec parameters with 'short name' name
* -list_curves - prints a list of all currently available curve 'short names'
* -conv_form arg - specifies the point conversion form
* - possible values: compressed
* uncompressed (default)
* hybrid
* -param_enc arg - specifies the way the ec parameters are encoded
* in the asn1 der encoding
* possible values: named_curve (default)
* explicit
* -no_seed - if 'explicit' parameters are choosen do not use the seed
* -genkey - generate ec key
* -rand file - files to use for random number input
* -engine e - use engine e, possibly a hardware device
*/
static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
EC_GROUP *group = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int new_form = 0;
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
int new_asn1_flag = 0;
char *curve_name = NULL, *inrand = NULL;
int list_curves = 0, no_seed = 0, check = 0,
badops = 0, text = 0, i, need_rand = 0, genkey = 0;
char *infile = NULL, *outfile = NULL, *prog;
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
char *engine = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
unsigned char *buffer = NULL;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-text") == 0)
text = 1;
else if (strcmp(*argv,"-C") == 0)
C = 1;
else if (strcmp(*argv,"-check") == 0)
check = 1;
else if (strcmp (*argv, "-name") == 0)
{
if (--argc < 1)
goto bad;
curve_name = *(++argv);
}
else if (strcmp(*argv, "-list_curves") == 0)
list_curves = 1;
else if (strcmp(*argv, "-conv_form") == 0)
{
if (--argc < 1)
goto bad;
++argv;
new_form = 1;
if (strcmp(*argv, "compressed") == 0)
form = POINT_CONVERSION_COMPRESSED;
else if (strcmp(*argv, "uncompressed") == 0)
form = POINT_CONVERSION_UNCOMPRESSED;
else if (strcmp(*argv, "hybrid") == 0)
form = POINT_CONVERSION_HYBRID;
else
goto bad;
}
else if (strcmp(*argv, "-param_enc") == 0)
{
if (--argc < 1)
goto bad;
++argv;
new_asn1_flag = 1;
if (strcmp(*argv, "named_curve") == 0)
asn1_flag = OPENSSL_EC_NAMED_CURVE;
else if (strcmp(*argv, "explicit") == 0)
asn1_flag = 0;
else
goto bad;
}
else if (strcmp(*argv, "-no_seed") == 0)
no_seed = 1;
else if (strcmp(*argv, "-noout") == 0)
noout=1;
else if (strcmp(*argv,"-genkey") == 0)
{
genkey=1;
need_rand=1;
}
else if (strcmp(*argv, "-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
need_rand=1;
}
else if(strcmp(*argv, "-engine") == 0)
{
if (--argc < 1) goto bad;
engine = *(++argv);
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, " -inform arg input format - "
"default PEM (DER or PEM)\n");
BIO_printf(bio_err, " -outform arg output format - "
"default PEM\n");
BIO_printf(bio_err, " -in arg input file - "
"default stdin\n");
BIO_printf(bio_err, " -out arg output file - "
"default stdout\n");
BIO_printf(bio_err, " -noout do not print the "
"ec parameter\n");
BIO_printf(bio_err, " -text print the ec "
"parameters in text form\n");
BIO_printf(bio_err, " -check validate the ec "
"parameters\n");
BIO_printf(bio_err, " -C print a 'C' "
"function creating the parameters\n");
BIO_printf(bio_err, " -name arg use the "
"ec parameters with 'short name' name\n");
BIO_printf(bio_err, " -list_curves prints a list of "
"all currently available curve 'short names'\n");
BIO_printf(bio_err, " -conv_form arg specifies the "
"point conversion form \n");
BIO_printf(bio_err, " possible values:"
" compressed\n");
BIO_printf(bio_err, " "
" uncompressed (default)\n");
BIO_printf(bio_err, " "
" hybrid\n");
BIO_printf(bio_err, " -param_enc arg specifies the way"
" the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der "
"encoding\n");
BIO_printf(bio_err, " possible values:"
" named_curve (default)\n");
BIO_printf(bio_err, " "
" explicit\n");
BIO_printf(bio_err, " -no_seed if 'explicit'"
" parameters are choosen do not"
" use the seed\n");
BIO_printf(bio_err, " -genkey generate ec"
" key\n");
BIO_printf(bio_err, " -rand file files to use for"
" random number input\n");
BIO_printf(bio_err, " -engine e use engine e, "
"possibly a hardware device\n");
goto end;
}
ERR_load_crypto_strings();
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if (list_curves)
{
EC_builtin_curve *curves = NULL;
size_t crv_len = 0;
size_t n = 0;
crv_len = EC_get_builtin_curves(NULL, 0);
curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));
if (curves == NULL)
goto end;
if (!EC_get_builtin_curves(curves, crv_len))
{
OPENSSL_free(curves);
goto end;
}
for (n = 0; n < crv_len; n++)
{
const char *comment;
const char *sname;
comment = curves[n].comment;
sname = OBJ_nid2sn(curves[n].nid);
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
sname = "";
BIO_printf(out, " %-10s: ", sname);
BIO_printf(out, "%s\n", comment);
}
OPENSSL_free(curves);
ret = 0;
goto end;
}
if (curve_name != NULL)
{
int nid;
/* workaround for the SECG curve names secp192r1
* and secp256r1 (which are the same as the curves
* prime192v1 and prime256v1 defined in X9.62)
*/
if (!strcmp(curve_name, "secp192r1"))
{
BIO_printf(bio_err, "using curve name prime192v1 "
"instead of secp192r1\n");
nid = NID_X9_62_prime192v1;
}
else if (!strcmp(curve_name, "secp256r1"))
{
BIO_printf(bio_err, "using curve name prime256v1 "
"instead of secp256r1\n");
nid = NID_X9_62_prime256v1;
}
else
nid = OBJ_sn2nid(curve_name);
if (nid == 0)
{
BIO_printf(bio_err, "unknown curve name (%s)\n",
curve_name);
goto end;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL)
{
BIO_printf(bio_err, "unable to create curve (%s)\n",
curve_name);
goto end;
}
EC_GROUP_set_asn1_flag(group, asn1_flag);
EC_GROUP_set_point_conversion_form(group, form);
}
else if (informat == FORMAT_ASN1)
{
group = d2i_ECPKParameters_bio(in, NULL);
}
else if (informat == FORMAT_PEM)
{
group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
}
else
{
BIO_printf(bio_err, "bad input format specified\n");
goto end;
}
if (group == NULL)
{
BIO_printf(bio_err,
"unable to load elliptic curve parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (new_form)
EC_GROUP_set_point_conversion_form(group, form);
if (new_asn1_flag)
EC_GROUP_set_asn1_flag(group, asn1_flag);
if (no_seed)
{
EC_GROUP_set_seed(group, NULL, 0);
}
if (text)
{
if (!ECPKParameters_print(out, group, 0))
goto end;
}
if (check)
{
if (group == NULL)
BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL))
{
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
}
else
BIO_printf(bio_err, "ok\n");
}
if (C)
{
size_t buf_len = 0, tmp_len = 0;
const EC_POINT *point;
int is_prime, len = 0;
const EC_METHOD *meth = EC_GROUP_method_of(group);
if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
(ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
(ec_order = BN_new()) == NULL ||
(ec_cofactor = BN_new()) == NULL )
{
perror("OPENSSL_malloc");
goto end;
}
is_prime = (EC_METHOD_get_field_type(meth) ==
NID_X9_62_prime_field);
if (is_prime)
{
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
ec_b, NULL))
goto end;
}
else
{
/* TODO */
goto end;
}
if ((point = EC_GROUP_get0_generator(group)) == NULL)
goto end;
if (!EC_POINT_point2bn(group, point,
EC_GROUP_get_point_conversion_form(group), ec_gen,
NULL))
goto end;
if (!EC_GROUP_get_order(group, ec_order, NULL))
goto end;
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
goto end;
if (!ec_p || !ec_a || !ec_b || !ec_gen ||
!ec_order || !ec_cofactor)
goto end;
len = BN_num_bits(ec_order);
if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
buf_len = tmp_len;
buffer = (unsigned char *)OPENSSL_malloc(buf_len);
if (buffer == NULL)
{
perror("OPENSSL_malloc");
goto end;
}
ecparam_print_var(out, ec_p, "ec_p", len, buffer);
ecparam_print_var(out, ec_a, "ec_a", len, buffer);
ecparam_print_var(out, ec_b, "ec_b", len, buffer);
ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
ecparam_print_var(out, ec_order, "ec_order", len, buffer);
ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
buffer);
BIO_printf(out, "\n\n");
BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
BIO_printf(out, "\tint ok=0;\n");
BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
BIO_printf(out, "\tEC_POINT *point = NULL;\n");
BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
"*tmp_3 = NULL;\n\n");
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
"goto err;\n", len, len);
if (is_prime)
{
BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
"\n\t\tgoto err;\n\n");
}
else
{
/* TODO */
goto end;
}
BIO_printf(out, "\t/* build generator */\n");
BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
"sizeof(ec_gen_%d), tmp_1)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
"NULL, NULL);\n");
BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
"sizeof(ec_order_%d), tmp_2)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
"sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
"\n\t\tgoto err;\n", len, len);
BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
" tmp_2, tmp_3))\n\t\tgoto err;\n");
BIO_printf(out, "\n\tok=1;\n");
BIO_printf(out, "err:\n");
BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
BIO_printf(out, "\tif (!ok)\n");
BIO_printf(out, "\t\t{\n");
BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
BIO_printf(out, "\t\tgroup = NULL;\n");
BIO_printf(out, "\t\t}\n");
BIO_printf(out, "\treturn(group);\n\t}\n");
}
if (!noout)
{
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_ECPKParameters(out, group);
else
{
BIO_printf(bio_err,"bad output format specified for"
" outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err, "unable to write elliptic "
"curve parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (need_rand)
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
if (genkey)
{
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
goto end;
assert(need_rand);
if (EC_KEY_set_group(eckey, group) == 0)
goto end;
if (!EC_KEY_generate_key(eckey))
{
EC_KEY_free(eckey);
goto end;
}
if (outformat == FORMAT_ASN1)
i = i2d_ECPrivateKey_bio(out, eckey);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
NULL, 0, NULL, NULL);
else
{
BIO_printf(bio_err, "bad output format specified "
"for outfile\n");
EC_KEY_free(eckey);
goto end;
}
EC_KEY_free(eckey);
}
if (need_rand)
app_RAND_write_file(NULL, bio_err);
ret=0;
end:
if (ec_p)
BN_free(ec_p);
if (ec_a)
BN_free(ec_a);
if (ec_b)
BN_free(ec_b);
if (ec_gen)
BN_free(ec_gen);
if (ec_order)
BN_free(ec_order);
if (ec_cofactor)
BN_free(ec_cofactor);
if (buffer)
OPENSSL_free(buffer);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
if (group != NULL)
EC_GROUP_free(group);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
int len, unsigned char *buffer)
{
BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
if (BN_is_zero(in))
BIO_printf(out, "\n\t0x00");
else
{
int i, l;
l = BN_bn2bin(in, buffer);
for (i=0; i<l-1; i++)
{
if ((i%12) == 0)
BIO_printf(out, "\n\t");
BIO_printf(out, "0x%02X,", buffer[i]);
}
if ((i%12) == 0)
BIO_printf(out, "\n\t");
BIO_printf(out, "0x%02X", buffer[i]);
}
BIO_printf(out, "\n\t};\n\n");
return 1;
}
#else /* !OPENSSL_NO_EC */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

724
jni/openssl/apps/enc.c Normal file
View File

@ -0,0 +1,724 @@
/* apps/enc.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/pem.h>
#include <openssl/comp.h>
#include <ctype.h>
int set_hex(char *in,unsigned char *out,int size);
#undef SIZE
#undef BSIZE
#undef PROG
#define SIZE (512)
#define BSIZE (8*1024)
#define PROG enc_main
static void show_ciphers(const OBJ_NAME *name,void *bio_)
{
BIO *bio=bio_;
static int n;
if(!islower((unsigned char)*name->name))
return;
BIO_printf(bio,"-%-25s",name->name);
if(++n == 3)
{
BIO_printf(bio,"\n");
n=0;
}
else
BIO_printf(bio," ");
}
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
static const char magic[]="Salted__";
char mbuf[sizeof magic-1];
char *strbuf=NULL;
unsigned char *buff=NULL,*bufsize=NULL;
int bsize=BSIZE,verbose=0;
int ret=1,inl;
int nopad = 0;
unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
unsigned char salt[PKCS5_SALT_LEN];
char *str=NULL, *passarg = NULL, *pass = NULL;
char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
char *md=NULL;
int enc=1,printkey=0,i,base64=0;
#ifdef ZLIB
int do_zlib=0;
BIO *bzl = NULL;
#endif
int debug=0,olb64=0,nosalt=0;
const EVP_CIPHER *cipher=NULL,*c;
EVP_CIPHER_CTX *ctx = NULL;
char *inf=NULL,*outf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
const EVP_MD *dgst=NULL;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
/* first check the program name */
program_name(argv[0],pname,sizeof pname);
if (strcmp(pname,"base64") == 0)
base64=1;
#ifdef ZLIB
if (strcmp(pname,"zlib") == 0)
do_zlib=1;
#endif
cipher=EVP_get_cipherbyname(pname);
#ifdef ZLIB
if (!do_zlib && !base64 && (cipher == NULL)
&& (strcmp(pname,"enc") != 0))
#else
if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
#endif
{
BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
goto bad;
}
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-e") == 0)
enc=1;
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
inf= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outf= *(++argv);
}
else if (strcmp(*argv,"-pass") == 0)
{
if (--argc < 1) goto bad;
passarg= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
printkey=1;
else if (strcmp(*argv,"-v") == 0)
verbose=1;
else if (strcmp(*argv,"-nopad") == 0)
nopad=1;
else if (strcmp(*argv,"-salt") == 0)
nosalt=0;
else if (strcmp(*argv,"-nosalt") == 0)
nosalt=1;
else if (strcmp(*argv,"-debug") == 0)
debug=1;
else if (strcmp(*argv,"-P") == 0)
printkey=2;
else if (strcmp(*argv,"-A") == 0)
olb64=1;
else if (strcmp(*argv,"-a") == 0)
base64=1;
else if (strcmp(*argv,"-base64") == 0)
base64=1;
#ifdef ZLIB
else if (strcmp(*argv,"-z") == 0)
do_zlib=1;
#endif
else if (strcmp(*argv,"-bufsize") == 0)
{
if (--argc < 1) goto bad;
bufsize=(unsigned char *)*(++argv);
}
else if (strcmp(*argv,"-k") == 0)
{
if (--argc < 1) goto bad;
str= *(++argv);
}
else if (strcmp(*argv,"-kfile") == 0)
{
static char buf[128];
FILE *infile;
char *file;
if (--argc < 1) goto bad;
file= *(++argv);
infile=fopen(file,"r");
if (infile == NULL)
{
BIO_printf(bio_err,"unable to read key from '%s'\n",
file);
goto bad;
}
buf[0]='\0';
if (!fgets(buf,sizeof buf,infile))
{
BIO_printf(bio_err,"unable to read key from '%s'\n",
file);
goto bad;
}
fclose(infile);
i=strlen(buf);
if ((i > 0) &&
((buf[i-1] == '\n') || (buf[i-1] == '\r')))
buf[--i]='\0';
if ((i > 0) &&
((buf[i-1] == '\n') || (buf[i-1] == '\r')))
buf[--i]='\0';
if (i < 1)
{
BIO_printf(bio_err,"zero length password\n");
goto bad;
}
str=buf;
}
else if (strcmp(*argv,"-K") == 0)
{
if (--argc < 1) goto bad;
hkey= *(++argv);
}
else if (strcmp(*argv,"-S") == 0)
{
if (--argc < 1) goto bad;
hsalt= *(++argv);
}
else if (strcmp(*argv,"-iv") == 0)
{
if (--argc < 1) goto bad;
hiv= *(++argv);
}
else if (strcmp(*argv,"-md") == 0)
{
if (--argc < 1) goto bad;
md= *(++argv);
}
else if ((argv[0][0] == '-') &&
((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
{
cipher=c;
}
else if (strcmp(*argv,"-none") == 0)
cipher=NULL;
else
{
BIO_printf(bio_err,"unknown option '%s'\n",*argv);
bad:
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"%-14s input file\n","-in <file>");
BIO_printf(bio_err,"%-14s output file\n","-out <file>");
BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
BIO_printf(bio_err,"%-14s encrypt\n","-e");
BIO_printf(bio_err,"%-14s decrypt\n","-d");
BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
#endif
BIO_printf(bio_err,"Cipher Types\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers,
bio_err);
BIO_printf(bio_err,"\n");
goto end;
}
argc--;
argv++;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
goto end;
}
if (dgst == NULL)
{
dgst = EVP_md5();
}
if (bufsize != NULL)
{
unsigned long n;
for (n=0; *bufsize; bufsize++)
{
i= *bufsize;
if ((i <= '9') && (i >= '0'))
n=n*10+i-'0';
else if (i == 'k')
{
n*=1024;
bufsize++;
break;
}
}
if (*bufsize != '\0')
{
BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
goto end;
}
/* It must be large enough for a base64 encoded line */
if (base64 && n < 80) n=80;
bsize=(int)n;
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
}
strbuf=OPENSSL_malloc(SIZE);
buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
if ((buff == NULL) || (strbuf == NULL))
{
BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
goto end;
}
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (debug)
{
BIO_set_callback(in,BIO_debug_callback);
BIO_set_callback(out,BIO_debug_callback);
BIO_set_callback_arg(in,(char *)bio_err);
BIO_set_callback_arg(out,(char *)bio_err);
}
if (inf == NULL)
{
#ifndef OPENSSL_NO_SETVBUF_IONBF
if (bufsize != NULL)
setvbuf(stdin, (char *)NULL, _IONBF, 0);
#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
BIO_set_fp(in,stdin,BIO_NOCLOSE);
}
else
{
if (BIO_read_filename(in,inf) <= 0)
{
perror(inf);
goto end;
}
}
if(!str && passarg) {
if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
str = pass;
}
if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
{
for (;;)
{
char buf[200];
BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc)?"encryption":"decryption");
strbuf[0]='\0';
i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
if (i == 0)
{
if (strbuf[0] == '\0')
{
ret=1;
goto end;
}
str=strbuf;
break;
}
if (i < 0)
{
BIO_printf(bio_err,"bad password read\n");
goto end;
}
}
}
if (outf == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifndef OPENSSL_NO_SETVBUF_IONBF
if (bufsize != NULL)
setvbuf(stdout, (char *)NULL, _IONBF, 0);
#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outf) <= 0)
{
perror(outf);
goto end;
}
}
rbio=in;
wbio=out;
#ifdef ZLIB
if (do_zlib)
{
if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
goto end;
if (enc)
wbio=BIO_push(bzl,wbio);
else
rbio=BIO_push(bzl,rbio);
}
#endif
if (base64)
{
if ((b64=BIO_new(BIO_f_base64())) == NULL)
goto end;
if (debug)
{
BIO_set_callback(b64,BIO_debug_callback);
BIO_set_callback_arg(b64,(char *)bio_err);
}
if (olb64)
BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
if (enc)
wbio=BIO_push(b64,wbio);
else
rbio=BIO_push(b64,rbio);
}
if (cipher != NULL)
{
/* Note that str is NULL if a key was passed on the command
* line, so we get no salt in that case. Is this a bug?
*/
if (str != NULL)
{
/* Salt handling: if encrypting generate a salt and
* write to output BIO. If decrypting read salt from
* input BIO.
*/
unsigned char *sptr;
if(nosalt) sptr = NULL;
else {
if(enc) {
if(hsalt) {
if(!set_hex(hsalt,salt,sizeof salt)) {
BIO_printf(bio_err,
"invalid hex salt value\n");
goto end;
}
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
goto end;
/* If -P option then don't bother writing */
if((printkey != 2)
&& (BIO_write(wbio,magic,
sizeof magic-1) != sizeof magic-1
|| BIO_write(wbio,
(char *)salt,
sizeof salt) != sizeof salt)) {
BIO_printf(bio_err,"error writing output file\n");
goto end;
}
} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
|| BIO_read(rbio,
(unsigned char *)salt,
sizeof salt) != sizeof salt) {
BIO_printf(bio_err,"error reading input file\n");
goto end;
} else if(memcmp(mbuf,magic,sizeof magic-1)) {
BIO_printf(bio_err,"bad magic number\n");
goto end;
}
sptr = salt;
}
EVP_BytesToKey(cipher,dgst,sptr,
(unsigned char *)str,
strlen(str),1,key,iv);
/* zero the complete buffer or the string
* passed from the command line
* bug picked up by
* Larry J. Hughes Jr. <hughes@indiana.edu> */
if (str == strbuf)
OPENSSL_cleanse(str,SIZE);
else
OPENSSL_cleanse(str,strlen(str));
}
if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
{
BIO_printf(bio_err,"invalid hex iv value\n");
goto end;
}
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0)
{
/* No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
* making correct decryption impossible. */
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
{
BIO_printf(bio_err,"invalid hex key value\n");
goto end;
}
if ((benc=BIO_new(BIO_f_cipher())) == NULL)
goto end;
/* Since we may be changing parameters work on the encryption
* context rather than calling BIO_set_cipher().
*/
BIO_get_cipher_ctx(benc, &ctx);
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
{
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
{
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (debug)
{
BIO_set_callback(benc,BIO_debug_callback);
BIO_set_callback_arg(benc,(char *)bio_err);
}
if (printkey)
{
if (!nosalt)
{
printf("salt=");
for (i=0; i<(int)sizeof(salt); i++)
printf("%02X",salt[i]);
printf("\n");
}
if (cipher->key_len > 0)
{
printf("key=");
for (i=0; i<cipher->key_len; i++)
printf("%02X",key[i]);
printf("\n");
}
if (cipher->iv_len > 0)
{
printf("iv =");
for (i=0; i<cipher->iv_len; i++)
printf("%02X",iv[i]);
printf("\n");
}
if (printkey == 2)
{
ret=0;
goto end;
}
}
}
/* Only encrypt/decrypt as we write the file */
if (benc != NULL)
wbio=BIO_push(benc,wbio);
for (;;)
{
inl=BIO_read(rbio,(char *)buff,bsize);
if (inl <= 0) break;
if (BIO_write(wbio,(char *)buff,inl) != inl)
{
BIO_printf(bio_err,"error writing output file\n");
goto end;
}
}
if (!BIO_flush(wbio))
{
BIO_printf(bio_err,"bad decrypt\n");
goto end;
}
ret=0;
if (verbose)
{
BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
}
end:
ERR_print_errors(bio_err);
if (strbuf != NULL) OPENSSL_free(strbuf);
if (buff != NULL) OPENSSL_free(buff);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
#ifdef ZLIB
if (bzl != NULL) BIO_free(bzl);
#endif
if(pass) OPENSSL_free(pass);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int set_hex(char *in, unsigned char *out, int size)
{
int i,n;
unsigned char j;
n=strlen(in);
if (n > (size*2))
{
BIO_printf(bio_err,"hex string is too long\n");
return(0);
}
memset(out,0,size);
for (i=0; i<n; i++)
{
j=(unsigned char)*in;
*(in++)='\0';
if (j == 0) break;
if ((j >= '0') && (j <= '9'))
j-='0';
else if ((j >= 'A') && (j <= 'F'))
j=j-'A'+10;
else if ((j >= 'a') && (j <= 'f'))
j=j-'a'+10;
else
{
BIO_printf(bio_err,"non-hex digit\n");
return(0);
}
if (i&1)
out[i/2]|=j;
else
out[i/2]=(j<<4);
}
return(1);
}

549
jni/openssl/apps/engine.c Normal file
View File

@ -0,0 +1,549 @@
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
#include <openssl/err.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#include <openssl/ssl.h>
#undef PROG
#define PROG engine_main
static const char *engine_usage[]={
"usage: engine opts [engine ...]\n",
" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
" -vv will additionally display each command's description\n",
" -vvv will also add the input flags for each command\n",
" -vvvv will also show internal input flags\n",
" -c - for each engine, also list the capabilities\n",
" -t[t] - for each engine, check that they are really available\n",
" -tt will display error trace for unavailable engines\n",
" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
" to load it (if -t is used)\n",
" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
" (only used if -t is also provided)\n",
" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
" line, or all supported ENGINEs if none are specified.\n",
" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
" argument \"/lib/libdriver.so\".\n",
NULL
};
static void identity(char *ptr)
{
return;
}
static int append_buf(char **buf, const char *s, int *size, int step)
{
int l = strlen(s);
if (*buf == NULL)
{
*size = step;
*buf = OPENSSL_malloc(*size);
if (*buf == NULL)
return 0;
**buf = '\0';
}
if (**buf != '\0')
l += 2; /* ", " */
if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
{
*size += step;
*buf = OPENSSL_realloc(*buf, *size);
}
if (*buf == NULL)
return 0;
if (**buf != '\0')
BUF_strlcat(*buf, ", ", *size);
BUF_strlcat(*buf, s, *size);
return 1;
}
static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
{
int started = 0, err = 0;
/* Indent before displaying input flags */
BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
if(flags == 0)
{
BIO_printf(bio_out, "<no flags>\n");
return 1;
}
/* If the object is internal, mark it in a way that shows instead of
* having it part of all the other flags, even if it really is. */
if(flags & ENGINE_CMD_FLAG_INTERNAL)
{
BIO_printf(bio_out, "[Internal] ");
}
if(flags & ENGINE_CMD_FLAG_NUMERIC)
{
BIO_printf(bio_out, "NUMERIC");
started = 1;
}
/* Now we check that no combinations of the mutually exclusive NUMERIC,
* STRING, and NO_INPUT flags have been used. Future flags that can be
* OR'd together with these would need to added after these to preserve
* the testing logic. */
if(flags & ENGINE_CMD_FLAG_STRING)
{
if(started)
{
BIO_printf(bio_out, "|");
err = 1;
}
BIO_printf(bio_out, "STRING");
started = 1;
}
if(flags & ENGINE_CMD_FLAG_NO_INPUT)
{
if(started)
{
BIO_printf(bio_out, "|");
err = 1;
}
BIO_printf(bio_out, "NO_INPUT");
started = 1;
}
/* Check for unknown flags */
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
~ENGINE_CMD_FLAG_STRING &
~ENGINE_CMD_FLAG_NO_INPUT &
~ENGINE_CMD_FLAG_INTERNAL;
if(flags)
{
if(started) BIO_printf(bio_out, "|");
BIO_printf(bio_out, "<0x%04X>", flags);
}
if(err)
BIO_printf(bio_out, " <illegal flags!>");
BIO_printf(bio_out, "\n");
return 1;
}
static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
{
static const int line_wrap = 78;
int num;
int ret = 0;
char *name = NULL;
char *desc = NULL;
int flags;
int xpos = 0;
STACK_OF(OPENSSL_STRING) *cmds = NULL;
if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
0, NULL, NULL)) <= 0))
{
#if 0
BIO_printf(bio_out, "%s<no control commands>\n", indent);
#endif
return 1;
}
cmds = sk_OPENSSL_STRING_new_null();
if(!cmds)
goto err;
do {
int len;
/* Get the command input flags */
if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
NULL, NULL)) < 0)
goto err;
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
{
/* Get the command name */
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
NULL, NULL)) <= 0)
goto err;
if((name = OPENSSL_malloc(len + 1)) == NULL)
goto err;
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
NULL) <= 0)
goto err;
/* Get the command description */
if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
NULL, NULL)) < 0)
goto err;
if(len > 0)
{
if((desc = OPENSSL_malloc(len + 1)) == NULL)
goto err;
if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
NULL) <= 0)
goto err;
}
/* Now decide on the output */
if(xpos == 0)
/* Do an indent */
xpos = BIO_puts(bio_out, indent);
else
/* Otherwise prepend a ", " */
xpos += BIO_printf(bio_out, ", ");
if(verbose == 1)
{
/* We're just listing names, comma-delimited */
if((xpos > (int)strlen(indent)) &&
(xpos + (int)strlen(name) > line_wrap))
{
BIO_printf(bio_out, "\n");
xpos = BIO_puts(bio_out, indent);
}
xpos += BIO_printf(bio_out, "%s", name);
}
else
{
/* We're listing names plus descriptions */
BIO_printf(bio_out, "%s: %s\n", name,
(desc == NULL) ? "<no description>" : desc);
/* ... and sometimes input flags */
if((verbose >= 3) && !util_flags(bio_out, flags,
indent))
goto err;
xpos = 0;
}
}
OPENSSL_free(name); name = NULL;
if(desc) { OPENSSL_free(desc); desc = NULL; }
/* Move to the next command */
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
num, NULL, NULL);
} while(num > 0);
if(xpos > 0)
BIO_printf(bio_out, "\n");
ret = 1;
err:
if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity);
if(name) OPENSSL_free(name);
if(desc) OPENSSL_free(desc);
return ret;
}
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
BIO *bio_out, const char *indent)
{
int loop, res, num = sk_OPENSSL_STRING_num(cmds);
if(num < 0)
{
BIO_printf(bio_out, "[Error]: internal stack error\n");
return;
}
for(loop = 0; loop < num; loop++)
{
char buf[256];
const char *cmd, *arg;
cmd = sk_OPENSSL_STRING_value(cmds, loop);
res = 1; /* assume success */
/* Check if this command has no ":arg" */
if((arg = strstr(cmd, ":")) == NULL)
{
if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
res = 0;
}
else
{
if((int)(arg - cmd) > 254)
{
BIO_printf(bio_out,"[Error]: command name too long\n");
return;
}
memcpy(buf, cmd, (int)(arg - cmd));
buf[arg-cmd] = '\0';
arg++; /* Move past the ":" */
/* Call the command with the argument */
if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
res = 0;
}
if(res)
BIO_printf(bio_out, "[Success]: %s\n", cmd);
else
{
BIO_printf(bio_out, "[Failure]: %s\n", cmd);
ERR_print_errors(bio_out);
}
}
}
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int ret=1,i;
const char **pp;
int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
ENGINE *e;
STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
int badops=1;
BIO *bio_out=NULL;
const char *indent = " ";
apps_startup();
SSL_load_error_strings();
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
#endif
argc--;
argv++;
while (argc >= 1)
{
if (strncmp(*argv,"-v",2) == 0)
{
if(strspn(*argv + 1, "v") < strlen(*argv + 1))
goto skip_arg_loop;
if((verbose=strlen(*argv + 1)) > 4)
goto skip_arg_loop;
}
else if (strcmp(*argv,"-c") == 0)
list_cap=1;
else if (strncmp(*argv,"-t",2) == 0)
{
test_avail=1;
if(strspn(*argv + 1, "t") < strlen(*argv + 1))
goto skip_arg_loop;
if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
goto skip_arg_loop;
}
else if (strcmp(*argv,"-pre") == 0)
{
argc--; argv++;
if (argc == 0)
goto skip_arg_loop;
sk_OPENSSL_STRING_push(pre_cmds,*argv);
}
else if (strcmp(*argv,"-post") == 0)
{
argc--; argv++;
if (argc == 0)
goto skip_arg_loop;
sk_OPENSSL_STRING_push(post_cmds,*argv);
}
else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv,"-?") == 0))
goto skip_arg_loop;
else
sk_OPENSSL_STRING_push(engines,*argv);
argc--;
argv++;
}
/* Looks like everything went OK */
badops = 0;
skip_arg_loop:
if (badops)
{
for (pp=engine_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,"%s",*pp);
goto end;
}
if (sk_OPENSSL_STRING_num(engines) == 0)
{
for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
{
sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e));
}
}
for (i=0; i<sk_OPENSSL_STRING_num(engines); i++)
{
const char *id = sk_OPENSSL_STRING_value(engines,i);
if ((e = ENGINE_by_id(id)) != NULL)
{
const char *name = ENGINE_get_name(e);
/* Do "id" first, then "name". Easier to auto-parse. */
BIO_printf(bio_out, "(%s) %s\n", id, name);
util_do_cmds(e, pre_cmds, bio_out, indent);
if (strcmp(ENGINE_get_id(e), id) != 0)
{
BIO_printf(bio_out, "Loaded: (%s) %s\n",
ENGINE_get_id(e), ENGINE_get_name(e));
}
if (list_cap)
{
int cap_size = 256;
char *cap_buf = NULL;
int k,n;
const int *nids;
ENGINE_CIPHERS_PTR fn_c;
ENGINE_DIGESTS_PTR fn_d;
ENGINE_PKEY_METHS_PTR fn_pk;
if (ENGINE_get_RSA(e) != NULL
&& !append_buf(&cap_buf, "RSA",
&cap_size, 256))
goto end;
if (ENGINE_get_DSA(e) != NULL
&& !append_buf(&cap_buf, "DSA",
&cap_size, 256))
goto end;
if (ENGINE_get_DH(e) != NULL
&& !append_buf(&cap_buf, "DH",
&cap_size, 256))
goto end;
if (ENGINE_get_RAND(e) != NULL
&& !append_buf(&cap_buf, "RAND",
&cap_size, 256))
goto end;
fn_c = ENGINE_get_ciphers(e);
if(!fn_c) goto skip_ciphers;
n = fn_c(e, NULL, &nids, 0);
for(k=0 ; k < n ; ++k)
if(!append_buf(&cap_buf,
OBJ_nid2sn(nids[k]),
&cap_size, 256))
goto end;
skip_ciphers:
fn_d = ENGINE_get_digests(e);
if(!fn_d) goto skip_digests;
n = fn_d(e, NULL, &nids, 0);
for(k=0 ; k < n ; ++k)
if(!append_buf(&cap_buf,
OBJ_nid2sn(nids[k]),
&cap_size, 256))
goto end;
skip_digests:
fn_pk = ENGINE_get_pkey_meths(e);
if(!fn_pk) goto skip_pmeths;
n = fn_pk(e, NULL, &nids, 0);
for(k=0 ; k < n ; ++k)
if(!append_buf(&cap_buf,
OBJ_nid2sn(nids[k]),
&cap_size, 256))
goto end;
skip_pmeths:
if (cap_buf && (*cap_buf != '\0'))
BIO_printf(bio_out, " [%s]\n", cap_buf);
OPENSSL_free(cap_buf);
}
if(test_avail)
{
BIO_printf(bio_out, "%s", indent);
if (ENGINE_init(e))
{
BIO_printf(bio_out, "[ available ]\n");
util_do_cmds(e, post_cmds, bio_out, indent);
ENGINE_finish(e);
}
else
{
BIO_printf(bio_out, "[ unavailable ]\n");
if(test_avail_noise)
ERR_print_errors_fp(stdout);
ERR_clear_error();
}
}
if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
goto end;
ENGINE_free(e);
}
else
ERR_print_errors(bio_err);
}
ret=0;
end:
ERR_print_errors(bio_err);
sk_OPENSSL_STRING_pop_free(engines, identity);
sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
sk_OPENSSL_STRING_pop_free(post_cmds, identity);
if (bio_out != NULL) BIO_free_all(bio_out);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

128
jni/openssl/apps/errstr.c Normal file
View File

@ -0,0 +1,128 @@
/* apps/errstr.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/lhash.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#undef PROG
#define PROG errstr_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int i,ret=0;
char buf[256];
unsigned long l;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
SSL_load_error_strings();
if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))
{
BIO *out=NULL;
out=BIO_new(BIO_s_file());
if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
{
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
lh_ERR_STRING_DATA_node_stats_bio(
ERR_get_string_table(), out);
lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(),
out);
lh_ERR_STRING_DATA_node_usage_stats_bio(
ERR_get_string_table(),out);
}
if (out != NULL) BIO_free_all(out);
argc--;
argv++;
}
for (i=1; i<argc; i++)
{
if (sscanf(argv[i],"%lx",&l))
{
ERR_error_string_n(l, buf, sizeof buf);
printf("%s\n",buf);
}
else
{
printf("%s: bad error code\n",argv[i]);
printf("usage: errstr [-stats] <errno> ...\n");
ret++;
}
}
apps_shutdown();
OPENSSL_EXIT(ret);
}

241
jni/openssl/apps/gendh.c Normal file
View File

@ -0,0 +1,241 @@
/* apps/gendh.c */
/* obsoleted by dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h>
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
#undef OPENSSL_NO_DEPRECATED
#endif
#ifndef OPENSSL_NO_DH
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#define DEFBITS 512
#undef PROG
#define PROG gendh_main
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
BN_GENCB cb;
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
char *inrand=NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
BIO *out=NULL;
apps_startup();
BN_GENCB_set(&cb, dh_cb, bio_err);
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
argv++;
argc--;
for (;;)
{
if (argc <= 0) break;
if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-2") == 0)
g=2;
/* else if (strcmp(*argv,"-3") == 0)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
else
break;
argv++;
argc--;
}
if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
{
bad:
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
BIO_printf(bio_err," -out file - output the key to 'file\n");
BIO_printf(bio_err," -2 - use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 - use 5 as the generator value\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
BIO_printf(bio_err,"This is going to take a long time\n");
if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
goto end;
app_RAND_write_file(NULL, bio_err);
if (!PEM_write_bio_DHparams(out,dh))
goto end;
ret=0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
{
char c='*';
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write(cb->arg,&c,1);
(void)BIO_flush(cb->arg);
#ifdef LINT
p=n;
#endif
return 1;
}
#else /* !OPENSSL_NO_DH */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

285
jni/openssl/apps/gendsa.c Normal file
View File

@ -0,0 +1,285 @@
/* apps/gendsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DSA
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#define DEFBITS 512
#undef PROG
#define PROG gendsa_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
char *inrand=NULL,*dsaparams=NULL;
char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
const EVP_CIPHER *enc=NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
argv++;
argc--;
for (;;)
{
if (argc <= 0) break;
if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
else if (strcmp(*argv,"-") == 0)
goto bad;
#ifndef OPENSSL_NO_DES
else if (strcmp(*argv,"-des") == 0)
enc=EVP_des_cbc();
else if (strcmp(*argv,"-des3") == 0)
enc=EVP_des_ede3_cbc();
#endif
#ifndef OPENSSL_NO_IDEA
else if (strcmp(*argv,"-idea") == 0)
enc=EVP_idea_cbc();
#endif
#ifndef OPENSSL_NO_SEED
else if (strcmp(*argv,"-seed") == 0)
enc=EVP_seed_cbc();
#endif
#ifndef OPENSSL_NO_AES
else if (strcmp(*argv,"-aes128") == 0)
enc=EVP_aes_128_cbc();
else if (strcmp(*argv,"-aes192") == 0)
enc=EVP_aes_192_cbc();
else if (strcmp(*argv,"-aes256") == 0)
enc=EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
else if (strcmp(*argv,"-camellia128") == 0)
enc=EVP_camellia_128_cbc();
else if (strcmp(*argv,"-camellia192") == 0)
enc=EVP_camellia_192_cbc();
else if (strcmp(*argv,"-camellia256") == 0)
enc=EVP_camellia_256_cbc();
#endif
else if (**argv != '-' && dsaparams == NULL)
{
dsaparams = *argv;
}
else
goto bad;
argv++;
argc--;
}
if (dsaparams == NULL)
{
bad:
BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
BIO_printf(bio_err," -out file - output the key to 'file'\n");
#ifndef OPENSSL_NO_DES
BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
#endif
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
#endif
#ifndef OPENSSL_NO_SEED
BIO_printf(bio_err," -seed\n");
BIO_printf(bio_err," encrypt PEM output with cbc seed\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
#endif
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," dsaparam-file\n");
BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
in=BIO_new(BIO_s_file());
if (!(BIO_read_filename(in,dsaparams)))
{
perror(dsaparams);
goto end;
}
if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
{
BIO_printf(bio_err,"unable to load DSA parameter file\n");
goto end;
}
BIO_free(in);
in = NULL;
out=BIO_new(BIO_s_file());
if (out == NULL) goto end;
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating DSA key, %d bits\n",
BN_num_bits(dsa->p));
if (!DSA_generate_key(dsa)) goto end;
app_RAND_write_file(NULL, bio_err);
if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
goto end;
ret=0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
if(passout) OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_DSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

440
jni/openssl/apps/genpkey.c Normal file
View File

@ -0,0 +1,440 @@
/* apps/genpkey.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
const char *file, ENGINE *e);
static int genpkey_cb(EVP_PKEY_CTX *ctx);
#define PROG genpkey_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *outfile = NULL;
char *passarg = NULL;
BIO *in = NULL, *out = NULL;
const EVP_CIPHER *cipher = NULL;
int outformat;
int text = 0;
EVP_PKEY *pkey=NULL;
EVP_PKEY_CTX *ctx = NULL;
char *pass = NULL;
int badarg = 0;
int ret = 1, rv;
int do_param = 0;
if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
outformat=FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp(*args,"-outform"))
{
if (args[1])
{
args++;
outformat=str2fmt(*args);
}
else badarg = 1;
}
else if (!strcmp(*args,"-pass"))
{
if (!args[1]) goto bad;
passarg= *(++args);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1])
goto bad;
e = setup_engine(bio_err, *(++args), 0);
}
#endif
else if (!strcmp (*args, "-paramfile"))
{
if (!args[1])
goto bad;
args++;
if (do_param == 1)
goto bad;
if (!init_keygen_file(bio_err, &ctx, *args, e))
goto end;
}
else if (!strcmp (*args, "-out"))
{
if (args[1])
{
args++;
outfile = *args;
}
else badarg = 1;
}
else if (strcmp(*args,"-algorithm") == 0)
{
if (!args[1])
goto bad;
if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param))
goto end;
}
else if (strcmp(*args,"-pkeyopt") == 0)
{
if (!args[1])
goto bad;
if (!ctx)
{
BIO_puts(bio_err, "No keytype specified\n");
goto bad;
}
else if (pkey_ctrl_string(ctx, *(++args)) <= 0)
{
BIO_puts(bio_err, "parameter setting error\n");
ERR_print_errors(bio_err);
goto end;
}
}
else if (strcmp(*args,"-genparam") == 0)
{
if (ctx)
goto bad;
do_param = 1;
}
else if (strcmp(*args,"-text") == 0)
text=1;
else
{
cipher = EVP_get_cipherbyname(*args + 1);
if (!cipher)
{
BIO_printf(bio_err, "Unknown cipher %s\n",
*args + 1);
badarg = 1;
}
if (do_param == 1)
badarg = 1;
}
args++;
}
if (!ctx)
badarg = 1;
if (badarg)
{
bad:
BIO_printf(bio_err, "Usage: genpkey [options]\n");
BIO_printf(bio_err, "where options may be\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-pass arg output file pass phrase source\n");
BIO_printf(bio_err, "-<cipher> use cipher <cipher> to encrypt the key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-paramfile file parameters file\n");
BIO_printf(bio_err, "-algorithm alg the public key algorithm\n");
BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n"
" to value <value>\n");
BIO_printf(bio_err, "-genparam generate parameters, not key\n");
BIO_printf(bio_err, "-text print the in text\n");
BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n");
goto end;
}
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
{
BIO_puts(bio_err, "Error getting password\n");
goto end;
}
if (outfile)
{
if (!(out = BIO_new_file (outfile, "wb")))
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
if (do_param)
{
if (EVP_PKEY_paramgen(ctx, &pkey) <= 0)
{
BIO_puts(bio_err, "Error generating parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
else
{
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
{
BIO_puts(bio_err, "Error generating key\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (do_param)
rv = PEM_write_bio_Parameters(out, pkey);
else if (outformat == FORMAT_PEM)
rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
NULL, pass);
else if (outformat == FORMAT_ASN1)
rv = i2d_PrivateKey_bio(out, pkey);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
if (rv <= 0)
{
BIO_puts(bio_err, "Error writing key\n");
ERR_print_errors(bio_err);
}
if (text)
{
if (do_param)
rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
else
rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
if (rv <= 0)
{
BIO_puts(bio_err, "Error printing key\n");
ERR_print_errors(bio_err);
}
}
ret = 0;
end:
if (pkey)
EVP_PKEY_free(pkey);
if (ctx)
EVP_PKEY_CTX_free(ctx);
if (out)
BIO_free_all(out);
BIO_free(in);
if (pass)
OPENSSL_free(pass);
return ret;
}
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
const char *file, ENGINE *e)
{
BIO *pbio;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
if (*pctx)
{
BIO_puts(err, "Parameters already set!\n");
return 0;
}
pbio = BIO_new_file(file, "r");
if (!pbio)
{
BIO_printf(err, "Can't open parameter file %s\n", file);
return 0;
}
pkey = PEM_read_bio_Parameters(pbio, NULL);
BIO_free(pbio);
if (!pkey)
{
BIO_printf(bio_err, "Error reading parameter file %s\n", file);
return 0;
}
ctx = EVP_PKEY_CTX_new(pkey, e);
if (!ctx)
goto err;
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
EVP_PKEY_free(pkey);
*pctx = ctx;
return 1;
err:
BIO_puts(err, "Error initializing context\n");
ERR_print_errors(err);
if (ctx)
EVP_PKEY_CTX_free(ctx);
if (pkey)
EVP_PKEY_free(pkey);
return 0;
}
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param)
{
EVP_PKEY_CTX *ctx = NULL;
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *tmpeng = NULL;
int pkey_id;
if (*pctx)
{
BIO_puts(err, "Algorithm already set!\n");
return 0;
}
ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
#ifndef OPENSSL_NO_ENGINE
if (!ameth && e)
ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
#endif
if (!ameth)
{
BIO_printf(bio_err, "Algorithm %s not found\n", algname);
return 0;
}
ERR_clear_error();
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
#ifndef OPENSSL_NO_ENGINE
if (tmpeng)
ENGINE_finish(tmpeng);
#endif
ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
if (!ctx)
goto err;
if (do_param)
{
if (EVP_PKEY_paramgen_init(ctx) <= 0)
goto err;
}
else
{
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
}
*pctx = ctx;
return 1;
err:
BIO_printf(err, "Error initializing %s context\n", algname);
ERR_print_errors(err);
if (ctx)
EVP_PKEY_CTX_free(ctx);
return 0;
}
static int genpkey_cb(EVP_PKEY_CTX *ctx)
{
char c='*';
BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
int p;
p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write(b,&c,1);
(void)BIO_flush(b);
#ifdef LINT
p=n;
#endif
return 1;
}

335
jni/openssl/apps/genrsa.c Normal file
View File

@ -0,0 +1,335 @@
/* apps/genrsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h>
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
* deprecated functions for openssl-internal code */
#ifdef OPENSSL_NO_DEPRECATED
#undef OPENSSL_NO_DEPRECATED
#endif
#ifndef OPENSSL_NO_RSA
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#define DEFBITS 512
#undef PROG
#define PROG genrsa_main
static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
BN_GENCB cb;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
int ret=1;
int i,num=DEFBITS;
long l;
const EVP_CIPHER *enc=NULL;
unsigned long f4=RSA_F4;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
char *inrand=NULL;
BIO *out=NULL;
BIGNUM *bn = BN_new();
RSA *rsa = NULL;
if(!bn) goto err;
apps_startup();
BN_GENCB_set(&cb, genrsa_cb, bio_err);
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
if ((out=BIO_new(BIO_s_file())) == NULL)
{
BIO_printf(bio_err,"unable to create BIO for output\n");
goto err;
}
argv++;
argc--;
for (;;)
{
if (argc <= 0) break;
if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-3") == 0)
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
#ifndef OPENSSL_NO_DES
else if (strcmp(*argv,"-des") == 0)
enc=EVP_des_cbc();
else if (strcmp(*argv,"-des3") == 0)
enc=EVP_des_ede3_cbc();
#endif
#ifndef OPENSSL_NO_IDEA
else if (strcmp(*argv,"-idea") == 0)
enc=EVP_idea_cbc();
#endif
#ifndef OPENSSL_NO_SEED
else if (strcmp(*argv,"-seed") == 0)
enc=EVP_seed_cbc();
#endif
#ifndef OPENSSL_NO_AES
else if (strcmp(*argv,"-aes128") == 0)
enc=EVP_aes_128_cbc();
else if (strcmp(*argv,"-aes192") == 0)
enc=EVP_aes_192_cbc();
else if (strcmp(*argv,"-aes256") == 0)
enc=EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
else if (strcmp(*argv,"-camellia128") == 0)
enc=EVP_camellia_128_cbc();
else if (strcmp(*argv,"-camellia192") == 0)
enc=EVP_camellia_192_cbc();
else if (strcmp(*argv,"-camellia256") == 0)
enc=EVP_camellia_256_cbc();
#endif
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
else
break;
argv++;
argc--;
}
if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
{
bad:
BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n");
BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
#endif
#ifndef OPENSSL_NO_SEED
BIO_printf(bio_err," -seed\n");
BIO_printf(bio_err," encrypt PEM output with cbc seed\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
#endif
BIO_printf(bio_err," -out file output the key to 'file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err," -3 use 3 for the E value\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto err;
}
ERR_load_crypto_strings();
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto err;
}
}
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
num);
#ifdef OPENSSL_NO_ENGINE
rsa = RSA_new();
#else
rsa = RSA_new_method(e);
#endif
if (!rsa)
goto err;
if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
app_RAND_write_file(NULL, bio_err);
/* We need to do the following for when the base number size is <
* long, esp windows 3.1 :-(. */
l=0L;
for (i=0; i<rsa->e->top; i++)
{
#ifndef SIXTY_FOUR_BIT
l<<=BN_BITS4;
l<<=BN_BITS4;
#endif
l+=rsa->e->d[i];
}
BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
{
PW_CB_DATA cb_data;
cb_data.password = passout;
cb_data.prompt_info = outfile;
if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
(pem_password_cb *)password_callback,&cb_data))
goto err;
}
ret=0;
err:
if (bn) BN_free(bn);
if (rsa) RSA_free(rsa);
if (out) BIO_free_all(out);
if(passout) OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
{
char c='*';
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write(cb->arg,&c,1);
(void)BIO_flush(cb->arg);
#ifdef LINT
p=n;
#endif
return 1;
}
#else /* !OPENSSL_NO_RSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

1
jni/openssl/apps/md4.c Symbolic link
View File

@ -0,0 +1 @@
../crypto/md4/md4.c

167
jni/openssl/apps/nseq.c Normal file
View File

@ -0,0 +1,167 @@
/* nseq.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#undef PROG
#define PROG nseq_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL;
int toseq = 0;
X509 *x509 = NULL;
NETSCAPE_CERT_SEQUENCE *seq = NULL;
int i, ret = 1;
int badarg = 0;
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
ERR_load_crypto_strings();
args = argv + 1;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp (*args, "-toseq")) toseq = 1;
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else badarg = 1;
} else badarg = 1;
args++;
}
if (badarg) {
BIO_printf (bio_err, "Netscape certificate sequence utility\n");
BIO_printf (bio_err, "Usage nseq [options]\n");
BIO_printf (bio_err, "where options are\n");
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-toseq output NS Sequence file\n");
OPENSSL_EXIT(1);
}
if (infile) {
if (!(in = BIO_new_file (infile, "r"))) {
BIO_printf (bio_err,
"Can't open input file %s\n", infile);
goto end;
}
} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (outfile) {
if (!(out = BIO_new_file (outfile, "w"))) {
BIO_printf (bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (toseq) {
seq = NETSCAPE_CERT_SEQUENCE_new();
seq->certs = sk_X509_new_null();
while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
sk_X509_push(seq->certs,x509);
if(!sk_X509_num(seq->certs))
{
BIO_printf (bio_err, "Error reading certs file %s\n", infile);
ERR_print_errors(bio_err);
goto end;
}
PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
ret = 0;
goto end;
}
if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
ERR_print_errors(bio_err);
goto end;
}
for(i = 0; i < sk_X509_num(seq->certs); i++) {
x509 = sk_X509_value(seq->certs, i);
dump_cert_text(out, x509);
PEM_write_bio_X509(out, x509);
}
ret = 0;
end:
BIO_free(in);
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
OPENSSL_EXIT(ret);
}

1421
jni/openssl/apps/ocsp.c Normal file

File diff suppressed because it is too large Load Diff

6
jni/openssl/apps/oid.cnf Normal file
View File

@ -0,0 +1,6 @@
2.99999.1 SET.ex1 SET x509v3 extension 1
2.99999.2 SET.ex2 SET x509v3 extension 2
2.99999.3 SET.ex3 SET x509v3 extension 3
2.99999.4 SET.ex4 SET x509v3 extension 4
2.99999.5 SET.ex5 SET x509v3 extension 5
2.99999.6 SET.ex6 SET x509v3 extension 6

714
jni/openssl/apps/openssl.c Normal file
View File

@ -0,0 +1,714 @@
/* apps/openssl.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
#include "progs.h"
#include "s_apps.h"
#include <openssl/err.h>
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
* base prototypes (we cast each variable inside the function to the required
* type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
* functions. */
static LHASH_OF(FUNCTION) *prog_init(void );
static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]);
static void list_pkey(BIO *out);
static void list_cipher(BIO *out);
static void list_md(BIO *out);
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
#ifdef MONOLITH
CONF *config=NULL;
BIO *bio_err=NULL;
#endif
static void lock_dbg_cb(int mode, int type, const char *file, int line)
{
static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
const char *errstr = NULL;
int rw;
rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
{
errstr = "invalid mode";
goto err;
}
if (type < 0 || type >= CRYPTO_NUM_LOCKS)
{
errstr = "type out of bounds";
goto err;
}
if (mode & CRYPTO_LOCK)
{
if (modes[type])
{
errstr = "already locked";
/* must not happen in a single-threaded program
* (would deadlock) */
goto err;
}
modes[type] = rw;
}
else if (mode & CRYPTO_UNLOCK)
{
if (!modes[type])
{
errstr = "not locked";
goto err;
}
if (modes[type] != rw)
{
errstr = (rw == CRYPTO_READ) ?
"CRYPTO_r_unlock on write lock" :
"CRYPTO_w_unlock on read lock";
}
modes[type] = 0;
}
else
{
errstr = "invalid mode";
goto err;
}
err:
if (errstr)
{
/* we cannot use bio_err here */
fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
errstr, mode, type, file, line);
}
}
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
# define ARGV _Argv
#else
# define ARGV Argv
#endif
int main(int Argc, char *ARGV[])
{
ARGS arg;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
FUNCTION f,*fp;
MS_STATIC const char *prompt;
MS_STATIC char buf[1024];
char *to_free=NULL;
int n,i,ret=0;
int argc;
char **argv,*p;
LHASH_OF(FUNCTION) *prog=NULL;
long errline;
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
/* 2011-03-22 SMS.
* If we have 32-bit pointers everywhere, then we're safe, and
* we bypass this mess, as on non-VMS systems. (See ARGV,
* above.)
* Problem 1: Compaq/HP C before V7.3 always used 32-bit
* pointers for argv[].
* Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
* everywhere else, we always allocate and use a 64-bit
* duplicate of argv[].
* Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
* to NULL-terminate a 64-bit argv[]. (As this was written, the
* compiler ECO was available only on IA64.)
* Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
* 64-bit argv[argc] for NULL, and, if necessary, use a
* (properly) NULL-terminated (64-bit) duplicate of argv[].
* The same code is used in either case to duplicate argv[].
* Some of these decisions could be handled in preprocessing,
* but the code tends to get even uglier, and the penalty for
* deciding at compile- or run-time is tiny.
*/
char **Argv = NULL;
int free_Argv = 0;
if ((sizeof( _Argv) < 8) /* 32-bit argv[]. */
# if !defined( VMS_TRUST_ARGV)
|| (_Argv[ Argc] != NULL) /* Untrusted argv[argc] not NULL. */
# endif
)
{
int i;
Argv = OPENSSL_malloc( (Argc+ 1)* sizeof( char *));
if (Argv == NULL)
{ ret = -1; goto end; }
for(i = 0; i < Argc; i++)
Argv[i] = _Argv[i];
Argv[ Argc] = NULL; /* Certain NULL termination. */
free_Argv = 1;
}
else
{
/* Use the known-good 32-bit argv[] (which needs the
* type cast to satisfy the compiler), or the trusted or
* tested-good 64-bit argv[] as-is. */
Argv = (char **)_Argv;
}
#endif /* defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) */
arg.data=NULL;
arg.count=0;
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
{
if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
{
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
}
else
{
/* OPENSSL_DEBUG_MEMORY=off */
CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
}
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#if 0
if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
#endif
{
CRYPTO_set_locking_callback(lock_dbg_cb);
}
apps_startup();
/* Lets load up our environment a little */
p=getenv("OPENSSL_CONF");
if (p == NULL)
p=getenv("SSLEAY_CONF");
if (p == NULL)
p=to_free=make_config_name();
default_config_file=p;
config=NCONF_new(NULL);
i=NCONF_load(config,p,&errline);
if (i == 0)
{
if (ERR_GET_REASON(ERR_peek_last_error())
== CONF_R_NO_SUCH_FILE)
{
#if 0 /* ANDROID */
BIO_printf(bio_err,
"WARNING: can't open config file: %s\n",p);
#endif
ERR_clear_error();
NCONF_free(config);
config = NULL;
}
else
{
ERR_print_errors(bio_err);
NCONF_free(config);
exit(1);
}
}
prog=prog_init();
/* first check the program name */
program_name(Argv[0],pname,sizeof pname);
f.name=pname;
fp=lh_FUNCTION_retrieve(prog,&f);
if (fp != NULL)
{
Argv[0]=pname;
ret=fp->func(Argc,Argv);
goto end;
}
/* ok, now check that there are not arguments, if there are,
* run with them, shifting the ssleay off the front */
if (Argc != 1)
{
Argc--;
Argv++;
ret=do_cmd(prog,Argc,Argv);
if (ret < 0) ret=0;
goto end;
}
/* ok, lets enter the old 'OpenSSL>' mode */
for (;;)
{
ret=0;
p=buf;
n=sizeof buf;
i=0;
for (;;)
{
p[0]='\0';
if (i++)
prompt=">";
else prompt="OpenSSL> ";
fputs(prompt,stdout);
fflush(stdout);
if (!fgets(p,n,stdin))
goto end;
if (p[0] == '\0') goto end;
i=strlen(p);
if (i <= 1) break;
if (p[i-2] != '\\') break;
i-=2;
p+=i;
n-=i;
}
if (!chopup_args(&arg,buf,&argc,&argv)) break;
ret=do_cmd(prog,argc,argv);
if (ret < 0)
{
ret=0;
goto end;
}
if (ret != 0)
BIO_printf(bio_err,"error in %s\n",argv[0]);
(void)BIO_flush(bio_err);
}
BIO_printf(bio_err,"bad exit\n");
ret=1;
end:
if (to_free)
OPENSSL_free(to_free);
if (config != NULL)
{
NCONF_free(config);
config=NULL;
}
if (prog != NULL) lh_FUNCTION_free(prog);
if (arg.data != NULL) OPENSSL_free(arg.data);
apps_shutdown();
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL)
{
BIO_free(bio_err);
bio_err=NULL;
}
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
/* Free any duplicate Argv[] storage. */
if (free_Argv)
{
OPENSSL_free(Argv);
}
#endif
OPENSSL_EXIT(ret);
}
#define LIST_STANDARD_COMMANDS "list-standard-commands"
#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
#define LIST_MESSAGE_DIGEST_ALGORITHMS "list-message-digest-algorithms"
#define LIST_CIPHER_COMMANDS "list-cipher-commands"
#define LIST_CIPHER_ALGORITHMS "list-cipher-algorithms"
#define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms"
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
{
FUNCTION f,*fp;
int i,ret=1,tp,nl;
if ((argc <= 0) || (argv[0] == NULL))
{ ret=0; goto end; }
f.name=argv[0];
fp=lh_FUNCTION_retrieve(prog,&f);
if (fp == NULL)
{
if (EVP_get_digestbyname(argv[0]))
{
f.type = FUNC_TYPE_MD;
f.func = dgst_main;
fp = &f;
}
else if (EVP_get_cipherbyname(argv[0]))
{
f.type = FUNC_TYPE_CIPHER;
f.func = enc_main;
fp = &f;
}
}
if (fp != NULL)
{
ret=fp->func(argc,argv);
}
else if ((strncmp(argv[0],"no-",3)) == 0)
{
BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_stdout = BIO_push(tmpbio, bio_stdout);
}
#endif
f.name=argv[0]+3;
ret = (lh_FUNCTION_retrieve(prog,&f) != NULL);
if (!ret)
BIO_printf(bio_stdout, "%s\n", argv[0]);
else
BIO_printf(bio_stdout, "%s\n", argv[0]+3);
BIO_free_all(bio_stdout);
goto end;
}
else if ((strcmp(argv[0],"quit") == 0) ||
(strcmp(argv[0],"q") == 0) ||
(strcmp(argv[0],"exit") == 0) ||
(strcmp(argv[0],"bye") == 0))
{
ret= -1;
goto end;
}
else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
(strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) ||
(strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) ||
(strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0))
{
int list_type;
BIO *bio_stdout;
if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
list_type = FUNC_TYPE_GENERAL;
else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
list_type = FUNC_TYPE_MD;
else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0)
list_type = FUNC_TYPE_MD_ALG;
else if (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0)
list_type = FUNC_TYPE_PKEY;
else if (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0)
list_type = FUNC_TYPE_CIPHER_ALG;
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
list_type = FUNC_TYPE_CIPHER;
bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_stdout = BIO_push(tmpbio, bio_stdout);
}
#endif
if (!load_config(bio_err, NULL))
goto end;
if (list_type == FUNC_TYPE_PKEY)
list_pkey(bio_stdout);
if (list_type == FUNC_TYPE_MD_ALG)
list_md(bio_stdout);
if (list_type == FUNC_TYPE_CIPHER_ALG)
list_cipher(bio_stdout);
else
{
for (fp=functions; fp->name != NULL; fp++)
if (fp->type == list_type)
BIO_printf(bio_stdout, "%s\n",
fp->name);
}
BIO_free_all(bio_stdout);
ret=0;
goto end;
}
else
{
BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
argv[0]);
BIO_printf(bio_err, "\nStandard commands");
i=0;
tp=0;
for (fp=functions; fp->name != NULL; fp++)
{
nl=0;
#ifdef OPENSSL_NO_CAMELLIA
if (((i++) % 5) == 0)
#else
if (((i++) % 4) == 0)
#endif
{
BIO_printf(bio_err,"\n");
nl=1;
}
if (fp->type != tp)
{
tp=fp->type;
if (!nl) BIO_printf(bio_err,"\n");
if (tp == FUNC_TYPE_MD)
{
i=1;
BIO_printf(bio_err,
"\nMessage Digest commands (see the `dgst' command for more details)\n");
}
else if (tp == FUNC_TYPE_CIPHER)
{
i=1;
BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
}
}
#ifdef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err,"%-15s",fp->name);
#else
BIO_printf(bio_err,"%-18s",fp->name);
#endif
}
BIO_printf(bio_err,"\n\n");
ret=0;
}
end:
return(ret);
}
static int SortFnByName(const void *_f1,const void *_f2)
{
const FUNCTION *f1=_f1;
const FUNCTION *f2=_f2;
if(f1->type != f2->type)
return f1->type-f2->type;
return strcmp(f1->name,f2->name);
}
static void list_pkey(BIO *out)
{
int i;
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++)
{
const EVP_PKEY_ASN1_METHOD *ameth;
int pkey_id, pkey_base_id, pkey_flags;
const char *pinfo, *pem_str;
ameth = EVP_PKEY_asn1_get0(i);
EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
&pinfo, &pem_str, ameth);
if (pkey_flags & ASN1_PKEY_ALIAS)
{
BIO_printf(out, "Name: %s\n",
OBJ_nid2ln(pkey_id));
BIO_printf(out, "\tType: Alias to %s\n",
OBJ_nid2ln(pkey_base_id));
}
else
{
BIO_printf(out, "Name: %s\n", pinfo);
BIO_printf(out, "\tType: %s Algorithm\n",
pkey_flags & ASN1_PKEY_DYNAMIC ?
"External" : "Builtin");
BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
if (pem_str == NULL)
pem_str = "(none)";
BIO_printf(out, "\tPEM string: %s\n", pem_str);
}
}
}
static void list_cipher_fn(const EVP_CIPHER *c,
const char *from, const char *to, void *arg)
{
if (c)
BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
else
{
if (!from)
from = "<undefined>";
if (!to)
to = "<undefined>";
BIO_printf(arg, "%s => %s\n", from, to);
}
}
static void list_cipher(BIO *out)
{
EVP_CIPHER_do_all_sorted(list_cipher_fn, out);
}
static void list_md_fn(const EVP_MD *m,
const char *from, const char *to, void *arg)
{
if (m)
BIO_printf(arg, "%s\n", EVP_MD_name(m));
else
{
if (!from)
from = "<undefined>";
if (!to)
to = "<undefined>";
BIO_printf(arg, "%s => %s\n", from, to);
}
}
static void list_md(BIO *out)
{
EVP_MD_do_all_sorted(list_md_fn, out);
}
static int MS_CALLBACK function_cmp(const FUNCTION *a, const FUNCTION *b)
{
return strncmp(a->name,b->name,8);
}
static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION)
static unsigned long MS_CALLBACK function_hash(const FUNCTION *a)
{
return lh_strhash(a->name);
}
static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION)
static LHASH_OF(FUNCTION) *prog_init(void)
{
LHASH_OF(FUNCTION) *ret;
FUNCTION *f;
size_t i;
/* Purely so it looks nice when the user hits ? */
for(i=0,f=functions ; f->name != NULL ; ++f,++i)
;
qsort(functions,i,sizeof *functions,SortFnByName);
if ((ret=lh_FUNCTION_new()) == NULL)
return(NULL);
for (f=functions; f->name != NULL; f++)
(void)lh_FUNCTION_insert(ret,f);
return(ret);
}

View File

@ -0,0 +1,350 @@
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = md5, sha1 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)

512
jni/openssl/apps/passwd.c Normal file
View File

@ -0,0 +1,512 @@
/* apps/passwd.c */
#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
# define NO_MD5CRYPT_1
#endif
#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
#include <assert.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_DES
# include <openssl/des.h>
#endif
#ifndef NO_MD5CRYPT_1
# include <openssl/md5.h>
#endif
#undef PROG
#define PROG passwd_main
static unsigned const char cov_2char[64]={
/* from crypto/des/fcrypt.c */
0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
};
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table, int reverse,
size_t pw_maxlen, int usecrypt, int use1, int useapr1);
/* -crypt - standard Unix password algorithm (default)
* -1 - MD5-based password algorithm
* -apr1 - MD5-based password algorithm, Apache variant
* -salt string - salt
* -in file - read passwords from file
* -stdin - read passwords from stdin
* -noverify - never verify when reading password from terminal
* -quiet - no warnings
* -table - format output as table
* -reverse - switch table columns
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int ret = 1;
char *infile = NULL;
int in_stdin = 0;
int in_noverify = 0;
char *salt = NULL, *passwd = NULL, **passwds = NULL;
char *salt_malloc = NULL, *passwd_malloc = NULL;
size_t passwd_malloc_size = 0;
int pw_source_defined = 0;
BIO *in = NULL, *out = NULL;
int i, badopt, opt_done;
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
int usecrypt = 0, use1 = 0, useapr1 = 0;
size_t pw_maxlen = 0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
out = BIO_new(BIO_s_file());
if (out == NULL)
goto err;
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
badopt = 0, opt_done = 0;
i = 0;
while (!badopt && !opt_done && argv[++i] != NULL)
{
if (strcmp(argv[i], "-crypt") == 0)
usecrypt = 1;
else if (strcmp(argv[i], "-1") == 0)
use1 = 1;
else if (strcmp(argv[i], "-apr1") == 0)
useapr1 = 1;
else if (strcmp(argv[i], "-salt") == 0)
{
if ((argv[i+1] != NULL) && (salt == NULL))
{
passed_salt = 1;
salt = argv[++i];
}
else
badopt = 1;
}
else if (strcmp(argv[i], "-in") == 0)
{
if ((argv[i+1] != NULL) && !pw_source_defined)
{
pw_source_defined = 1;
infile = argv[++i];
}
else
badopt = 1;
}
else if (strcmp(argv[i], "-stdin") == 0)
{
if (!pw_source_defined)
{
pw_source_defined = 1;
in_stdin = 1;
}
else
badopt = 1;
}
else if (strcmp(argv[i], "-noverify") == 0)
in_noverify = 1;
else if (strcmp(argv[i], "-quiet") == 0)
quiet = 1;
else if (strcmp(argv[i], "-table") == 0)
table = 1;
else if (strcmp(argv[i], "-reverse") == 0)
reverse = 1;
else if (argv[i][0] == '-')
badopt = 1;
else if (!pw_source_defined)
/* non-option arguments, use as passwords */
{
pw_source_defined = 1;
passwds = &argv[i];
opt_done = 1;
}
else
badopt = 1;
}
if (!usecrypt && !use1 && !useapr1) /* use default */
usecrypt = 1;
if (usecrypt + use1 + useapr1 > 1) /* conflict */
badopt = 1;
/* reject unsupported algorithms */
#ifdef OPENSSL_NO_DES
if (usecrypt) badopt = 1;
#endif
#ifdef NO_MD5CRYPT_1
if (use1 || useapr1) badopt = 1;
#endif
if (badopt)
{
BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
BIO_printf(bio_err, "where options are\n");
#ifndef OPENSSL_NO_DES
BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
#endif
#ifndef NO_MD5CRYPT_1
BIO_printf(bio_err, "-1 MD5-based password algorithm\n");
BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n");
#endif
BIO_printf(bio_err, "-salt string use provided salt\n");
BIO_printf(bio_err, "-in file read passwords from file\n");
BIO_printf(bio_err, "-stdin read passwords from stdin\n");
BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n");
BIO_printf(bio_err, "-quiet no warnings\n");
BIO_printf(bio_err, "-table format output as table\n");
BIO_printf(bio_err, "-reverse switch table columns\n");
goto err;
}
if ((infile != NULL) || in_stdin)
{
in = BIO_new(BIO_s_file());
if (in == NULL)
goto err;
if (infile != NULL)
{
assert(in_stdin == 0);
if (BIO_read_filename(in, infile) <= 0)
goto err;
}
else
{
assert(in_stdin);
BIO_set_fp(in, stdin, BIO_NOCLOSE);
}
}
if (usecrypt)
pw_maxlen = 8;
else if (use1 || useapr1)
pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
if (passwds == NULL)
{
/* no passwords on the command line */
passwd_malloc_size = pw_maxlen + 2;
/* longer than necessary so that we can warn about truncation */
passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
if (passwd_malloc == NULL)
goto err;
}
if ((in == NULL) && (passwds == NULL))
{
/* build a null-terminated list */
static char *passwds_static[2] = {NULL, NULL};
passwds = passwds_static;
if (in == NULL)
if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
goto err;
passwds[0] = passwd_malloc;
}
if (in == NULL)
{
assert(passwds != NULL);
assert(*passwds != NULL);
do /* loop over list of passwords */
{
passwd = *passwds++;
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
goto err;
}
while (*passwds != NULL);
}
else
/* in != NULL */
{
int done;
assert (passwd != NULL);
do
{
int r = BIO_gets(in, passwd, pw_maxlen + 1);
if (r > 0)
{
char *c = (strchr(passwd, '\n')) ;
if (c != NULL)
*c = 0; /* truncate at newline */
else
{
/* ignore rest of line */
char trash[BUFSIZ];
do
r = BIO_gets(in, trash, sizeof trash);
while ((r > 0) && (!strchr(trash, '\n')));
}
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
goto err;
}
done = (r <= 0);
}
while (!done);
}
ret = 0;
err:
ERR_print_errors(bio_err);
if (salt_malloc)
OPENSSL_free(salt_malloc);
if (passwd_malloc)
OPENSSL_free(passwd_malloc);
if (in)
BIO_free(in);
if (out)
BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#ifndef NO_MD5CRYPT_1
/* MD5-based password algorithm (should probably be available as a library
* function; then the static buffer would not be acceptable).
* For magic string "1", this should be compatible to the MD5-based BSD
* password algorithm.
* For 'magic' string "apr1", this is compatible to the MD5-based Apache
* password algorithm.
* (Apparently, the Apache password algorithm is identical except that the
* 'magic' string was changed -- the laziest application of the NIH principle
* I've ever encountered.)
*/
static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{
static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
unsigned char buf[MD5_DIGEST_LENGTH];
char *salt_out;
int n;
unsigned int i;
EVP_MD_CTX md,md2;
size_t passwd_len, salt_len;
passwd_len = strlen(passwd);
out_buf[0] = '$';
out_buf[1] = 0;
assert(strlen(magic) <= 4); /* "1" or "apr1" */
strncat(out_buf, magic, 4);
strncat(out_buf, "$", 1);
strncat(out_buf, salt, 8);
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
salt_out = out_buf + 2 + strlen(magic);
salt_len = strlen(salt_out);
assert(salt_len <= 8);
EVP_MD_CTX_init(&md);
EVP_DigestInit_ex(&md,EVP_md5(), NULL);
EVP_DigestUpdate(&md, passwd, passwd_len);
EVP_DigestUpdate(&md, "$", 1);
EVP_DigestUpdate(&md, magic, strlen(magic));
EVP_DigestUpdate(&md, "$", 1);
EVP_DigestUpdate(&md, salt_out, salt_len);
EVP_MD_CTX_init(&md2);
EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, salt_out, salt_len);
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
EVP_DigestUpdate(&md, buf, sizeof buf);
EVP_DigestUpdate(&md, buf, i);
n = passwd_len;
while (n)
{
EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
n >>= 1;
}
EVP_DigestFinal_ex(&md, buf, NULL);
for (i = 0; i < 1000; i++)
{
EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
(i & 1) ? passwd_len : sizeof buf);
if (i % 3)
EVP_DigestUpdate(&md2, salt_out, salt_len);
if (i % 7)
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,
(i & 1) ? sizeof buf : passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
}
EVP_MD_CTX_cleanup(&md2);
{
/* transform buf into output string */
unsigned char buf_perm[sizeof buf];
int dest, source;
char *output;
/* silly output permutation */
for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)
buf_perm[dest] = buf[source];
buf_perm[14] = buf[5];
buf_perm[15] = buf[11];
#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
assert(16 == sizeof buf_perm);
#endif
output = salt_out + salt_len;
assert(output == out_buf + strlen(out_buf));
*output++ = '$';
for (i = 0; i < 15; i += 3)
{
*output++ = cov_2char[buf_perm[i+2] & 0x3f];
*output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
(buf_perm[i+2] >> 6)];
*output++ = cov_2char[((buf_perm[i] & 3) << 4) |
(buf_perm[i+1] >> 4)];
*output++ = cov_2char[buf_perm[i] >> 2];
}
assert(i == 15);
*output++ = cov_2char[buf_perm[i] & 0x3f];
*output++ = cov_2char[buf_perm[i] >> 6];
*output = 0;
assert(strlen(out_buf) < sizeof(out_buf));
}
EVP_MD_CTX_cleanup(&md);
return out_buf;
}
#endif
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table, int reverse,
size_t pw_maxlen, int usecrypt, int use1, int useapr1)
{
char *hash = NULL;
assert(salt_p != NULL);
assert(salt_malloc_p != NULL);
/* first make sure we have a salt */
if (!passed_salt)
{
#ifndef OPENSSL_NO_DES
if (usecrypt)
{
if (*salt_malloc_p == NULL)
{
*salt_p = *salt_malloc_p = OPENSSL_malloc(3);
if (*salt_malloc_p == NULL)
goto err;
}
if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
goto err;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
(*salt_p)[2] = 0;
#ifdef CHARSET_EBCDIC
ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
* back to ASCII */
#endif
}
#endif /* !OPENSSL_NO_DES */
#ifndef NO_MD5CRYPT_1
if (use1 || useapr1)
{
int i;
if (*salt_malloc_p == NULL)
{
*salt_p = *salt_malloc_p = OPENSSL_malloc(9);
if (*salt_malloc_p == NULL)
goto err;
}
if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
goto err;
for (i = 0; i < 8; i++)
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
(*salt_p)[8] = 0;
}
#endif /* !NO_MD5CRYPT_1 */
}
assert(*salt_p != NULL);
/* truncate password if necessary */
if ((strlen(passwd) > pw_maxlen))
{
if (!quiet)
/* XXX: really we should know how to print a size_t, not cast it */
BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
passwd[pw_maxlen] = 0;
}
assert(strlen(passwd) <= pw_maxlen);
/* now compute password hash */
#ifndef OPENSSL_NO_DES
if (usecrypt)
hash = DES_crypt(passwd, *salt_p);
#endif
#ifndef NO_MD5CRYPT_1
if (use1 || useapr1)
hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
#endif
assert(hash != NULL);
if (table && !reverse)
BIO_printf(out, "%s\t%s\n", passwd, hash);
else if (table && reverse)
BIO_printf(out, "%s\t%s\n", hash, passwd);
else
BIO_printf(out, "%s\n", hash);
return 1;
err:
return 0;
}
#else
int MAIN(int argc, char **argv)
{
fputs("Program not available.\n", stderr)
OPENSSL_EXIT(1);
}
#endif

View File

@ -0,0 +1 @@
07

View File

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo
MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj
Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX
MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3
vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz
IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv
wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L
Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV
-----END CERTIFICATE REQUEST-----

977
jni/openssl/apps/pkcs12.c Normal file
View File

@ -0,0 +1,977 @@
/* pkcs12.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/opensslconf.h>
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#define PROG pkcs12_main
const EVP_CIPHER *enc;
#define NOKEYS 0x1
#define NOCERTS 0x2
#define INFO 0x4
#define CLCERTS 0x8
#define CACERTS 0x10
int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
int passlen, int options, char *pempass);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
int alg_print(BIO *x, X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
static int set_pbe(BIO *err, int *ppbe, const char *str);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char *infile=NULL, *outfile=NULL, *keyname = NULL;
char *certfile=NULL;
BIO *in=NULL, *out = NULL;
char **args;
char *name = NULL;
char *csp_name = NULL;
int add_lmk = 0;
PKCS12 *p12 = NULL;
char pass[50], macpass[50];
int export_cert = 0;
int options = 0;
int chain = 0;
int badarg = 0;
int iter = PKCS12_DEFAULT_ITER;
int maciter = PKCS12_DEFAULT_ITER;
int twopass = 0;
int keytype = 0;
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1;
int macver = 1;
int noprompt = 0;
STACK_OF(OPENSSL_STRING) *canames = NULL;
char *cpass = NULL, *mpass = NULL;
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *macalg = NULL;
char *CApath = NULL, *CAfile = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
apps_startup();
enc = EVP_des_ede3_cbc();
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
args = argv + 1;
while (*args) {
if (*args[0] == '-') {
if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
else if (!strcmp (*args, "-info")) options |= INFO;
else if (!strcmp (*args, "-chain")) chain = 1;
else if (!strcmp (*args, "-twopass")) twopass = 1;
else if (!strcmp (*args, "-nomacver")) macver = 0;
else if (!strcmp (*args, "-descert"))
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else if (!strcmp (*args, "-export")) export_cert = 1;
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
#ifndef OPENSSL_NO_IDEA
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
#endif
#ifndef OPENSSL_NO_SEED
else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
#endif
#ifndef OPENSSL_NO_AES
else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
#endif
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-maciter"))
maciter = PKCS12_DEFAULT_ITER;
else if (!strcmp (*args, "-nomaciter"))
maciter = 1;
else if (!strcmp (*args, "-nomac"))
maciter = -1;
else if (!strcmp (*args, "-macalg"))
if (args[1]) {
args++;
macalg = *args;
} else badarg = 1;
else if (!strcmp (*args, "-nodes")) enc=NULL;
else if (!strcmp (*args, "-certpbe")) {
if (!set_pbe(bio_err, &cert_pbe, *++args))
badarg = 1;
} else if (!strcmp (*args, "-keypbe")) {
if (!set_pbe(bio_err, &key_pbe, *++args))
badarg = 1;
} else if (!strcmp (*args, "-rand")) {
if (args[1]) {
args++;
inrand = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-inkey")) {
if (args[1]) {
args++;
keyname = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-certfile")) {
if (args[1]) {
args++;
certfile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-name")) {
if (args[1]) {
args++;
name = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-LMK"))
add_lmk = 1;
else if (!strcmp (*args, "-CSP")) {
if (args[1]) {
args++;
csp_name = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-caname")) {
if (args[1]) {
args++;
if (!canames) canames = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(canames, *args);
} else badarg = 1;
} else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
passargin = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-passout")) {
if (args[1]) {
args++;
passargout = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-password")) {
if (args[1]) {
args++;
passarg = *args;
noprompt = 1;
} else badarg = 1;
} else if (!strcmp(*args,"-CApath")) {
if (args[1]) {
args++;
CApath = *args;
} else badarg = 1;
} else if (!strcmp(*args,"-CAfile")) {
if (args[1]) {
args++;
CAfile = *args;
} else badarg = 1;
#ifndef OPENSSL_NO_ENGINE
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
#endif
} else badarg = 1;
} else badarg = 1;
args++;
}
if (badarg) {
BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
BIO_printf (bio_err, "where options are\n");
BIO_printf (bio_err, "-export output PKCS12 file\n");
BIO_printf (bio_err, "-chain add certificate chain\n");
BIO_printf (bio_err, "-inkey file private key if not infile\n");
BIO_printf (bio_err, "-certfile f add all certs in f\n");
BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n");
BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n");
BIO_printf (bio_err, "-name \"name\" use name as friendly name\n");
BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
BIO_printf (bio_err, "-in infile input filename\n");
BIO_printf (bio_err, "-out outfile output filename\n");
BIO_printf (bio_err, "-noout don't output anything, just verify.\n");
BIO_printf (bio_err, "-nomacver don't verify MAC.\n");
BIO_printf (bio_err, "-nocerts don't output certificates.\n");
BIO_printf (bio_err, "-clcerts only output client certificates.\n");
BIO_printf (bio_err, "-cacerts only output CA certificates.\n");
BIO_printf (bio_err, "-nokeys don't output private keys.\n");
BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n");
BIO_printf (bio_err, "-des encrypt private keys with DES\n");
BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
#ifndef OPENSSL_NO_IDEA
BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
#endif
#ifndef OPENSSL_NO_SEED
BIO_printf (bio_err, "-seed encrypt private keys with seed\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
#endif
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
BIO_printf (bio_err, "-nomaciter don't use MAC iteration\n");
BIO_printf (bio_err, "-maciter use MAC iteration\n");
BIO_printf (bio_err, "-nomac don't generate MAC\n");
BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
BIO_printf (bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n");
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
BIO_printf (bio_err, "-keysig set MS key signature type\n");
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(passarg) {
if(export_cert) passargout = passarg;
else passargin = passarg;
}
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if(!cpass) {
if(export_cert) cpass = passout;
else cpass = passin;
}
if(cpass) {
mpass = cpass;
noprompt = 1;
} else {
cpass = pass;
mpass = macpass;
}
if(export_cert || inrand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
ERR_load_crypto_strings();
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read files");
#endif
if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
else in = BIO_new_file(infile, "rb");
if (!in) {
BIO_printf(bio_err, "Error opening input file %s\n",
infile ? infile : "<stdin>");
perror (infile);
goto end;
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("write files");
#endif
if (!outfile) {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
} else out = BIO_new_file(outfile, "wb");
if (!out) {
BIO_printf(bio_err, "Error opening output file %s\n",
outfile ? outfile : "<stdout>");
perror (outfile);
goto end;
}
if (twopass) {
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read MAC password");
#endif
if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
{
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
}
if (export_cert) {
EVP_PKEY *key = NULL;
X509 *ucert = NULL, *x = NULL;
STACK_OF(X509) *certs=NULL;
const EVP_MD *macmd = NULL;
unsigned char *catmp = NULL;
int i;
if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
{
BIO_printf(bio_err, "Nothing to do!\n");
goto export_end;
}
if (options & NOCERTS)
chain = 0;
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("process -export_cert");
CRYPTO_push_info("reading private key");
#endif
if (!(options & NOKEYS))
{
key = load_key(bio_err, keyname ? keyname : infile,
FORMAT_PEM, 1, passin, e, "private key");
if (!key)
goto export_end;
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from input");
#endif
/* Load in all certs in input file */
if(!(options & NOCERTS))
{
certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
"certificates");
if (!certs)
goto export_end;
if (key)
{
/* Look for matching private key */
for(i = 0; i < sk_X509_num(certs); i++)
{
x = sk_X509_value(certs, i);
if(X509_check_private_key(x, key))
{
ucert = x;
/* Zero keyid and alias */
X509_keyid_set1(ucert, NULL, 0);
X509_alias_set1(ucert, NULL, 0);
/* Remove from list */
(void)sk_X509_delete(certs, i);
break;
}
}
if (!ucert)
{
BIO_printf(bio_err, "No certificate matches private key\n");
goto export_end;
}
}
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from input 2");
#endif
/* Add any more certificates asked for */
if(certfile)
{
STACK_OF(X509) *morecerts=NULL;
if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
NULL, e,
"certificates from certfile")))
goto export_end;
while(sk_X509_num(morecerts) > 0)
sk_X509_push(certs, sk_X509_shift(morecerts));
sk_X509_free(morecerts);
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from certfile");
#endif
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building chain");
#endif
/* If chaining get chain from user cert */
if (chain) {
int vret;
STACK_OF(X509) *chain2;
X509_STORE *store = X509_STORE_new();
if (!store)
{
BIO_printf (bio_err, "Memory allocation error\n");
goto export_end;
}
if (!X509_STORE_load_locations(store, CAfile, CApath))
X509_STORE_set_default_paths (store);
vret = get_cert_chain (ucert, store, &chain2);
X509_STORE_free(store);
if (!vret) {
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num (chain2) ; i++)
sk_X509_push(certs, sk_X509_value (chain2, i));
/* Free first certificate */
X509_free(sk_X509_value(chain2, 0));
sk_X509_free(chain2);
} else {
if (vret >= 0)
BIO_printf (bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
else
ERR_print_errors(bio_err);
goto export_end;
}
}
/* Add any CA names */
for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++)
{
catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
}
if (csp_name && key)
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
MBSTRING_ASC, (unsigned char *)csp_name, -1);
if (add_lmk && key)
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading password");
#endif
if(!noprompt &&
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
{
BIO_printf (bio_err, "Can't read Password\n");
goto export_end;
}
if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("creating PKCS#12 structure");
#endif
p12 = PKCS12_create(cpass, name, key, ucert, certs,
key_pbe, cert_pbe, iter, -1, keytype);
if (!p12)
{
ERR_print_errors (bio_err);
goto export_end;
}
if (macalg)
{
macmd = EVP_get_digestbyname(macalg);
if (!macmd)
{
BIO_printf(bio_err, "Unknown digest algorithm %s\n",
macalg);
}
}
if (maciter != -1)
PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("writing pkcs12");
#endif
i2d_PKCS12_bio(out, p12);
ret = 0;
export_end:
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_pop_info();
CRYPTO_push_info("process -export_cert: freeing");
#endif
if (key) EVP_PKEY_free(key);
if (certs) sk_X509_pop_free(certs, X509_free);
if (ucert) X509_free(ucert);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
goto end;
}
if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
ERR_print_errors(bio_err);
goto end;
}
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read import password");
#endif
if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
if(macver) {
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("verify MAC");
#endif
/* If we enter empty password try no password first */
if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
/* If mac and crypto pass the same set it to NULL too */
if(!twopass) cpass = NULL;
} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
BIO_printf (bio_err, "Mac verify error: invalid password?\n");
ERR_print_errors (bio_err);
goto end;
}
BIO_printf (bio_err, "MAC verified OK\n");
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
}
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("output keys and certificates");
#endif
if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) {
BIO_printf(bio_err, "Error outputting keys and certificates\n");
ERR_print_errors (bio_err);
goto end;
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
ret = 0;
end:
if (p12) PKCS12_free(p12);
if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
#ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
#endif
BIO_free(in);
BIO_free_all(out);
if (canames) sk_OPENSSL_STRING_free(canames);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
int passlen, int options, char *pempass)
{
STACK_OF(PKCS7) *asafes = NULL;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid;
int ret = 0;
PKCS7 *p7;
if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
p7 = sk_PKCS7_value (asafes, i);
bagnid = OBJ_obj2nid (p7->type);
if (bagnid == NID_pkcs7_data) {
bags = PKCS12_unpack_p7data(p7);
if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
} else if (bagnid == NID_pkcs7_encrypted) {
if (options & INFO) {
BIO_printf(bio_err, "PKCS7 Encrypted data: ");
alg_print(bio_err,
p7->d.encrypted->enc_data->algorithm);
}
bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
} else continue;
if (!bags) goto err;
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
options, pempass)) {
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
goto err;
}
sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
bags = NULL;
}
ret = 1;
err:
if (asafes)
sk_PKCS7_pop_free (asafes, PKCS7_free);
return ret;
}
int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
char *pass, int passlen, int options, char *pempass)
{
int i;
for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
if (!dump_certs_pkeys_bag (out,
sk_PKCS12_SAFEBAG_value (bags, i),
pass, passlen,
options, pempass))
return 0;
}
return 1;
}
int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
int passlen, int options, char *pempass)
{
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
switch (M_PKCS12_bag_type(bag))
{
case NID_keyBag:
if (options & INFO) BIO_printf (bio_err, "Key bag\n");
if (options & NOKEYS) return 1;
print_attribs (out, bag->attrib, "Bag Attributes");
p8 = bag->value.keybag;
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
print_attribs (out, p8->attributes, "Key Attributes");
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
case NID_pkcs8ShroudedKeyBag:
if (options & INFO) {
BIO_printf (bio_err, "Shrouded Keybag: ");
alg_print (bio_err, bag->value.shkeybag->algor);
}
if (options & NOKEYS) return 1;
print_attribs (out, bag->attrib, "Bag Attributes");
if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
return 0;
if (!(pkey = EVP_PKCS82PKEY (p8))) {
PKCS8_PRIV_KEY_INFO_free(p8);
return 0;
}
print_attribs (out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
case NID_certBag:
if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
if (options & NOCERTS) return 1;
if (PKCS12_get_attr(bag, NID_localKeyID)) {
if (options & CACERTS) return 1;
} else if (options & CLCERTS) return 1;
print_attribs (out, bag->attrib, "Bag Attributes");
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
return 1;
if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
dump_cert_text (out, x509);
PEM_write_bio_X509 (out, x509);
X509_free(x509);
break;
case NID_safeContentsBag:
if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
print_attribs (out, bag->attrib, "Bag Attributes");
return dump_certs_pkeys_bags (out, bag->value.safes, pass,
passlen, options, pempass);
default:
BIO_printf (bio_err, "Warning unsupported bag type: ");
i2a_ASN1_OBJECT (bio_err, bag->type);
BIO_printf (bio_err, "\n");
return 1;
break;
}
return 1;
}
/* Given a single certificate return a verified chain or NULL if error */
/* Hope this is OK .... */
int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
{
X509_STORE_CTX store_ctx;
STACK_OF(X509) *chn;
int i = 0;
/* FIXME: Should really check the return status of X509_STORE_CTX_init
* for an error, but how that fits into the return value of this
* function is less obvious. */
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error (&store_ctx);
if (i == 0)
/* avoid returning 0 if X509_verify_cert() did not
* set an appropriate error value in the context */
i = -1;
chn = NULL;
goto err;
} else
chn = X509_STORE_CTX_get1_chain(&store_ctx);
err:
X509_STORE_CTX_cleanup(&store_ctx);
*chain = chn;
return i;
}
int alg_print (BIO *x, X509_ALGOR *alg)
{
PBEPARAM *pbe;
const unsigned char *p;
p = alg->parameter->value.sequence->data;
pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
if (!pbe)
return 1;
BIO_printf (bio_err, "%s, Iteration %ld\n",
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free (pbe);
return 1;
}
/* Load all certificates from a given file */
int cert_load(BIO *in, STACK_OF(X509) *sk)
{
int ret;
X509 *cert;
ret = 0;
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("cert_load(): reading one cert");
#endif
while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
ret = 1;
sk_X509_push(sk, cert);
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("cert_load(): reading one cert");
#endif
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
#endif
if(ret) ERR_clear_error();
return ret;
}
/* Generalised attribute print: handle PKCS#8 and bag attributes */
int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *av;
char *value;
int i, attr_nid;
if(!attrlst) {
BIO_printf(out, "%s: <No Attributes>\n", name);
return 1;
}
if(!sk_X509_ATTRIBUTE_num(attrlst)) {
BIO_printf(out, "%s: <Empty Attributes>\n", name);
return 1;
}
BIO_printf(out, "%s\n", name);
for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
attr = sk_X509_ATTRIBUTE_value(attrlst, i);
attr_nid = OBJ_obj2nid(attr->object);
BIO_printf(out, " ");
if(attr_nid == NID_undef) {
i2a_ASN1_OBJECT (out, attr->object);
BIO_printf(out, ": ");
} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
if(sk_ASN1_TYPE_num(attr->value.set)) {
av = sk_ASN1_TYPE_value(attr->value.set, 0);
switch(av->type) {
case V_ASN1_BMPSTRING:
value = OPENSSL_uni2asc(av->value.bmpstring->data,
av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
OPENSSL_free(value);
break;
case V_ASN1_OCTET_STRING:
hex_prin(out, av->value.octet_string->data,
av->value.octet_string->length);
BIO_printf(out, "\n");
break;
case V_ASN1_BIT_STRING:
hex_prin(out, av->value.bit_string->data,
av->value.bit_string->length);
BIO_printf(out, "\n");
break;
default:
BIO_printf(out, "<Unsupported tag %d>\n", av->type);
break;
}
} else BIO_printf(out, "<No Values>\n");
}
return 1;
}
void hex_prin(BIO *out, unsigned char *buf, int len)
{
int i;
for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
}
static int set_pbe(BIO *err, int *ppbe, const char *str)
{
if (!str)
return 0;
if (!strcmp(str, "NONE"))
{
*ppbe = -1;
return 1;
}
*ppbe=OBJ_txt2nid(str);
if (*ppbe == NID_undef)
{
BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
return 0;
}
return 1;
}
#endif

320
jni/openssl/apps/pkcs7.c Normal file
View File

@ -0,0 +1,320 @@
/* apps/pkcs7.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "apps.h"
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#undef PROG
#define PROG pkcs7_main
/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -print_certs
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
int informat,outformat;
char *infile,*outfile,*prog;
int print_certs=0,text=0,noout=0,p7_print=0;
int ret=1;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-print") == 0)
p7_print=1;
else if (strcmp(*argv,"-print_certs") == 0)
print_certs=1;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
ret = 1;
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
if (in == NULL)
{
perror(infile);
goto end;
}
}
if (informat == FORMAT_ASN1)
p7=d2i_PKCS7_bio(in,NULL);
else if (informat == FORMAT_PEM)
p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
else
{
BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
goto end;
}
if (p7 == NULL)
{
BIO_printf(bio_err,"unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
if (print_certs)
{
STACK_OF(X509) *certs=NULL;
STACK_OF(X509_CRL) *crls=NULL;
i=OBJ_obj2nid(p7->type);
switch (i)
{
case NID_pkcs7_signed:
certs=p7->d.sign->cert;
crls=p7->d.sign->crl;
break;
case NID_pkcs7_signedAndEnveloped:
certs=p7->d.signed_and_enveloped->cert;
crls=p7->d.signed_and_enveloped->crl;
break;
default:
break;
}
if (certs != NULL)
{
X509 *x;
for (i=0; i<sk_X509_num(certs); i++)
{
x=sk_X509_value(certs,i);
if(text) X509_print(out, x);
else dump_cert_text(out, x);
if(!noout) PEM_write_bio_X509(out,x);
BIO_puts(out,"\n");
}
}
if (crls != NULL)
{
X509_CRL *crl;
for (i=0; i<sk_X509_CRL_num(crls); i++)
{
crl=sk_X509_CRL_value(crls,i);
X509_CRL_print(out, crl);
if(!noout)PEM_write_bio_X509_CRL(out,crl);
BIO_puts(out,"\n");
}
}
ret=0;
goto end;
}
if(!noout) {
if (outformat == FORMAT_ASN1)
i=i2d_PKCS7_bio(out,p7);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_PKCS7(out,p7);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret=0;
end:
if (p7 != NULL) PKCS7_free(p7);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
}

439
jni/openssl/apps/pkcs8.c Normal file
View File

@ -0,0 +1,439 @@
/* pkcs8.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999-2004.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#define PROG pkcs8_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
int topk8 = 0;
int pbe_nid = -1;
const EVP_CIPHER *cipher = NULL;
int iter = PKCS12_DEFAULT_ITER;
int informat, outformat;
int p8_broken = PKCS8_OK;
int nocrypt = 0;
X509_SIG *p8 = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
EVP_PKEY *pkey=NULL;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
int ret = 1;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp(*args,"-v2"))
{
if (args[1])
{
args++;
cipher=EVP_get_cipherbyname(*args);
if (!cipher)
{
BIO_printf(bio_err,
"Unknown cipher %s\n", *args);
badarg = 1;
}
}
else
badarg = 1;
}
else if (!strcmp(*args,"-v1"))
{
if (args[1])
{
args++;
pbe_nid=OBJ_txt2nid(*args);
if (pbe_nid == NID_undef)
{
BIO_printf(bio_err,
"Unknown PBE algorithm %s\n", *args);
badarg = 1;
}
}
else
badarg = 1;
}
else if (!strcmp(*args,"-inform"))
{
if (args[1])
{
args++;
informat=str2fmt(*args);
}
else badarg = 1;
}
else if (!strcmp(*args,"-outform"))
{
if (args[1])
{
args++;
outformat=str2fmt(*args);
}
else badarg = 1;
}
else if (!strcmp (*args, "-topk8"))
topk8 = 1;
else if (!strcmp (*args, "-noiter"))
iter = 1;
else if (!strcmp (*args, "-nocrypt"))
nocrypt = 1;
else if (!strcmp (*args, "-nooct"))
p8_broken = PKCS8_NO_OCTET;
else if (!strcmp (*args, "-nsdb"))
p8_broken = PKCS8_NS_DB;
else if (!strcmp (*args, "-embed"))
p8_broken = PKCS8_EMBEDDED_PARAM;
else if (!strcmp(*args,"-passin"))
{
if (!args[1]) goto bad;
passargin= *(++args);
}
else if (!strcmp(*args,"-passout"))
{
if (!args[1]) goto bad;
passargout= *(++args);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
#endif
else if (!strcmp (*args, "-in"))
{
if (args[1])
{
args++;
infile = *args;
}
else badarg = 1;
}
else if (!strcmp (*args, "-out"))
{
if (args[1])
{
args++;
outfile = *args;
}
else badarg = 1;
}
else badarg = 1;
args++;
}
if (badarg)
{
bad:
BIO_printf(bio_err, "Usage pkcs8 [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n");
BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n");
BIO_printf(bio_err, "-nsdb use (nonstandard) DSA Netscape DB format\n");
BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
{
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if ((pbe_nid == -1) && !cipher)
pbe_nid = NID_pbeWithMD5AndDES_CBC;
if (infile)
{
if (!(in = BIO_new_file(infile, "rb")))
{
BIO_printf(bio_err,
"Can't open input file %s\n", infile);
goto end;
}
}
else
in = BIO_new_fp (stdin, BIO_NOCLOSE);
if (outfile)
{
if (!(out = BIO_new_file (outfile, "wb")))
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (topk8)
{
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "key");
if (!pkey)
goto end;
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
{
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
goto end;
}
if (nocrypt)
{
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
else if (outformat == FORMAT_ASN1)
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
else
{
if (passout)
p8pass = passout;
else
{
p8pass = pass;
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
goto end;
}
app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
p8pass, strlen(p8pass),
NULL, 0, iter, p8inf)))
{
BIO_printf(bio_err, "Error encrypting key\n");
ERR_print_errors(bio_err);
goto end;
}
app_RAND_write_file(NULL, bio_err);
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8(out, p8);
else if (outformat == FORMAT_ASN1)
i2d_PKCS8_bio(out, p8);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
ret = 0;
goto end;
}
if (nocrypt)
{
if (informat == FORMAT_PEM)
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
else if (informat == FORMAT_ASN1)
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
else
{
if (informat == FORMAT_PEM)
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
p8 = d2i_PKCS8_bio(in, NULL);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
if (!p8)
{
BIO_printf (bio_err, "Error reading key\n");
ERR_print_errors(bio_err);
goto end;
}
if (passin)
p8pass = passin;
else
{
p8pass = pass;
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
}
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
}
if (!p8inf)
{
BIO_printf(bio_err, "Error decrypting key\n");
ERR_print_errors(bio_err);
goto end;
}
if (!(pkey = EVP_PKCS82PKEY(p8inf)))
{
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
goto end;
}
if (p8inf->broken)
{
BIO_printf(bio_err, "Warning: broken key encoding: ");
switch (p8inf->broken)
{
case PKCS8_NO_OCTET:
BIO_printf(bio_err, "No Octet String in PrivateKey\n");
break;
case PKCS8_EMBEDDED_PARAM:
BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
break;
case PKCS8_NS_DB:
BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
break;
case PKCS8_NEG_PRIVKEY:
BIO_printf(bio_err, "DSA private key value is negative\n");
break;
default:
BIO_printf(bio_err, "Unknown broken type\n");
break;
}
}
if (outformat == FORMAT_PEM)
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
else if (outformat == FORMAT_ASN1)
i2d_PrivateKey_bio(out, pkey);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
ret = 0;
end:
X509_SIG_free(p8);
PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
return ret;
}

284
jni/openssl/apps/pkey.c Normal file
View File

@ -0,0 +1,284 @@
/* apps/pkey.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#define PROG pkey_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
const EVP_CIPHER *cipher = NULL;
int informat, outformat;
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
EVP_PKEY *pkey=NULL;
char *passin = NULL, *passout = NULL;
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
int ret = 1;
if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp(*args,"-inform"))
{
if (args[1])
{
args++;
informat=str2fmt(*args);
}
else badarg = 1;
}
else if (!strcmp(*args,"-outform"))
{
if (args[1])
{
args++;
outformat=str2fmt(*args);
}
else badarg = 1;
}
else if (!strcmp(*args,"-passin"))
{
if (!args[1]) goto bad;
passargin= *(++args);
}
else if (!strcmp(*args,"-passout"))
{
if (!args[1]) goto bad;
passargout= *(++args);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
#endif
else if (!strcmp (*args, "-in"))
{
if (args[1])
{
args++;
infile = *args;
}
else badarg = 1;
}
else if (!strcmp (*args, "-out"))
{
if (args[1])
{
args++;
outfile = *args;
}
else badarg = 1;
}
else if (strcmp(*args,"-pubin") == 0)
{
pubin=1;
pubout=1;
pubtext=1;
}
else if (strcmp(*args,"-pubout") == 0)
pubout=1;
else if (strcmp(*args,"-text_pub") == 0)
{
pubtext=1;
text=1;
}
else if (strcmp(*args,"-text") == 0)
text=1;
else if (strcmp(*args,"-noout") == 0)
noout=1;
else
{
cipher = EVP_get_cipherbyname(*args + 1);
if (!cipher)
{
BIO_printf(bio_err, "Unknown cipher %s\n",
*args + 1);
badarg = 1;
}
}
args++;
}
if (badarg)
{
bad:
BIO_printf(bio_err, "Usage pkey [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
return 1;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
{
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (outfile)
{
if (!(out = BIO_new_file (outfile, "wb")))
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1,
passin, e, "Public Key");
else
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "key");
if (!pkey)
goto end;
if (!noout)
{
if (outformat == FORMAT_PEM)
{
if (pubout)
PEM_write_bio_PUBKEY(out,pkey);
else
PEM_write_bio_PrivateKey(out, pkey, cipher,
NULL, 0, NULL, passout);
}
else if (outformat == FORMAT_ASN1)
{
if (pubout)
i2d_PUBKEY_bio(out, pkey);
else
i2d_PrivateKey_bio(out, pkey);
}
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
if (text)
{
if (pubtext)
EVP_PKEY_print_public(out, pkey, 0, NULL);
else
EVP_PKEY_print_private(out, pkey, 0, NULL);
}
ret = 0;
end:
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
return ret;
}

View File

@ -0,0 +1,200 @@
/* apps/pkeyparam.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#define PROG pkeyparam_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL;
int text = 0, noout = 0;
EVP_PKEY *pkey=NULL;
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
int ret = 1;
if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp (*args, "-in"))
{
if (args[1])
{
args++;
infile = *args;
}
else badarg = 1;
}
else if (!strcmp (*args, "-out"))
{
if (args[1])
{
args++;
outfile = *args;
}
else badarg = 1;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
#endif
else if (strcmp(*args,"-text") == 0)
text=1;
else if (strcmp(*args,"-noout") == 0)
noout=1;
args++;
}
if (badarg)
{
#ifndef OPENSSL_NO_ENGINE
bad:
#endif
BIO_printf(bio_err, "Usage pkeyparam [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-text print parameters as text\n");
BIO_printf(bio_err, "-noout don't output encoded parameters\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
return 1;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
if (infile)
{
if (!(in = BIO_new_file (infile, "r")))
{
BIO_printf(bio_err,
"Can't open input file %s\n", infile);
goto end;
}
}
else
in = BIO_new_fp (stdin, BIO_NOCLOSE);
if (outfile)
{
if (!(out = BIO_new_file (outfile, "w")))
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
pkey = PEM_read_bio_Parameters(in, NULL);
if (!pkey)
{
BIO_printf(bio_err, "Error reading parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (!noout)
PEM_write_bio_Parameters(out,pkey);
if (text)
EVP_PKEY_print_params(out, pkey, 0, NULL);
ret = 0;
end:
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
return ret;
}

570
jni/openssl/apps/pkeyutl.c Normal file
View File

@ -0,0 +1,570 @@
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "apps.h"
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#define KEY_PRIVKEY 1
#define KEY_PUBKEY 2
#define KEY_CERT 3
static void usage(void);
#undef PROG
#define PROG pkeyutl_main
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e);
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
unsigned char *in, size_t inlen);
int MAIN(int argc, char **);
int MAIN(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL, *sigfile = NULL;
ENGINE *e = NULL;
int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
char badarg = 0, rev = 0;
char hexdump = 0, asn1parse = 0;
EVP_PKEY_CTX *ctx = NULL;
char *passargin = NULL;
int keysize = -1;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
size_t buf_outlen;
int buf_inlen = 0, siglen = -1;
int ret = 1, rv = -1;
argc--;
argv++;
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
while(argc >= 1)
{
if (!strcmp(*argv,"-in"))
{
if (--argc < 1) badarg = 1;
else infile= *(++argv);
}
else if (!strcmp(*argv,"-out"))
{
if (--argc < 1) badarg = 1;
else outfile= *(++argv);
}
else if (!strcmp(*argv,"-sigfile"))
{
if (--argc < 1) badarg = 1;
else sigfile= *(++argv);
}
else if(!strcmp(*argv, "-inkey"))
{
if (--argc < 1)
badarg = 1;
else
{
ctx = init_ctx(&keysize,
*(++argv), keyform, key_type,
passargin, pkey_op, e);
if (!ctx)
{
BIO_puts(bio_err,
"Error initializing context\n");
ERR_print_errors(bio_err);
badarg = 1;
}
}
}
else if (!strcmp(*argv,"-peerkey"))
{
if (--argc < 1)
badarg = 1;
else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
badarg = 1;
}
else if (!strcmp(*argv,"-passin"))
{
if (--argc < 1) badarg = 1;
else passargin= *(++argv);
}
else if (strcmp(*argv,"-peerform") == 0)
{
if (--argc < 1) badarg = 1;
else peerform=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) badarg = 1;
else keyform=str2fmt(*(++argv));
}
#ifndef OPENSSL_NO_ENGINE
else if(!strcmp(*argv, "-engine"))
{
if (--argc < 1)
badarg = 1;
else
e = setup_engine(bio_err, *(++argv), 0);
}
#endif
else if(!strcmp(*argv, "-pubin"))
key_type = KEY_PUBKEY;
else if(!strcmp(*argv, "-certin"))
key_type = KEY_CERT;
else if(!strcmp(*argv, "-asn1parse"))
asn1parse = 1;
else if(!strcmp(*argv, "-hexdump"))
hexdump = 1;
else if(!strcmp(*argv, "-sign"))
pkey_op = EVP_PKEY_OP_SIGN;
else if(!strcmp(*argv, "-verify"))
pkey_op = EVP_PKEY_OP_VERIFY;
else if(!strcmp(*argv, "-verifyrecover"))
pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
else if(!strcmp(*argv, "-rev"))
rev = 1;
else if(!strcmp(*argv, "-encrypt"))
pkey_op = EVP_PKEY_OP_ENCRYPT;
else if(!strcmp(*argv, "-decrypt"))
pkey_op = EVP_PKEY_OP_DECRYPT;
else if(!strcmp(*argv, "-derive"))
pkey_op = EVP_PKEY_OP_DERIVE;
else if (strcmp(*argv,"-pkeyopt") == 0)
{
if (--argc < 1)
badarg = 1;
else if (!ctx)
{
BIO_puts(bio_err,
"-pkeyopt command before -inkey\n");
badarg = 1;
}
else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
{
BIO_puts(bio_err, "parameter setting error\n");
ERR_print_errors(bio_err);
goto end;
}
}
else badarg = 1;
if(badarg)
{
usage();
goto end;
}
argc--;
argv++;
}
if (!ctx)
{
usage();
goto end;
}
if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY))
{
BIO_puts(bio_err, "Signature file specified for non verify\n");
goto end;
}
if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY))
{
BIO_puts(bio_err, "No signature file specified for verify\n");
goto end;
}
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
if (pkey_op != EVP_PKEY_OP_DERIVE)
{
if(infile)
{
if(!(in = BIO_new_file(infile, "rb")))
{
BIO_puts(bio_err,
"Error Opening Input File\n");
ERR_print_errors(bio_err);
goto end;
}
}
else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
}
if(outfile)
{
if(!(out = BIO_new_file(outfile, "wb")))
{
BIO_printf(bio_err, "Error Creating Output File\n");
ERR_print_errors(bio_err);
goto end;
}
}
else
{
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (sigfile)
{
BIO *sigbio = BIO_new_file(sigfile, "rb");
if (!sigbio)
{
BIO_printf(bio_err, "Can't open signature file %s\n",
sigfile);
goto end;
}
siglen = bio_to_mem(&sig, keysize * 10, sigbio);
BIO_free(sigbio);
if (siglen <= 0)
{
BIO_printf(bio_err, "Error reading signature data\n");
goto end;
}
}
if (in)
{
/* Read the input data */
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
if(buf_inlen <= 0)
{
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
if(rev)
{
size_t i;
unsigned char ctmp;
size_t l = (size_t)buf_inlen;
for(i = 0; i < l/2; i++)
{
ctmp = buf_in[i];
buf_in[i] = buf_in[l - 1 - i];
buf_in[l - 1 - i] = ctmp;
}
}
}
if(pkey_op == EVP_PKEY_OP_VERIFY)
{
rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
buf_in, (size_t)buf_inlen);
if (rv == 0)
BIO_puts(out, "Signature Verification Failure\n");
else if (rv == 1)
BIO_puts(out, "Signature Verified Successfully\n");
if (rv >= 0)
goto end;
}
else
{
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
if (rv > 0)
{
buf_out = OPENSSL_malloc(buf_outlen);
if (!buf_out)
rv = -1;
else
rv = do_keyop(ctx, pkey_op,
buf_out, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
}
}
if(rv <= 0)
{
BIO_printf(bio_err, "Public Key operation error\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
if(asn1parse)
{
if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
ERR_print_errors(bio_err);
}
else if(hexdump)
BIO_dump(out, (char *)buf_out, buf_outlen);
else
BIO_write(out, buf_out, buf_outlen);
end:
if (ctx)
EVP_PKEY_CTX_free(ctx);
BIO_free(in);
BIO_free_all(out);
if (buf_in)
OPENSSL_free(buf_in);
if (buf_out)
OPENSSL_free(buf_out);
if (sig)
OPENSSL_free(sig);
return ret;
}
static void usage()
{
BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n");
BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
BIO_printf(bio_err, "-pubin input is a public key\n");
BIO_printf(bio_err, "-certin input is a certificate carrying a public key\n");
BIO_printf(bio_err, "-pkeyopt X:Y public key options\n");
BIO_printf(bio_err, "-sign sign with private key\n");
BIO_printf(bio_err, "-verify verify with public key\n");
BIO_printf(bio_err, "-verifyrecover verify with public key, recover original data\n");
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-derive derive shared secret\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-passin arg pass phrase source\n");
}
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
|| (pkey_op == EVP_PKEY_OP_DERIVE))
&& (key_type != KEY_PRIVKEY))
{
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
{
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
switch(key_type)
{
case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0,
passin, e, "Private Key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform, 0,
NULL, e, "Public Key");
break;
case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform,
NULL, e, "Certificate");
if(x)
{
pkey = X509_get_pubkey(x);
X509_free(x);
}
break;
}
*pkeysize = EVP_PKEY_size(pkey);
if (!pkey)
goto end;
ctx = EVP_PKEY_CTX_new(pkey, e);
EVP_PKEY_free(pkey);
if (!ctx)
goto end;
switch(pkey_op)
{
case EVP_PKEY_OP_SIGN:
rv = EVP_PKEY_sign_init(ctx);
break;
case EVP_PKEY_OP_VERIFY:
rv = EVP_PKEY_verify_init(ctx);
break;
case EVP_PKEY_OP_VERIFYRECOVER:
rv = EVP_PKEY_verify_recover_init(ctx);
break;
case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt_init(ctx);
break;
case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt_init(ctx);
break;
case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive_init(ctx);
break;
}
if (rv <= 0)
{
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
}
end:
if (passin)
OPENSSL_free(passin);
return ctx;
}
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file)
{
EVP_PKEY *peer = NULL;
int ret;
if (!ctx)
{
BIO_puts(err, "-peerkey command before -inkey\n");
return 0;
}
peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
if (!peer)
{
BIO_printf(bio_err, "Error reading peer key %s\n", file);
ERR_print_errors(err);
return 0;
}
ret = EVP_PKEY_derive_set_peer(ctx, peer);
EVP_PKEY_free(peer);
if (ret <= 0)
ERR_print_errors(err);
return ret;
}
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
unsigned char *in, size_t inlen)
{
int rv = 0;
switch(pkey_op)
{
case EVP_PKEY_OP_VERIFYRECOVER:
rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_SIGN:
rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive(ctx, out, poutlen);
break;
}
return rv;
}

160
jni/openssl/apps/prime.c Normal file
View File

@ -0,0 +1,160 @@
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <string.h>
#include "apps.h"
#include <openssl/bn.h>
#undef PROG
#define PROG prime_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int hex=0;
int checks=20;
int generate=0;
int bits=0;
int safe=0;
BIGNUM *bn=NULL;
BIO *bio_out;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
--argc;
++argv;
while (argc >= 1 && **argv == '-')
{
if(!strcmp(*argv,"-hex"))
hex=1;
else if(!strcmp(*argv,"-generate"))
generate=1;
else if(!strcmp(*argv,"-bits"))
if(--argc < 1)
goto bad;
else
bits=atoi(*++argv);
else if(!strcmp(*argv,"-safe"))
safe=1;
else if(!strcmp(*argv,"-checks"))
if(--argc < 1)
goto bad;
else
checks=atoi(*++argv);
else
{
BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
goto bad;
}
--argc;
++argv;
}
if (argv[0] == NULL && !generate)
{
BIO_printf(bio_err,"No prime specified\n");
goto bad;
}
if ((bio_out=BIO_new(BIO_s_file())) != NULL)
{
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
bio_out = BIO_push(tmpbio, bio_out);
}
#endif
}
if(generate)
{
char *s;
if(!bits)
{
BIO_printf(bio_err,"Specifiy the number of bits.\n");
return 1;
}
bn=BN_new();
BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL);
s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
BIO_printf(bio_out,"%s\n",s);
OPENSSL_free(s);
}
else
{
if(hex)
BN_hex2bn(&bn,argv[0]);
else
BN_dec2bn(&bn,argv[0]);
BN_print(bio_out,bn);
BIO_printf(bio_out," is %sprime\n",
BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
}
BN_free(bn);
BIO_free_all(bio_out);
return 0;
bad:
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"%-14s hex\n","-hex");
BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
return 1;
}

View File

@ -0,0 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF
6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9
Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo
F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3
XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE
jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy
vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh
JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf
PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM
POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS
gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz
8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v
Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC
dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==
-----END RSA PRIVATE KEY-----

364
jni/openssl/apps/progs.h Normal file
View File

@ -0,0 +1,364 @@
/* apps/progs.h */
/* automatically generated by progs.pl for openssl.c */
extern int verify_main(int argc,char *argv[]);
extern int asn1parse_main(int argc,char *argv[]);
extern int req_main(int argc,char *argv[]);
extern int dgst_main(int argc,char *argv[]);
extern int dh_main(int argc,char *argv[]);
extern int dhparam_main(int argc,char *argv[]);
extern int enc_main(int argc,char *argv[]);
extern int passwd_main(int argc,char *argv[]);
extern int gendh_main(int argc,char *argv[]);
extern int errstr_main(int argc,char *argv[]);
extern int ca_main(int argc,char *argv[]);
extern int crl_main(int argc,char *argv[]);
extern int rsa_main(int argc,char *argv[]);
extern int rsautl_main(int argc,char *argv[]);
extern int dsa_main(int argc,char *argv[]);
extern int dsaparam_main(int argc,char *argv[]);
extern int ec_main(int argc,char *argv[]);
extern int ecparam_main(int argc,char *argv[]);
extern int x509_main(int argc,char *argv[]);
extern int genrsa_main(int argc,char *argv[]);
extern int gendsa_main(int argc,char *argv[]);
extern int genpkey_main(int argc,char *argv[]);
extern int s_server_main(int argc,char *argv[]);
extern int s_client_main(int argc,char *argv[]);
extern int speed_main(int argc,char *argv[]);
extern int s_time_main(int argc,char *argv[]);
extern int version_main(int argc,char *argv[]);
extern int pkcs7_main(int argc,char *argv[]);
extern int cms_main(int argc,char *argv[]);
extern int crl2pkcs7_main(int argc,char *argv[]);
extern int sess_id_main(int argc,char *argv[]);
extern int ciphers_main(int argc,char *argv[]);
extern int nseq_main(int argc,char *argv[]);
extern int pkcs12_main(int argc,char *argv[]);
extern int pkcs8_main(int argc,char *argv[]);
extern int pkey_main(int argc,char *argv[]);
extern int pkeyparam_main(int argc,char *argv[]);
extern int pkeyutl_main(int argc,char *argv[]);
extern int spkac_main(int argc,char *argv[]);
extern int smime_main(int argc,char *argv[]);
extern int rand_main(int argc,char *argv[]);
extern int engine_main(int argc,char *argv[]);
extern int ocsp_main(int argc,char *argv[]);
extern int prime_main(int argc,char *argv[]);
extern int ts_main(int argc,char *argv[]);
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
#define FUNC_TYPE_CIPHER 3
#define FUNC_TYPE_PKEY 4
#define FUNC_TYPE_MD_ALG 5
#define FUNC_TYPE_CIPHER_ALG 6
typedef struct {
int type;
const char *name;
int (*func)(int argc,char *argv[]);
} FUNCTION;
DECLARE_LHASH_OF(FUNCTION);
FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"verify",verify_main},
{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
{FUNC_TYPE_GENERAL,"req",req_main},
{FUNC_TYPE_GENERAL,"dgst",dgst_main},
#ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL,"dh",dh_main},
#endif
#ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
#endif
{FUNC_TYPE_GENERAL,"enc",enc_main},
{FUNC_TYPE_GENERAL,"passwd",passwd_main},
#ifndef OPENSSL_NO_DH
{FUNC_TYPE_GENERAL,"gendh",gendh_main},
#endif
{FUNC_TYPE_GENERAL,"errstr",errstr_main},
{FUNC_TYPE_GENERAL,"ca",ca_main},
{FUNC_TYPE_GENERAL,"crl",crl_main},
#ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL,"rsa",rsa_main},
#endif
#ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
#endif
#ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL,"dsa",dsa_main},
#endif
#ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
#endif
#ifndef OPENSSL_NO_EC
{FUNC_TYPE_GENERAL,"ec",ec_main},
#endif
#ifndef OPENSSL_NO_EC
{FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
#endif
{FUNC_TYPE_GENERAL,"x509",x509_main},
#ifndef OPENSSL_NO_RSA
{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
#endif
#ifndef OPENSSL_NO_DSA
{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
#endif
{FUNC_TYPE_GENERAL,"genpkey",genpkey_main},
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"s_server",s_server_main},
#endif
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"s_client",s_client_main},
#endif
#ifndef OPENSSL_NO_SPEED
{FUNC_TYPE_GENERAL,"speed",speed_main},
#endif
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"s_time",s_time_main},
#endif
{FUNC_TYPE_GENERAL,"version",version_main},
{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
#ifndef OPENSSL_NO_CMS
{FUNC_TYPE_GENERAL,"cms",cms_main},
#endif
{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
#endif
{FUNC_TYPE_GENERAL,"nseq",nseq_main},
#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
#endif
{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
{FUNC_TYPE_GENERAL,"pkey",pkey_main},
{FUNC_TYPE_GENERAL,"pkeyparam",pkeyparam_main},
{FUNC_TYPE_GENERAL,"pkeyutl",pkeyutl_main},
{FUNC_TYPE_GENERAL,"spkac",spkac_main},
{FUNC_TYPE_GENERAL,"smime",smime_main},
{FUNC_TYPE_GENERAL,"rand",rand_main},
#ifndef OPENSSL_NO_ENGINE
{FUNC_TYPE_GENERAL,"engine",engine_main},
#endif
#ifndef OPENSSL_NO_OCSP
{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
#endif
{FUNC_TYPE_GENERAL,"prime",prime_main},
#if 0 /* ANDROID */
{FUNC_TYPE_GENERAL,"ts",ts_main},
#endif
#ifndef OPENSSL_NO_MD2
{FUNC_TYPE_MD,"md2",dgst_main},
#endif
#ifndef OPENSSL_NO_MD4
{FUNC_TYPE_MD,"md4",dgst_main},
#endif
#ifndef OPENSSL_NO_MD5
{FUNC_TYPE_MD,"md5",dgst_main},
#endif
#ifndef OPENSSL_NO_SHA
{FUNC_TYPE_MD,"sha",dgst_main},
#endif
#ifndef OPENSSL_NO_SHA1
{FUNC_TYPE_MD,"sha1",dgst_main},
#endif
#ifndef OPENSSL_NO_MDC2
{FUNC_TYPE_MD,"mdc2",dgst_main},
#endif
#ifndef OPENSSL_NO_RMD160
{FUNC_TYPE_MD,"rmd160",dgst_main},
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_CAMELLIA
{FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
#endif
{FUNC_TYPE_CIPHER,"base64",enc_main},
#ifdef ZLIB
{FUNC_TYPE_CIPHER,"zlib",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des3",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"desx",enc_main},
#endif
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea",enc_main},
#endif
#ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER,"seed",enc_main},
#endif
#ifndef OPENSSL_NO_RC4
{FUNC_TYPE_CIPHER,"rc4",enc_main},
#endif
#ifndef OPENSSL_NO_RC4
{FUNC_TYPE_CIPHER,"rc4-40",enc_main},
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2",enc_main},
#endif
#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf",enc_main},
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast",enc_main},
#endif
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-cfb",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
#endif
#ifndef OPENSSL_NO_DES
{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
#endif
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
#endif
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
#endif
#ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER,"seed-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER,"seed-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER,"seed-cfb",enc_main},
#endif
#ifndef OPENSSL_NO_SEED
{FUNC_TYPE_CIPHER,"seed-ofb",enc_main},
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
#endif
#ifndef OPENSSL_NO_BF
{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
#endif
#ifndef OPENSSL_NO_CAST
{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
#endif
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
#endif
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
#endif
#ifndef OPENSSL_NO_RC5
{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
#endif
{0,NULL,NULL}
};

102
jni/openssl/apps/progs.pl Normal file
View File

@ -0,0 +1,102 @@
#!/usr/local/bin/perl
print "/* apps/progs.h */\n";
print "/* automatically generated by progs.pl for openssl.c */\n\n";
grep(s/^asn1pars$/asn1parse/,@ARGV);
foreach (@ARGV)
{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
print <<'EOF';
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
#define FUNC_TYPE_CIPHER 3
#define FUNC_TYPE_PKEY 4
#define FUNC_TYPE_MD_ALG 5
#define FUNC_TYPE_CIPHER_ALG 6
typedef struct {
int type;
const char *name;
int (*func)(int argc,char *argv[]);
} FUNCTION;
DECLARE_LHASH_OF(FUNCTION);
FUNCTION functions[] = {
EOF
foreach (@ARGV)
{
push(@files,$_);
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; }
elsif ( ($_ =~ /^speed$/))
{ print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
elsif ( ($_ =~ /^engine$/))
{ print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; }
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))
{ print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}
elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
elsif ( ($_ =~ /^pkcs12$/))
{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
elsif ( ($_ =~ /^cms$/))
{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
elsif ( ($_ =~ /^ocsp$/))
{ print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; }
else
{ print $str; }
}
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
{
push(@files,$_);
printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
}
foreach (
"aes-128-cbc", "aes-128-ecb",
"aes-192-cbc", "aes-192-ecb",
"aes-256-cbc", "aes-256-ecb",
"camellia-128-cbc", "camellia-128-ecb",
"camellia-192-cbc", "camellia-192-ecb",
"camellia-256-cbc", "camellia-256-ecb",
"base64", "zlib",
"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
"rc2", "bf", "cast", "rc5",
"des-ecb", "des-ede", "des-ede3",
"des-cbc", "des-ede-cbc","des-ede3-cbc",
"des-cfb", "des-ede-cfb","des-ede3-cfb",
"des-ofb", "des-ede-ofb","des-ede3-ofb",
"idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
"seed-cbc","seed-ecb", "seed-cfb", "seed-ofb",
"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb")
{
push(@files,$_);
$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; }
elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
elsif ($_ =~ /rc5/) { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
elsif ($_ =~ /zlib/) { $t="#ifdef ZLIB\n${t}#endif\n"; }
print $t;
}
print "\t{0,NULL,NULL}\n\t};\n";

245
jni/openssl/apps/rand.c Normal file
View File

@ -0,0 +1,245 @@
/* apps/rand.c */
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "apps.h"
#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#undef PROG
#define PROG rand_main
/* -out file - write to file
* -rand file:file - PRNG seed files
* -base64 - base64 encode output
* -hex - hex encode output
* num - write 'num' bytes
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
char *inrand = NULL;
int base64 = 0;
int hex = 0;
BIO *out = NULL;
int num = -1;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto err;
badopt = 0;
i = 0;
while (!badopt && argv[++i] != NULL)
{
if (strcmp(argv[i], "-out") == 0)
{
if ((argv[i+1] != NULL) && (outfile == NULL))
outfile = argv[++i];
else
badopt = 1;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(argv[i], "-engine") == 0)
{
if ((argv[i+1] != NULL) && (engine == NULL))
engine = argv[++i];
else
badopt = 1;
}
#endif
else if (strcmp(argv[i], "-rand") == 0)
{
if ((argv[i+1] != NULL) && (inrand == NULL))
inrand = argv[++i];
else
badopt = 1;
}
else if (strcmp(argv[i], "-base64") == 0)
{
if (!base64)
base64 = 1;
else
badopt = 1;
}
else if (strcmp(argv[i], "-hex") == 0)
{
if (!hex)
hex = 1;
else
badopt = 1;
}
else if (isdigit((unsigned char)argv[i][0]))
{
if (num < 0)
{
r = sscanf(argv[i], "%d", &num);
if (r == 0 || num < 0)
badopt = 1;
}
else
badopt = 1;
}
else
badopt = 1;
}
if (hex && base64)
badopt = 1;
if (num < 0)
badopt = 1;
if (badopt)
{
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - base64 encode output\n");
BIO_printf(bio_err, "-hex - hex encode output\n");
goto err;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
out = BIO_new(BIO_s_file());
if (out == NULL)
goto err;
if (outfile != NULL)
r = BIO_write_filename(out, outfile);
else
{
r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (r <= 0)
goto err;
if (base64)
{
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL)
goto err;
out = BIO_push(b64, out);
}
while (num > 0)
{
unsigned char buf[4096];
int chunk;
chunk = num;
if (chunk > (int)sizeof(buf))
chunk = sizeof buf;
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto err;
if (!hex)
BIO_write(out, buf, chunk);
else
{
for (i = 0; i < chunk; i++)
BIO_printf(out, "%02x", buf[i]);
}
num -= chunk;
}
if (hex)
BIO_puts(out, "\n");
(void)BIO_flush(out);
app_RAND_write_file(NULL, bio_err);
ret = 0;
err:
ERR_print_errors(bio_err);
if (out)
BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
}

1758
jni/openssl/apps/req.c Normal file

File diff suppressed because it is too large Load Diff

11
jni/openssl/apps/req.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
-----END CERTIFICATE REQUEST-----

450
jni/openssl/apps/rsa.c Normal file
View File

@ -0,0 +1,450 @@
/* apps/rsa.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
#undef PROG
#define PROG rsa_main
/* -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -des - encrypt output if PEM format with DES in cbc mode
* -des3 - encrypt output if PEM format
* -idea - encrypt output if PEM format
* -seed - encrypt output if PEM format
* -aes128 - encrypt output if PEM format
* -aes192 - encrypt output if PEM format
* -aes256 - encrypt output if PEM format
* -camellia128 - encrypt output if PEM format
* -camellia192 - encrypt output if PEM format
* -camellia256 - encrypt output if PEM format
* -text - print a text version
* -modulus - print the RSA key modulus
* -check - verify key consistency
* -pubin - Expect a public key in input file.
* -pubout - Output a public key.
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
RSA *rsa=NULL;
int i,badops=0, sgckey=0;
const EVP_CIPHER *enc=NULL;
BIO *out=NULL;
int informat,outformat,text=0,check=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
int modulus=0;
int pvk_encr = 2;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-sgckey") == 0)
sgckey=1;
else if (strcmp(*argv,"-pubin") == 0)
pubin=1;
else if (strcmp(*argv,"-pubout") == 0)
pubout=1;
else if (strcmp(*argv,"-RSAPublicKey_in") == 0)
pubin = 2;
else if (strcmp(*argv,"-RSAPublicKey_out") == 0)
pubout = 2;
else if (strcmp(*argv,"-pvk-strong") == 0)
pvk_encr=2;
else if (strcmp(*argv,"-pvk-weak") == 0)
pvk_encr=1;
else if (strcmp(*argv,"-pvk-none") == 0)
pvk_encr=0;
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-modulus") == 0)
modulus=1;
else if (strcmp(*argv,"-check") == 0)
check=1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -sgckey Use IIS SGC key format\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
#ifndef OPENSSL_NO_SEED
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
#endif
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the RSA key modulus\n");
BIO_printf(bio_err," -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n");
BIO_printf(bio_err," -pubout output a public key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if(check && pubin) {
BIO_printf(bio_err, "Only private keys can be checked\n");
goto end;
}
out=BIO_new(BIO_s_file());
{
EVP_PKEY *pkey;
if (pubin)
{
int tmpformat=-1;
if (pubin == 2)
{
if (informat == FORMAT_PEM)
tmpformat = FORMAT_PEMRSA;
else if (informat == FORMAT_ASN1)
tmpformat = FORMAT_ASN1RSA;
}
else if (informat == FORMAT_NETSCAPE && sgckey)
tmpformat = FORMAT_IISSGC;
else
tmpformat = informat;
pkey = load_pubkey(bio_err, infile, tmpformat, 1,
passin, e, "Public Key");
}
else
pkey = load_key(bio_err, infile,
(informat == FORMAT_NETSCAPE && sgckey ?
FORMAT_IISSGC : informat), 1,
passin, e, "Private Key");
if (pkey != NULL)
rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
}
if (rsa == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (text)
if (!RSA_print(out,rsa,0))
{
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (modulus)
{
BIO_printf(out,"Modulus=");
BN_print(out,rsa->n);
BIO_printf(out,"\n");
}
if (check)
{
int r = RSA_check_key(rsa);
if (r == 1)
BIO_printf(out,"RSA key ok\n");
else if (r == 0)
{
unsigned long err;
while ((err = ERR_peek_error()) != 0 &&
ERR_GET_LIB(err) == ERR_LIB_RSA &&
ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
{
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
ERR_get_error(); /* remove e from error stack */
}
}
if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
{
ERR_print_errors(bio_err);
goto end;
}
}
if (noout)
{
ret = 0;
goto end;
}
BIO_printf(bio_err,"writing RSA key\n");
if (outformat == FORMAT_ASN1) {
if(pubout || pubin)
{
if (pubout == 2)
i=i2d_RSAPublicKey_bio(out,rsa);
else
i=i2d_RSA_PUBKEY_bio(out,rsa);
}
else i=i2d_RSAPrivateKey_bio(out,rsa);
}
#ifndef OPENSSL_NO_RC4
else if (outformat == FORMAT_NETSCAPE)
{
unsigned char *p,*pp;
int size;
i=1;
size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto end;
}
pp=p;
i2d_RSA_NET(rsa,&p,NULL, sgckey);
BIO_write(out,(char *)pp,size);
OPENSSL_free(pp);
}
#endif
else if (outformat == FORMAT_PEM) {
if(pubout || pubin)
{
if (pubout == 2)
i=PEM_write_bio_RSAPublicKey(out,rsa);
else
i=PEM_write_bio_RSA_PUBKEY(out,rsa);
}
else i=PEM_write_bio_RSAPrivateKey(out,rsa,
enc,NULL,0,NULL,passout);
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
EVP_PKEY_set1_RSA(pk, rsa);
if (outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
else if (pubin || pubout)
i = i2b_PublicKey_bio(out, pk);
else
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
#endif
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (i <= 0)
{
BIO_printf(bio_err,"unable to write key\n");
ERR_print_errors(bio_err);
}
else
ret=0;
end:
if(out != NULL) BIO_free_all(out);
if(rsa != NULL) RSA_free(rsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else /* !OPENSSL_NO_RSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@ -0,0 +1,101 @@
-----BEGIN RSA PRIVATE KEY-----
MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
-----END RSA PRIVATE KEY-----

351
jni/openssl/apps/rsautl.c Normal file
View File

@ -0,0 +1,351 @@
/* rsautl.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA
#include "apps.h"
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#define RSA_SIGN 1
#define RSA_VERIFY 2
#define RSA_ENCRYPT 3
#define RSA_DECRYPT 4
#define KEY_PRIVKEY 1
#define KEY_PUBKEY 2
#define KEY_CERT 3
static void usage(void);
#undef PROG
#define PROG rsautl_main
int MAIN(int argc, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM;
char need_priv = 0, badarg = 0, rev = 0;
char hexdump = 0, asn1parse = 0;
X509 *x;
EVP_PKEY *pkey = NULL;
RSA *rsa = NULL;
unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
char *passargin = NULL, *passin = NULL;
int rsa_inlen, rsa_outlen = 0;
int keysize;
int ret = 1;
argc--;
argv++;
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
pad = RSA_PKCS1_PADDING;
while(argc >= 1)
{
if (!strcmp(*argv,"-in")) {
if (--argc < 1)
badarg = 1;
else
infile= *(++argv);
} else if (!strcmp(*argv,"-out")) {
if (--argc < 1)
badarg = 1;
else
outfile= *(++argv);
} else if(!strcmp(*argv, "-inkey")) {
if (--argc < 1)
badarg = 1;
else
keyfile = *(++argv);
} else if (!strcmp(*argv,"-passin")) {
if (--argc < 1)
badarg = 1;
else
passargin= *(++argv);
} else if (strcmp(*argv,"-keyform") == 0) {
if (--argc < 1)
badarg = 1;
else
keyform=str2fmt(*(++argv));
#ifndef OPENSSL_NO_ENGINE
} else if(!strcmp(*argv, "-engine")) {
if (--argc < 1)
badarg = 1;
else
engine = *(++argv);
#endif
} else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
} else if(!strcmp(*argv, "-certin")) {
key_type = KEY_CERT;
}
else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
else if(!strcmp(*argv, "-sign")) {
rsa_mode = RSA_SIGN;
need_priv = 1;
} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
else if(!strcmp(*argv, "-rev")) rev = 1;
else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
else if(!strcmp(*argv, "-decrypt")) {
rsa_mode = RSA_DECRYPT;
need_priv = 1;
} else badarg = 1;
if(badarg) {
usage();
goto end;
}
argc--;
argv++;
}
if(need_priv && (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
switch(key_type) {
case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0,
passin, e, "Private Key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform, 0,
NULL, e, "Public Key");
break;
case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform,
NULL, e, "Certificate");
if(x) {
pkey = X509_get_pubkey(x);
X509_free(x);
}
break;
}
if(!pkey) {
return 1;
}
rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
if(!rsa) {
BIO_printf(bio_err, "Error getting RSA key\n");
ERR_print_errors(bio_err);
goto end;
}
if(infile) {
if(!(in = BIO_new_file(infile, "rb"))) {
BIO_printf(bio_err, "Error Reading Input File\n");
ERR_print_errors(bio_err);
goto end;
}
} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
if(outfile) {
if(!(out = BIO_new_file(outfile, "wb"))) {
BIO_printf(bio_err, "Error Reading Output File\n");
ERR_print_errors(bio_err);
goto end;
}
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
keysize = RSA_size(rsa);
rsa_in = OPENSSL_malloc(keysize * 2);
rsa_out = OPENSSL_malloc(keysize);
/* Read the input data */
rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
if(rsa_inlen <= 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
if(rev) {
int i;
unsigned char ctmp;
for(i = 0; i < rsa_inlen/2; i++) {
ctmp = rsa_in[i];
rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
rsa_in[rsa_inlen - 1 - i] = ctmp;
}
}
switch(rsa_mode) {
case RSA_VERIFY:
rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_SIGN:
rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_ENCRYPT:
rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
case RSA_DECRYPT:
rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
break;
}
if(rsa_outlen <= 0) {
BIO_printf(bio_err, "RSA operation error\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
if(asn1parse) {
if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
ERR_print_errors(bio_err);
}
} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
else BIO_write(out, rsa_out, rsa_outlen);
end:
RSA_free(rsa);
BIO_free(in);
BIO_free_all(out);
if(rsa_in) OPENSSL_free(rsa_in);
if(rsa_out) OPENSSL_free(rsa_out);
if(passin) OPENSSL_free(passin);
return ret;
}
static void usage()
{
BIO_printf(bio_err, "Usage: rsautl [options]\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
BIO_printf(bio_err, "-pubin input is an RSA public\n");
BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
BIO_printf(bio_err, "-raw use no padding\n");
BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");
BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
BIO_printf(bio_err, "-sign sign with private key\n");
BIO_printf(bio_err, "-verify verify with public key\n");
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
BIO_printf (bio_err, "-passin arg pass phrase source\n");
#endif
}
#else /* !OPENSSL_NO_RSA */
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

View File

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
-----END CERTIFICATE REQUEST-----

View File

@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
-----END CERTIFICATE REQUEST-----

176
jni/openssl/apps/s_apps.h Normal file
View File

@ -0,0 +1,176 @@
/* apps/s_apps.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
#include <sys/types.h>
#endif
#include <openssl/opensslconf.h>
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#include <conio.h>
#endif
#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
#define _kbhit kbhit
#endif
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
/* VAX C does not defined fd_set and friends, but it's actually quite simple */
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
#define MAX_NOFILE 32
#define NBBY 8 /* number of bits in a byte */
#ifndef FD_SETSIZE
#define FD_SETSIZE MAX_NOFILE
#endif /* FD_SETSIZE */
/* How many things we'll allow select to use. 0 if unlimited */
#define MAXSELFD MAX_NOFILE
typedef int fd_mask; /* int here! VMS prototypes int, not long */
#define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask (power of 2!)*/
#define NFDSHIFT 5 /* Shift based on above */
typedef fd_mask fd_set;
#define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS)))
#define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS)))
#define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS)))
#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
#endif
#define PORT 4433
#define PORT_STR "4433"
#define PROTOCOL "tcp"
int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
#ifdef HEADER_SSL_H
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
int init_client(int *sock, char *server, int port, int type);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
#ifdef HEADER_SSL_H
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
unsigned char *data, int len,
void *arg);
#endif
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);

862
jni/openssl/apps/s_cb.c Normal file
View File

@ -0,0 +1,862 @@
/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#define USE_SOCKETS
#define NON_MAIN
#include "apps.h"
#undef NON_MAIN
#undef USE_SOCKETS
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include "s_apps.h"
#define COOKIE_SECRET_LENGTH 16
int verify_depth=0;
int verify_error=X509_V_OK;
int verify_return_error=0;
unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
int cookie_initialized=0;
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
{
X509 *err_cert;
int err,depth;
err_cert=X509_STORE_CTX_get_current_cert(ctx);
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);
BIO_printf(bio_err,"depth=%d ",depth);
if (err_cert)
{
X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
0, XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
}
else
BIO_puts(bio_err, "<no cert>\n");
if (!ok)
{
BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
X509_verify_cert_error_string(err));
if (verify_depth >= depth)
{
if (!verify_return_error)
ok=1;
verify_error=X509_V_OK;
}
else
{
ok=0;
verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
switch (err)
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
BIO_puts(bio_err,"issuer= ");
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
0, XN_FLAG_ONELINE);
BIO_puts(bio_err, "\n");
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err,"notBefore=");
ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err,"notAfter=");
ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(bio_err, ctx);
break;
}
if (err == X509_V_OK && ok == 2)
policies_print(bio_err, ctx);
BIO_printf(bio_err,"verify return:%d\n",ok);
return(ok);
}
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
{
if (cert_file != NULL)
{
/*
SSL *ssl;
X509 *x509;
*/
if (SSL_CTX_use_certificate_file(ctx,cert_file,
SSL_FILETYPE_PEM) <= 0)
{
BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
ERR_print_errors(bio_err);
return(0);
}
if (key_file == NULL) key_file=cert_file;
if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
SSL_FILETYPE_PEM) <= 0)
{
BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
ERR_print_errors(bio_err);
return(0);
}
/*
In theory this is no longer needed
ssl=SSL_new(ctx);
x509=SSL_get_certificate(ssl);
if (x509 != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x509);
EVP_PKEY_copy_parameters(pktmp,
SSL_get_privatekey(ssl));
EVP_PKEY_free(pktmp);
}
SSL_free(ssl);
*/
/* If we are using DSA, we can copy the parameters from
* the private key */
/* Now we know that a key and cert have been set against
* the SSL context */
if (!SSL_CTX_check_private_key(ctx))
{
BIO_printf(bio_err,"Private key does not match the certificate public key\n");
return(0);
}
}
return(1);
}
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
{
if (cert == NULL)
return 1;
if (SSL_CTX_use_certificate(ctx,cert) <= 0)
{
BIO_printf(bio_err,"error setting certificate\n");
ERR_print_errors(bio_err);
return 0;
}
if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
{
BIO_printf(bio_err,"error setting private key\n");
ERR_print_errors(bio_err);
return 0;
}
/* Now we know that a key and cert have been set against
* the SSL context */
if (!SSL_CTX_check_private_key(ctx))
{
BIO_printf(bio_err,"Private key does not match the certificate public key\n");
return 0;
}
return 1;
}
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret)
{
BIO *out;
out=(BIO *)BIO_get_callback_arg(bio);
if (out == NULL) return(ret);
if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
{
BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
(void *)bio,argp,(unsigned long)argi,ret,ret);
BIO_dump(out,argp,(int)ret);
return(ret);
}
else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
{
BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
(void *)bio,argp,(unsigned long)argi,ret,ret);
BIO_dump(out,argp,(int)ret);
}
return(ret);
}
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
{
const char *str;
int w;
w=where& ~SSL_ST_MASK;
if (w & SSL_ST_CONNECT) str="SSL_connect";
else if (w & SSL_ST_ACCEPT) str="SSL_accept";
else str="undefined";
if (where & SSL_CB_LOOP)
{
BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
}
else if (where & SSL_CB_ALERT)
{
str=(where & SSL_CB_READ)?"read":"write";
BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
str,
SSL_alert_type_string_long(ret),
SSL_alert_desc_string_long(ret));
}
else if (where & SSL_CB_EXIT)
{
if (ret == 0)
BIO_printf(bio_err,"%s:failed in %s\n",
str,SSL_state_string_long(s));
else if (ret < 0)
{
BIO_printf(bio_err,"%s:error in %s\n",
str,SSL_state_string_long(s));
}
}
}
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
{
BIO *bio = arg;
const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
str_write_p = write_p ? ">>>" : "<<<";
switch (version)
{
case SSL2_VERSION:
str_version = "SSL 2.0";
break;
case SSL3_VERSION:
str_version = "SSL 3.0 ";
break;
case TLS1_VERSION:
str_version = "TLS 1.0 ";
break;
case DTLS1_VERSION:
str_version = "DTLS 1.0 ";
break;
case DTLS1_BAD_VER:
str_version = "DTLS 1.0 (bad) ";
break;
default:
str_version = "???";
}
if (version == SSL2_VERSION)
{
str_details1 = "???";
if (len > 0)
{
switch (((const unsigned char*)buf)[0])
{
case 0:
str_details1 = ", ERROR:";
str_details2 = " ???";
if (len >= 3)
{
unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
switch (err)
{
case 0x0001:
str_details2 = " NO-CIPHER-ERROR";
break;
case 0x0002:
str_details2 = " NO-CERTIFICATE-ERROR";
break;
case 0x0004:
str_details2 = " BAD-CERTIFICATE-ERROR";
break;
case 0x0006:
str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
break;
}
}
break;
case 1:
str_details1 = ", CLIENT-HELLO";
break;
case 2:
str_details1 = ", CLIENT-MASTER-KEY";
break;
case 3:
str_details1 = ", CLIENT-FINISHED";
break;
case 4:
str_details1 = ", SERVER-HELLO";
break;
case 5:
str_details1 = ", SERVER-VERIFY";
break;
case 6:
str_details1 = ", SERVER-FINISHED";
break;
case 7:
str_details1 = ", REQUEST-CERTIFICATE";
break;
case 8:
str_details1 = ", CLIENT-CERTIFICATE";
break;
}
}
}
if (version == SSL3_VERSION ||
version == TLS1_VERSION ||
version == DTLS1_VERSION ||
version == DTLS1_BAD_VER)
{
switch (content_type)
{
case 20:
str_content_type = "ChangeCipherSpec";
break;
case 21:
str_content_type = "Alert";
break;
case 22:
str_content_type = "Handshake";
break;
}
if (content_type == 21) /* Alert */
{
str_details1 = ", ???";
if (len == 2)
{
switch (((const unsigned char*)buf)[0])
{
case 1:
str_details1 = ", warning";
break;
case 2:
str_details1 = ", fatal";
break;
}
str_details2 = " ???";
switch (((const unsigned char*)buf)[1])
{
case 0:
str_details2 = " close_notify";
break;
case 10:
str_details2 = " unexpected_message";
break;
case 20:
str_details2 = " bad_record_mac";
break;
case 21:
str_details2 = " decryption_failed";
break;
case 22:
str_details2 = " record_overflow";
break;
case 30:
str_details2 = " decompression_failure";
break;
case 40:
str_details2 = " handshake_failure";
break;
case 42:
str_details2 = " bad_certificate";
break;
case 43:
str_details2 = " unsupported_certificate";
break;
case 44:
str_details2 = " certificate_revoked";
break;
case 45:
str_details2 = " certificate_expired";
break;
case 46:
str_details2 = " certificate_unknown";
break;
case 47:
str_details2 = " illegal_parameter";
break;
case 48:
str_details2 = " unknown_ca";
break;
case 49:
str_details2 = " access_denied";
break;
case 50:
str_details2 = " decode_error";
break;
case 51:
str_details2 = " decrypt_error";
break;
case 60:
str_details2 = " export_restriction";
break;
case 70:
str_details2 = " protocol_version";
break;
case 71:
str_details2 = " insufficient_security";
break;
case 80:
str_details2 = " internal_error";
break;
case 90:
str_details2 = " user_canceled";
break;
case 100:
str_details2 = " no_renegotiation";
break;
case 110:
str_details2 = " unsupported_extension";
break;
case 111:
str_details2 = " certificate_unobtainable";
break;
case 112:
str_details2 = " unrecognized_name";
break;
case 113:
str_details2 = " bad_certificate_status_response";
break;
case 114:
str_details2 = " bad_certificate_hash_value";
break;
}
}
}
if (content_type == 22) /* Handshake */
{
str_details1 = "???";
if (len > 0)
{
switch (((const unsigned char*)buf)[0])
{
case 0:
str_details1 = ", HelloRequest";
break;
case 1:
str_details1 = ", ClientHello";
break;
case 2:
str_details1 = ", ServerHello";
break;
case 3:
str_details1 = ", HelloVerifyRequest";
break;
case 11:
str_details1 = ", Certificate";
break;
case 12:
str_details1 = ", ServerKeyExchange";
break;
case 13:
str_details1 = ", CertificateRequest";
break;
case 14:
str_details1 = ", ServerHelloDone";
break;
case 15:
str_details1 = ", CertificateVerify";
break;
case 16:
str_details1 = ", ClientKeyExchange";
break;
case 20:
str_details1 = ", Finished";
break;
}
}
}
}
BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
if (len > 0)
{
size_t num, i;
BIO_printf(bio, " ");
num = len;
#if 0
if (num > 16)
num = 16;
#endif
for (i = 0; i < num; i++)
{
if (i % 16 == 0 && i > 0)
BIO_printf(bio, "\n ");
BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
}
if (i < len)
BIO_printf(bio, " ...");
BIO_printf(bio, "\n");
}
(void)BIO_flush(bio);
}
void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
unsigned char *data, int len,
void *arg)
{
BIO *bio = arg;
char *extname;
switch(type)
{
case TLSEXT_TYPE_server_name:
extname = "server name";
break;
case TLSEXT_TYPE_max_fragment_length:
extname = "max fragment length";
break;
case TLSEXT_TYPE_client_certificate_url:
extname = "client certificate URL";
break;
case TLSEXT_TYPE_trusted_ca_keys:
extname = "trusted CA keys";
break;
case TLSEXT_TYPE_truncated_hmac:
extname = "truncated HMAC";
break;
case TLSEXT_TYPE_status_request:
extname = "status request";
break;
case TLSEXT_TYPE_elliptic_curves:
extname = "elliptic curves";
break;
case TLSEXT_TYPE_ec_point_formats:
extname = "EC point formats";
break;
case TLSEXT_TYPE_session_ticket:
extname = "server ticket";
break;
case TLSEXT_TYPE_renegotiate:
extname = "renegotiate";
break;
#ifdef TLSEXT_TYPE_opaque_prf_input
case TLSEXT_TYPE_opaque_prf_input:
extname = "opaque PRF input";
break;
#endif
default:
extname = "unknown";
break;
}
BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
client_server ? "server": "client",
extname, type, len);
BIO_dump(bio, (char *)data, len);
(void)BIO_flush(bio);
}
int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
{
unsigned char *buffer, result[EVP_MAX_MD_SIZE];
unsigned int length, resultlength;
union {
struct sockaddr sa;
struct sockaddr_in s4;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 s6;
#endif
} peer;
/* Initialize a random secret */
if (!cookie_initialized)
{
if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
{
BIO_printf(bio_err,"error setting random cookie secret\n");
return 0;
}
cookie_initialized = 1;
}
/* Read peer information */
(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
/* Create buffer with peer's address and port */
length = 0;
switch (peer.sa.sa_family)
{
case AF_INET:
length += sizeof(struct in_addr);
length += sizeof(peer.s4.sin_port);
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
length += sizeof(struct in6_addr);
length += sizeof(peer.s6.sin6_port);
break;
#endif
default:
OPENSSL_assert(0);
break;
}
buffer = OPENSSL_malloc(length);
if (buffer == NULL)
{
BIO_printf(bio_err,"out of memory\n");
return 0;
}
switch (peer.sa.sa_family)
{
case AF_INET:
memcpy(buffer,
&peer.s4.sin_port,
sizeof(peer.s4.sin_port));
memcpy(buffer + sizeof(peer.s4.sin_port),
&peer.s4.sin_addr,
sizeof(struct in_addr));
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
memcpy(buffer,
&peer.s6.sin6_port,
sizeof(peer.s6.sin6_port));
memcpy(buffer + sizeof(peer.s6.sin6_port),
&peer.s6.sin6_addr,
sizeof(struct in6_addr));
break;
#endif
default:
OPENSSL_assert(0);
break;
}
/* Calculate HMAC of buffer using the secret */
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
buffer, length, result, &resultlength);
OPENSSL_free(buffer);
memcpy(cookie, result, resultlength);
*cookie_len = resultlength;
return 1;
}
int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
{
unsigned char *buffer, result[EVP_MAX_MD_SIZE];
unsigned int length, resultlength;
union {
struct sockaddr sa;
struct sockaddr_in s4;
#if OPENSSL_USE_IPV6
struct sockaddr_in6 s6;
#endif
} peer;
/* If secret isn't initialized yet, the cookie can't be valid */
if (!cookie_initialized)
return 0;
/* Read peer information */
(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
/* Create buffer with peer's address and port */
length = 0;
switch (peer.sa.sa_family)
{
case AF_INET:
length += sizeof(struct in_addr);
length += sizeof(peer.s4.sin_port);
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
length += sizeof(struct in6_addr);
length += sizeof(peer.s6.sin6_port);
break;
#endif
default:
OPENSSL_assert(0);
break;
}
buffer = OPENSSL_malloc(length);
if (buffer == NULL)
{
BIO_printf(bio_err,"out of memory\n");
return 0;
}
switch (peer.sa.sa_family)
{
case AF_INET:
memcpy(buffer,
&peer.s4.sin_port,
sizeof(peer.s4.sin_port));
memcpy(buffer + sizeof(peer.s4.sin_port),
&peer.s4.sin_addr,
sizeof(struct in_addr));
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
memcpy(buffer,
&peer.s6.sin6_port,
sizeof(peer.s6.sin6_port));
memcpy(buffer + sizeof(peer.s6.sin6_port),
&peer.s6.sin6_addr,
sizeof(struct in6_addr));
break;
#endif
default:
OPENSSL_assert(0);
break;
}
/* Calculate HMAC of buffer using the secret */
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
buffer, length, result, &resultlength);
OPENSSL_free(buffer);
if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
return 1;
return 0;
}

1873
jni/openssl/apps/s_client.c Normal file

File diff suppressed because it is too large Load Diff

2752
jni/openssl/apps/s_server.c Normal file

File diff suppressed because it is too large Load Diff

620
jni/openssl/apps/s_socket.c Normal file
View File

@ -0,0 +1,620 @@
/* apps/s_socket.c - socket-related functions used by s_client and s_server */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <signal.h>
#ifdef FLAT_INC
#include "e_os2.h"
#else
#include "../e_os2.h"
#endif
/* With IPv6, it looks like Digital has mixed up the proper order of
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
is needed to have fileno() declared correctly... So let's define u_int */
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
#define __U_INT
typedef unsigned int u_int;
#endif
#define USE_SOCKETS
#define NON_MAIN
#include "apps.h"
#undef USE_SOCKETS
#undef NON_MAIN
#include "s_apps.h"
#include <openssl/ssl.h>
#ifdef FLAT_INC
#include "e_os.h"
#else
#include "../e_os.h"
#endif
#ifndef OPENSSL_NO_SOCK
#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
#include "netdb.h"
#endif
static struct hostent *GetHostByName(char *name);
#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
static void ssl_sock_cleanup(void);
#endif
static int ssl_sock_init(void);
static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port,char *ip, int type);
static int do_accept(int acc_sock, int *sock, char **host);
static int host_ip(char *str, unsigned char ip[4]);
#ifdef OPENSSL_SYS_WIN16
#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
#else
#define SOCKET_PROTOCOL IPPROTO_TCP
#endif
#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
static int wsa_init_done=0;
#endif
#ifdef OPENSSL_SYS_WINDOWS
static struct WSAData wsa_state;
static int wsa_init_done=0;
#ifdef OPENSSL_SYS_WIN16
static HWND topWnd=0;
static FARPROC lpTopWndProc=NULL;
static FARPROC lpTopHookProc=NULL;
extern HINSTANCE _hInstance; /* nice global CRT provides */
static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
LPARAM lParam)
{
if (hwnd == topWnd)
{
switch(message)
{
case WM_DESTROY:
case WM_CLOSE:
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
ssl_sock_cleanup();
break;
}
}
return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);
}
static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
{
topWnd=hwnd;
return(FALSE);
}
#endif /* OPENSSL_SYS_WIN32 */
#endif /* OPENSSL_SYS_WINDOWS */
#ifdef OPENSSL_SYS_WINDOWS
static void ssl_sock_cleanup(void)
{
if (wsa_init_done)
{
wsa_init_done=0;
#ifndef OPENSSL_SYS_WINCE
WSACancelBlockingCall();
#endif
WSACleanup();
}
}
#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
static void sock_cleanup(void)
{
if (wsa_init_done)
{
wsa_init_done=0;
WSACleanup();
}
}
#endif
static int ssl_sock_init(void)
{
#ifdef WATT32
extern int _watt_do_exit;
_watt_do_exit = 0;
if (sock_init())
return (0);
#elif defined(OPENSSL_SYS_WINDOWS)
if (!wsa_init_done)
{
int err;
#ifdef SIGINT
signal(SIGINT,(void (*)(int))ssl_sock_cleanup);
#endif
wsa_init_done=1;
memset(&wsa_state,0,sizeof(wsa_state));
if (WSAStartup(0x0101,&wsa_state)!=0)
{
err=WSAGetLastError();
BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
return(0);
}
#ifdef OPENSSL_SYS_WIN16
EnumTaskWindows(GetCurrentTask(),enumproc,0L);
lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
#endif /* OPENSSL_SYS_WIN16 */
}
#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
WORD wVerReq;
WSADATA wsaData;
int err;
if (!wsa_init_done)
{
# ifdef SIGINT
signal(SIGINT,(void (*)(int))sock_cleanup);
# endif
wsa_init_done=1;
wVerReq = MAKEWORD( 2, 0 );
err = WSAStartup(wVerReq,&wsaData);
if (err != 0)
{
BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);
return(0);
}
}
#endif /* OPENSSL_SYS_WINDOWS */
return(1);
}
int init_client(int *sock, char *host, int port, int type)
{
unsigned char ip[4];
if (!host_ip(host,&(ip[0])))
{
return(0);
}
return(init_client_ip(sock,ip,port,type));
}
static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
{
unsigned long addr;
struct sockaddr_in them;
int s,i;
if (!ssl_sock_init()) return(0);
memset((char *)&them,0,sizeof(them));
them.sin_family=AF_INET;
them.sin_port=htons((unsigned short)port);
addr=(unsigned long)
((unsigned long)ip[0]<<24L)|
((unsigned long)ip[1]<<16L)|
((unsigned long)ip[2]<< 8L)|
((unsigned long)ip[3]);
them.sin_addr.s_addr=htonl(addr);
if (type == SOCK_STREAM)
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
else /* ( type == SOCK_DGRAM) */
s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
if (s == INVALID_SOCKET) { perror("socket"); return(0); }
#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
if (type == SOCK_STREAM)
{
i=0;
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0) { perror("keepalive"); return(0); }
}
#endif
if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
{ closesocket(s); perror("connect"); return(0); }
*sock=s;
return(1);
}
int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
{
int sock;
char *name = NULL;
int accept_socket = 0;
int i;
if (!init_server(&accept_socket,port,type)) return(0);
if (ret != NULL)
{
*ret=accept_socket;
/* return(1);*/
}
for (;;)
{
if (type==SOCK_STREAM)
{
if (do_accept(accept_socket,&sock,&name) == 0)
{
SHUTDOWN(accept_socket);
return(0);
}
}
else
sock = accept_socket;
i=(*cb)(name,sock, context);
if (name != NULL) OPENSSL_free(name);
if (type==SOCK_STREAM)
SHUTDOWN2(sock);
if (i < 0)
{
SHUTDOWN2(accept_socket);
return(i);
}
}
}
static int init_server_long(int *sock, int port, char *ip, int type)
{
int ret=0;
struct sockaddr_in server;
int s= -1;
if (!ssl_sock_init()) return(0);
memset((char *)&server,0,sizeof(server));
server.sin_family=AF_INET;
server.sin_port=htons((unsigned short)port);
if (ip == NULL)
server.sin_addr.s_addr=INADDR_ANY;
else
/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
#ifndef BIT_FIELD_LIMITS
memcpy(&server.sin_addr.s_addr,ip,4);
#else
memcpy(&server.sin_addr,ip,4);
#endif
if (type == SOCK_STREAM)
s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
else /* type == SOCK_DGRAM */
s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
if (s == INVALID_SOCKET) goto err;
#if defined SOL_SOCKET && defined SO_REUSEADDR
{
int j = 1;
setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
(void *) &j, sizeof j);
}
#endif
if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
{
#ifndef OPENSSL_SYS_WINDOWS
perror("bind");
#endif
goto err;
}
/* Make it 128 for linux */
if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
*sock=s;
ret=1;
err:
if ((ret == 0) && (s != -1))
{
SHUTDOWN(s);
}
return(ret);
}
static int init_server(int *sock, int port, int type)
{
return(init_server_long(sock, port, NULL, type));
}
static int do_accept(int acc_sock, int *sock, char **host)
{
int ret;
struct hostent *h1,*h2;
static struct sockaddr_in from;
int len;
/* struct linger ling; */
if (!ssl_sock_init()) return(0);
#ifndef OPENSSL_SYS_WINDOWS
redoit:
#endif
memset((char *)&from,0,sizeof(from));
len=sizeof(from);
/* Note: under VMS with SOCKETSHR the fourth parameter is currently
* of type (int *) whereas under other systems it is (void *) if
* you don't have a cast it will choke the compiler: if you do
* have a cast then you can either go for (int *) or (void *).
*/
ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
if (ret == INVALID_SOCKET)
{
#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
int i;
i=WSAGetLastError();
BIO_printf(bio_err,"accept error %d\n",i);
#else
if (errno == EINTR)
{
/*check_timeout(); */
goto redoit;
}
fprintf(stderr,"errno=%d ",errno);
perror("accept");
#endif
return(0);
}
/*
ling.l_onoff=1;
ling.l_linger=0;
i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
if (i < 0) { perror("linger"); return(0); }
i=0;
i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
if (i < 0) { perror("keepalive"); return(0); }
*/
if (host == NULL) goto end;
#ifndef BIT_FIELD_LIMITS
/* I should use WSAAsyncGetHostByName() under windows */
h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
sizeof(from.sin_addr.s_addr),AF_INET);
#else
h1=gethostbyaddr((char *)&from.sin_addr,
sizeof(struct in_addr),AF_INET);
#endif
if (h1 == NULL)
{
BIO_printf(bio_err,"bad gethostbyaddr\n");
*host=NULL;
/* return(0); */
}
else
{
if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
{
perror("OPENSSL_malloc");
return(0);
}
BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
h2=GetHostByName(*host);
if (h2 == NULL)
{
BIO_printf(bio_err,"gethostbyname failure\n");
return(0);
}
if (h2->h_addrtype != AF_INET)
{
BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
return(0);
}
}
end:
*sock=ret;
return(1);
}
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
short *port_ptr)
{
char *h,*p;
h=str;
p=strchr(str,':');
if (p == NULL)
{
BIO_printf(bio_err,"no port defined\n");
return(0);
}
*(p++)='\0';
if ((ip != NULL) && !host_ip(str,ip))
goto err;
if (host_ptr != NULL) *host_ptr=h;
if (!extract_port(p,port_ptr))
goto err;
return(1);
err:
return(0);
}
static int host_ip(char *str, unsigned char ip[4])
{
unsigned int in[4];
int i;
if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
{
for (i=0; i<4; i++)
if (in[i] > 255)
{
BIO_printf(bio_err,"invalid IP address\n");
goto err;
}
ip[0]=in[0];
ip[1]=in[1];
ip[2]=in[2];
ip[3]=in[3];
}
else
{ /* do a gethostbyname */
struct hostent *he;
if (!ssl_sock_init()) return(0);
he=GetHostByName(str);
if (he == NULL)
{
BIO_printf(bio_err,"gethostbyname failure\n");
goto err;
}
/* cast to short because of win16 winsock definition */
if ((short)he->h_addrtype != AF_INET)
{
BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
return(0);
}
ip[0]=he->h_addr_list[0][0];
ip[1]=he->h_addr_list[0][1];
ip[2]=he->h_addr_list[0][2];
ip[3]=he->h_addr_list[0][3];
}
return(1);
err:
return(0);
}
int extract_port(char *str, short *port_ptr)
{
int i;
struct servent *s;
i=atoi(str);
if (i != 0)
*port_ptr=(unsigned short)i;
else
{
s=getservbyname(str,"tcp");
if (s == NULL)
{
BIO_printf(bio_err,"getservbyname failure for %s\n",str);
return(0);
}
*port_ptr=ntohs((unsigned short)s->s_port);
}
return(1);
}
#define GHBN_NUM 4
static struct ghbn_cache_st
{
char name[128];
struct hostent ent;
unsigned long order;
} ghbn_cache[GHBN_NUM];
static unsigned long ghbn_hits=0L;
static unsigned long ghbn_miss=0L;
static struct hostent *GetHostByName(char *name)
{
struct hostent *ret;
int i,lowi=0;
unsigned long low= (unsigned long)-1;
for (i=0; i<GHBN_NUM; i++)
{
if (low > ghbn_cache[i].order)
{
low=ghbn_cache[i].order;
lowi=i;
}
if (ghbn_cache[i].order > 0)
{
if (strncmp(name,ghbn_cache[i].name,128) == 0)
break;
}
}
if (i == GHBN_NUM) /* no hit*/
{
ghbn_miss++;
ret=gethostbyname(name);
if (ret == NULL) return(NULL);
/* else add to cache */
if(strlen(name) < sizeof ghbn_cache[0].name)
{
strcpy(ghbn_cache[lowi].name,name);
memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
}
return(ret);
}
else
{
ghbn_hits++;
ret= &(ghbn_cache[i].ent);
ghbn_cache[i].order=ghbn_miss+ghbn_hits;
return(ret);
}
}
#endif

632
jni/openssl/apps/s_time.c Normal file
View File

@ -0,0 +1,632 @@
/* apps/s_time.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#define NO_SHUTDOWN
/*-----------------------------------------
s_time - SSL client connection timer program
Written and donated by Larry Streepy <streepy@healthcare.com>
-----------------------------------------*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define USE_SOCKETS
#include "apps.h"
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/pem.h>
#include "s_apps.h"
#include <openssl/err.h>
#ifdef WIN32_STUFF
#include "winmain.h"
#include "wintext.h"
#endif
#if !defined(OPENSSL_SYS_MSDOS)
#include OPENSSL_UNISTD
#endif
#undef PROG
#define PROG s_time_main
#undef ioctl
#define ioctl ioctlsocket
#define SSL_CONNECT_NAME "localhost:4433"
/*#define TEST_CERT "client.pem" */ /* no default cert. */
#undef BUFSIZZ
#define BUFSIZZ 1024*10
#define MYBUFSIZ 1024*8
#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
#define max(a,b) (((a) > (b)) ? (a) : (b))
#undef SECONDS
#define SECONDS 30
extern int verify_depth;
extern int verify_error;
static void s_time_usage(void);
static int parseArgs( int argc, char **argv );
static SSL *doConnection( SSL *scon );
static void s_time_init(void);
/***********************************************************************
* Static data declarations
*/
/* static char *port=PORT_STR;*/
static char *host=SSL_CONNECT_NAME;
static char *t_cert_file=NULL;
static char *t_key_file=NULL;
static char *CApath=NULL;
static char *CAfile=NULL;
static char *tm_cipher=NULL;
static int tm_verify = SSL_VERIFY_NONE;
static int maxTime = SECONDS;
static SSL_CTX *tm_ctx=NULL;
static const SSL_METHOD *s_time_meth=NULL;
static char *s_www_path=NULL;
static long bytes_read=0;
static int st_bugs=0;
static int perform=0;
#ifdef FIONBIO
static int t_nbio=0;
#endif
#ifdef OPENSSL_SYS_WIN32
static int exitNow = 0; /* Set when it's time to exit main */
#endif
static void s_time_init(void)
{
host=SSL_CONNECT_NAME;
t_cert_file=NULL;
t_key_file=NULL;
CApath=NULL;
CAfile=NULL;
tm_cipher=NULL;
tm_verify = SSL_VERIFY_NONE;
maxTime = SECONDS;
tm_ctx=NULL;
s_time_meth=NULL;
s_www_path=NULL;
bytes_read=0;
st_bugs=0;
perform=0;
#ifdef FIONBIO
t_nbio=0;
#endif
#ifdef OPENSSL_SYS_WIN32
exitNow = 0; /* Set when it's time to exit main */
#endif
}
/***********************************************************************
* usage - display usage message
*/
static void s_time_usage(void)
{
static char umsg[] = "\
-time arg - max number of seconds to collect data, default %d\n\
-verify arg - turn on peer certificate verification, arg == depth\n\
-cert arg - certificate file to use, PEM format assumed\n\
-key arg - RSA file to use, PEM format assumed, key is in cert file\n\
file if not specified by this option\n\
-CApath arg - PEM format directory of CA's\n\
-CAfile arg - PEM format file of CA's\n\
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
printf( "usage: s_time <args>\n\n" );
printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
#ifdef FIONBIO
printf("-nbio - Run with non-blocking IO\n");
printf("-ssl2 - Just use SSLv2\n");
printf("-ssl3 - Just use SSLv3\n");
printf("-bugs - Turn on SSL bug compatibility\n");
printf("-new - Just time new connections\n");
printf("-reuse - Just time connection reuse\n");
printf("-www page - Retrieve 'page' from the site\n");
#endif
printf( umsg,SECONDS );
}
/***********************************************************************
* parseArgs - Parse command line arguments and initialize data
*
* Returns 0 if ok, -1 on bad args
*/
static int parseArgs(int argc, char **argv)
{
int badop = 0;
verify_depth=0;
verify_error=X509_V_OK;
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv,"-connect") == 0)
{
if (--argc < 1) goto bad;
host= *(++argv);
}
#if 0
else if( strcmp(*argv,"-host") == 0)
{
if (--argc < 1) goto bad;
host= *(++argv);
}
else if( strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
port= *(++argv);
}
#endif
else if (strcmp(*argv,"-reuse") == 0)
perform=2;
else if (strcmp(*argv,"-new") == 0)
perform=1;
else if( strcmp(*argv,"-verify") == 0) {
tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
if (--argc < 1) goto bad;
verify_depth=atoi(*(++argv));
BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
} else if( strcmp(*argv,"-cert") == 0) {
if (--argc < 1) goto bad;
t_cert_file= *(++argv);
} else if( strcmp(*argv,"-key") == 0) {
if (--argc < 1) goto bad;
t_key_file= *(++argv);
} else if( strcmp(*argv,"-CApath") == 0) {
if (--argc < 1) goto bad;
CApath= *(++argv);
} else if( strcmp(*argv,"-CAfile") == 0) {
if (--argc < 1) goto bad;
CAfile= *(++argv);
} else if( strcmp(*argv,"-cipher") == 0) {
if (--argc < 1) goto bad;
tm_cipher= *(++argv);
}
#ifdef FIONBIO
else if(strcmp(*argv,"-nbio") == 0) {
t_nbio=1;
}
#endif
else if(strcmp(*argv,"-www") == 0)
{
if (--argc < 1) goto bad;
s_www_path= *(++argv);
if(strlen(s_www_path) > MYBUFSIZ-100)
{
BIO_printf(bio_err,"-www option too long\n");
badop=1;
}
}
else if(strcmp(*argv,"-bugs") == 0)
st_bugs=1;
#ifndef OPENSSL_NO_SSL2
else if(strcmp(*argv,"-ssl2") == 0)
s_time_meth=SSLv2_client_method();
#endif
#ifndef OPENSSL_NO_SSL3
else if(strcmp(*argv,"-ssl3") == 0)
s_time_meth=SSLv3_client_method();
#endif
else if( strcmp(*argv,"-time") == 0) {
if (--argc < 1) goto bad;
maxTime= atoi(*(++argv));
}
else {
BIO_printf(bio_err,"unknown option %s\n",*argv);
badop=1;
break;
}
argc--;
argv++;
}
if (perform == 0) perform=3;
if(badop) {
bad:
s_time_usage();
return -1;
}
return 0; /* Valid args */
}
/***********************************************************************
* TIME - time functions
*/
#define START 0
#define STOP 1
static double tm_Time_F(int s)
{
return app_tminterval(s,1);
}
/***********************************************************************
* MAIN - main processing area for client
* real name depends on MONOLITH
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
double totalTime = 0.0;
int nConn = 0;
SSL *scon=NULL;
long finishtime=0;
int ret=1,i;
MS_STATIC char buf[1024*8];
int ver;
apps_startup();
s_time_init();
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
s_time_meth=SSLv23_client_method();
#elif !defined(OPENSSL_NO_SSL3)
s_time_meth=SSLv3_client_method();
#elif !defined(OPENSSL_NO_SSL2)
s_time_meth=SSLv2_client_method();
#endif
/* parse the command line arguments */
if( parseArgs( argc, argv ) < 0 )
goto end;
OpenSSL_add_ssl_algorithms();
if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
SSL_CTX_set_quiet_shutdown(tm_ctx,1);
if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file))
goto end;
SSL_load_error_strings();
if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(tm_ctx)))
{
/* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
/* goto end; */
}
if (tm_cipher == NULL)
tm_cipher = getenv("SSL_CIPHER");
if (tm_cipher == NULL ) {
fprintf( stderr, "No CIPHER specified\n" );
}
if (!(perform & 1)) goto next;
printf( "Collecting connection statistics for %d seconds\n", maxTime );
/* Loop and time how long it takes to make connections */
bytes_read=0;
finishtime=(long)time(NULL)+maxTime;
tm_Time_F(START);
for (;;)
{
if (finishtime < (long)time(NULL)) break;
#ifdef WIN32_STUFF
if( flushWinMsgs(0) == -1 )
goto end;
if( waitingToDie || exitNow ) /* we're dead */
goto end;
#endif
if( (scon = doConnection( NULL )) == NULL )
goto end;
if (s_www_path != NULL)
{
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
bytes_read+=i;
}
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
SHUTDOWN2(SSL_get_fd(scon));
nConn += 1;
if (SSL_session_reused(scon))
ver='r';
else
{
ver=SSL_version(scon);
if (ver == TLS1_VERSION)
ver='t';
else if (ver == SSL3_VERSION)
ver='3';
else if (ver == SSL2_VERSION)
ver='2';
else
ver='*';
}
fputc(ver,stdout);
fflush(stdout);
SSL_free( scon );
scon=NULL;
}
totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
i=(int)((long)time(NULL)-finishtime+maxTime);
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
/* Now loop and time connections using the same session id over and over */
next:
if (!(perform & 2)) goto end;
printf( "\n\nNow timing with session id reuse.\n" );
/* Get an SSL object so we can reuse the session id */
if( (scon = doConnection( NULL )) == NULL )
{
fprintf( stderr, "Unable to get connection\n" );
goto end;
}
if (s_www_path != NULL)
{
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while (SSL_read(scon,buf,sizeof(buf)) > 0)
;
}
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
SHUTDOWN2(SSL_get_fd(scon));
nConn = 0;
totalTime = 0.0;
finishtime=(long)time(NULL)+maxTime;
printf( "starting\n" );
bytes_read=0;
tm_Time_F(START);
for (;;)
{
if (finishtime < (long)time(NULL)) break;
#ifdef WIN32_STUFF
if( flushWinMsgs(0) == -1 )
goto end;
if( waitingToDie || exitNow ) /* we're dead */
goto end;
#endif
if( (doConnection( scon )) == NULL )
goto end;
if (s_www_path)
{
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
bytes_read+=i;
}
#ifdef NO_SHUTDOWN
SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
#else
SSL_shutdown(scon);
#endif
SHUTDOWN2(SSL_get_fd(scon));
nConn += 1;
if (SSL_session_reused(scon))
ver='r';
else
{
ver=SSL_version(scon);
if (ver == TLS1_VERSION)
ver='t';
else if (ver == SSL3_VERSION)
ver='3';
else if (ver == SSL2_VERSION)
ver='2';
else
ver='*';
}
fputc(ver,stdout);
fflush(stdout);
}
totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
ret=0;
end:
if (scon != NULL) SSL_free(scon);
if (tm_ctx != NULL)
{
SSL_CTX_free(tm_ctx);
tm_ctx=NULL;
}
apps_shutdown();
OPENSSL_EXIT(ret);
}
/***********************************************************************
* doConnection - make a connection
* Args:
* scon = earlier ssl connection for session id, or NULL
* Returns:
* SSL * = the connection pointer.
*/
static SSL *doConnection(SSL *scon)
{
BIO *conn;
SSL *serverCon;
int width, i;
fd_set readfds;
if ((conn=BIO_new(BIO_s_connect())) == NULL)
return(NULL);
/* BIO_set_conn_port(conn,port);*/
BIO_set_conn_hostname(conn,host);
if (scon == NULL)
serverCon=SSL_new(tm_ctx);
else
{
serverCon=scon;
SSL_set_connect_state(serverCon);
}
SSL_set_bio(serverCon,conn,conn);
#if 0
if( scon != NULL )
SSL_set_session(serverCon,SSL_get_session(scon));
#endif
/* ok, lets connect */
for(;;) {
i=SSL_connect(serverCon);
if (BIO_sock_should_retry(i))
{
BIO_printf(bio_err,"DELAY\n");
i=SSL_get_fd(serverCon);
width=i+1;
FD_ZERO(&readfds);
openssl_fdset(i,&readfds);
/* Note: under VMS with SOCKETSHR the 2nd parameter
* is currently of type (int *) whereas under other
* systems it is (void *) if you don't have a cast it
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
select(width,(void *)&readfds,NULL,NULL,NULL);
continue;
}
break;
}
if(i <= 0)
{
BIO_printf(bio_err,"ERROR\n");
if (verify_error != X509_V_OK)
BIO_printf(bio_err,"verify error:%s\n",
X509_verify_cert_error_string(verify_error));
else
ERR_print_errors(bio_err);
if (scon == NULL)
SSL_free(serverCon);
return NULL;
}
return serverCon;
}

369
jni/openssl/apps/server.pem Normal file
View File

@ -0,0 +1,369 @@
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
-----BEGIN CERTIFICATE-----
MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
itAE+OjGF+PFKbwX8Q==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
-----END RSA PRIVATE KEY-----
subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
notBefore=950413210656Z
notAfter =970412210656Z
-----BEGIN X509 CERTIFICATE-----
MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
-----END X509 CERTIFICATE-----
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-----BEGIN CERTIFICATE-----
MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
-----END RSA PRIVATE KEY-----
-----BEGIN X509 CERTIFICATE-----
MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
-----END X509 CERTIFICATE-----
-----BEGIN X509 CERTIFICATE-----
MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
LC7obsrHD8XAHG+ZRG==
-----END X509 CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
S7ELuYGtmYgYm9NZOIr7yU0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
GJNMJ4L0AJ/ac+SmHZc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
-----END CERTIFICATE-----
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-----BEGIN CERTIFICATE-----
MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
-----END RSA PRIVATE KEY-----
subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
notBefore=941104185834Z
notAfter =991103185834Z
-----BEGIN X509 CERTIFICATE-----
MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
-----END X509 CERTIFICATE-----
subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
notBefore=941109235417Z
notAfter =991231235417Z
-----BEGIN X509 CERTIFICATE-----
MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
-----END X509 CERTIFICATE-----
subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
/OU=Certification Services Division/CN=Thawte Server CA
/Email=server-certs@thawte.com
issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
/OU=Certification Services Division/CN=Thawte Server CA
/Email=server-certs@thawte.com
-----BEGIN CERTIFICATE-----
MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
3VZdLbCVIhNoEsysrxCpxcI=
-----END CERTIFICATE-----
Tims test GCI CA
-----BEGIN CERTIFICATE-----
MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
-----END CERTIFICATE-----
subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
-----BEGIN CERTIFICATE-----
MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
-----END CERTIFICATE-----
subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-----BEGIN CERTIFICATE-----
MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
-----END CERTIFICATE-----
subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
-----BEGIN CERTIFICATE-----
MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
-----END CERTIFICATE-----

View File

@ -0,0 +1 @@
01

View File

@ -0,0 +1,376 @@
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)
-----BEGIN CERTIFICATE-----
MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5
MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl
cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm
RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa
6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf
JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB
gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6
dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
-----END RSA PRIVATE KEY-----
subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
notBefore=950413210656Z
notAfter =970412210656Z
-----BEGIN X509 CERTIFICATE-----
MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
-----END X509 CERTIFICATE-----
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-----BEGIN CERTIFICATE-----
MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
-----END RSA PRIVATE KEY-----
-----BEGIN X509 CERTIFICATE-----
MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
-----END X509 CERTIFICATE-----
-----BEGIN X509 CERTIFICATE-----
MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
LC7obsrHD8XAHG+ZRG==
-----END X509 CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
S7ELuYGtmYgYm9NZOIr7yU0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
GJNMJ4L0AJ/ac+SmHZc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
-----END CERTIFICATE-----
issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-----BEGIN CERTIFICATE-----
MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
-----END RSA PRIVATE KEY-----
subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
notBefore=941104185834Z
notAfter =991103185834Z
-----BEGIN X509 CERTIFICATE-----
MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
-----END X509 CERTIFICATE-----
subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
notBefore=941109235417Z
notAfter =991231235417Z
-----BEGIN X509 CERTIFICATE-----
MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
-----END X509 CERTIFICATE-----
subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
/OU=Certification Services Division/CN=Thawte Server CA
/Email=server-certs@thawte.com
issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
/OU=Certification Services Division/CN=Thawte Server CA
/Email=server-certs@thawte.com
-----BEGIN CERTIFICATE-----
MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
3VZdLbCVIhNoEsysrxCpxcI=
-----END CERTIFICATE-----
Tims test GCI CA
-----BEGIN CERTIFICATE-----
MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
-----END CERTIFICATE-----
subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
-----BEGIN CERTIFICATE-----
MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
-----END CERTIFICATE-----
subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-----BEGIN CERTIFICATE-----
MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
-----END CERTIFICATE-----
subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
-----BEGIN CERTIFICATE-----
MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
-----END CERTIFICATE-----

320
jni/openssl/apps/sess_id.c Normal file
View File

@ -0,0 +1,320 @@
/* apps/sess_id.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#undef PROG
#define PROG sess_id_main
static const char *sess_id_usage[]={
"usage: sess_id args\n",
"\n",
" -inform arg - input format - default PEM (DER or PEM)\n",
" -outform arg - output format - default PEM\n",
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -text - print ssl session id details\n",
" -cert - output certificate \n",
" -noout - no CRL output\n",
" -context arg - set the session ID context\n",
NULL
};
static SSL_SESSION *load_sess_id(char *file, int format);
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
SSL_SESSION *x=NULL;
int ret=1,i,num,badops=0;
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL,*context=NULL;
int cert=0,noout=0,text=0;
const char **pp;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
argc--;
argv++;
num=0;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-text") == 0)
text= ++num;
else if (strcmp(*argv,"-cert") == 0)
cert= ++num;
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-context") == 0)
{
if(--argc < 1) goto bad;
context=*++argv;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
for (pp=sess_id_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,"%s",*pp);
goto end;
}
ERR_load_crypto_strings();
x=load_sess_id(infile,informat);
if (x == NULL) { goto end; }
if(context)
{
x->sid_ctx_length=strlen(context);
if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
{
BIO_printf(bio_err,"Context too long\n");
goto end;
}
memcpy(x->sid_ctx,context,x->sid_ctx_length);
}
#ifdef undef
/* just testing for memory leaks :-) */
{
SSL_SESSION *s;
char buf[1024*10],*p;
int i;
s=SSL_SESSION_new();
p= &buf;
i=i2d_SSL_SESSION(x,&p);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
SSL_SESSION_free(s);
}
#endif
if (!noout || text)
{
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
}
if (text)
{
SSL_SESSION_print(out,x);
if (cert)
{
if (x->peer == NULL)
BIO_puts(out,"No certificate present\n");
else
X509_print(out,x->peer);
}
}
if (!noout && !cert)
{
if (outformat == FORMAT_ASN1)
i=i2d_SSL_SESSION_bio(out,x);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_SSL_SESSION(out,x);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err,"unable to write SSL_SESSION\n");
goto end;
}
}
else if (!noout && (x->peer != NULL)) /* just print the certificate */
{
if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_bio(out,x->peer);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_X509(out,x->peer);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err,"unable to write X509\n");
goto end;
}
}
ret=0;
end:
if (out != NULL) BIO_free_all(out);
if (x != NULL) SSL_SESSION_free(x);
apps_shutdown();
OPENSSL_EXIT(ret);
}
static SSL_SESSION *load_sess_id(char *infile, int format)
{
SSL_SESSION *x=NULL;
BIO *in=NULL;
in=BIO_new(BIO_s_file());
if (in == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,stdin,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
goto end;
}
}
if (format == FORMAT_ASN1)
x=d2i_SSL_SESSION_bio(in,NULL);
else if (format == FORMAT_PEM)
x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
else {
BIO_printf(bio_err,"bad input format specified for input crl\n");
goto end;
}
if (x == NULL)
{
BIO_printf(bio_err,"unable to load SSL_SESSION\n");
ERR_print_errors(bio_err);
goto end;
}
end:
if (in != NULL) BIO_free(in);
return(x);
}

857
jni/openssl/apps/smime.c Normal file
View File

@ -0,0 +1,857 @@
/* smime.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* S/MIME utility function */
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/x509_vfy.h>
#include <openssl/x509v3.h>
#undef PROG
#define PROG smime_main
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int smime_cb(int ok, X509_STORE_CTX *ctx);
#define SMIME_OP 0x10
#define SMIME_IP 0x20
#define SMIME_SIGNERS 0x40
#define SMIME_ENCRYPT (1 | SMIME_OP)
#define SMIME_DECRYPT (2 | SMIME_IP)
#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
#define SMIME_VERIFY (4 | SMIME_IP)
#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP)
#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int operation = 0;
int ret = 0;
char **args;
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
const EVP_CIPHER *cipher = NULL;
PKCS7 *p7 = NULL;
X509_STORE *store = NULL;
X509 *cert = NULL, *recip = NULL, *signer = NULL;
EVP_PKEY *key = NULL;
STACK_OF(X509) *encerts = NULL, *other = NULL;
BIO *in = NULL, *out = NULL, *indata = NULL;
int badarg = 0;
int flags = PKCS7_DETACHED;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL;
char *passargin = NULL, *passin = NULL;
char *inrand = NULL;
int need_rand = 0;
int indef = 0;
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int keyform = FORMAT_PEM;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
X509_VERIFY_PARAM *vpm = NULL;
args = argv + 1;
ret = 1;
apps_startup();
if (bio_err == NULL)
{
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
}
if (!load_config(bio_err, NULL))
goto end;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp (*args, "-encrypt"))
operation = SMIME_ENCRYPT;
else if (!strcmp (*args, "-decrypt"))
operation = SMIME_DECRYPT;
else if (!strcmp (*args, "-sign"))
operation = SMIME_SIGN;
else if (!strcmp (*args, "-resign"))
operation = SMIME_RESIGN;
else if (!strcmp (*args, "-verify"))
operation = SMIME_VERIFY;
else if (!strcmp (*args, "-pk7out"))
operation = SMIME_PK7OUT;
#ifndef OPENSSL_NO_DES
else if (!strcmp (*args, "-des3"))
cipher = EVP_des_ede3_cbc();
else if (!strcmp (*args, "-des"))
cipher = EVP_des_cbc();
#endif
#ifndef OPENSSL_NO_SEED
else if (!strcmp (*args, "-seed"))
cipher = EVP_seed_cbc();
#endif
#ifndef OPENSSL_NO_RC2
else if (!strcmp (*args, "-rc2-40"))
cipher = EVP_rc2_40_cbc();
else if (!strcmp (*args, "-rc2-128"))
cipher = EVP_rc2_cbc();
else if (!strcmp (*args, "-rc2-64"))
cipher = EVP_rc2_64_cbc();
#endif
#ifndef OPENSSL_NO_AES
else if (!strcmp(*args,"-aes128"))
cipher = EVP_aes_128_cbc();
else if (!strcmp(*args,"-aes192"))
cipher = EVP_aes_192_cbc();
else if (!strcmp(*args,"-aes256"))
cipher = EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
else if (!strcmp(*args,"-camellia128"))
cipher = EVP_camellia_128_cbc();
else if (!strcmp(*args,"-camellia192"))
cipher = EVP_camellia_192_cbc();
else if (!strcmp(*args,"-camellia256"))
cipher = EVP_camellia_256_cbc();
#endif
else if (!strcmp (*args, "-text"))
flags |= PKCS7_TEXT;
else if (!strcmp (*args, "-nointern"))
flags |= PKCS7_NOINTERN;
else if (!strcmp (*args, "-noverify"))
flags |= PKCS7_NOVERIFY;
else if (!strcmp (*args, "-nochain"))
flags |= PKCS7_NOCHAIN;
else if (!strcmp (*args, "-nocerts"))
flags |= PKCS7_NOCERTS;
else if (!strcmp (*args, "-noattr"))
flags |= PKCS7_NOATTR;
else if (!strcmp (*args, "-nodetach"))
flags &= ~PKCS7_DETACHED;
else if (!strcmp (*args, "-nosmimecap"))
flags |= PKCS7_NOSMIMECAP;
else if (!strcmp (*args, "-binary"))
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
else if (!strcmp (*args, "-stream"))
indef = 1;
else if (!strcmp (*args, "-indef"))
indef = 1;
else if (!strcmp (*args, "-noindef"))
indef = 0;
else if (!strcmp (*args, "-nooldmime"))
flags |= PKCS7_NOOLDMIMETYPE;
else if (!strcmp (*args, "-crlfeol"))
flags |= PKCS7_CRLFEOL;
else if (!strcmp(*args,"-rand"))
{
if (!args[1])
goto argerr;
args++;
inrand = *args;
need_rand = 1;
}
#ifndef OPENSSL_NO_ENGINE
else if (!strcmp(*args,"-engine"))
{
if (!args[1])
goto argerr;
engine = *++args;
}
#endif
else if (!strcmp(*args,"-passin"))
{
if (!args[1])
goto argerr;
passargin = *++args;
}
else if (!strcmp (*args, "-to"))
{
if (!args[1])
goto argerr;
to = *++args;
}
else if (!strcmp (*args, "-from"))
{
if (!args[1])
goto argerr;
from = *++args;
}
else if (!strcmp (*args, "-subject"))
{
if (!args[1])
goto argerr;
subject = *++args;
}
else if (!strcmp (*args, "-signer"))
{
if (!args[1])
goto argerr;
/* If previous -signer argument add signer to list */
if (signerfile)
{
if (!sksigners)
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!keyfile)
keyfile = signerfile;
if (!skkeys)
skkeys = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(skkeys, keyfile);
keyfile = NULL;
}
signerfile = *++args;
}
else if (!strcmp (*args, "-recip"))
{
if (!args[1])
goto argerr;
recipfile = *++args;
}
else if (!strcmp (*args, "-md"))
{
if (!args[1])
goto argerr;
sign_md = EVP_get_digestbyname(*++args);
if (sign_md == NULL)
{
BIO_printf(bio_err, "Unknown digest %s\n",
*args);
goto argerr;
}
}
else if (!strcmp (*args, "-inkey"))
{
if (!args[1])
goto argerr;
/* If previous -inkey arument add signer to list */
if (keyfile)
{
if (!signerfile)
{
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto argerr;
}
if (!sksigners)
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
signerfile = NULL;
if (!skkeys)
skkeys = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
keyfile = *++args;
}
else if (!strcmp (*args, "-keyform"))
{
if (!args[1])
goto argerr;
keyform = str2fmt(*++args);
}
else if (!strcmp (*args, "-certfile"))
{
if (!args[1])
goto argerr;
certfile = *++args;
}
else if (!strcmp (*args, "-CAfile"))
{
if (!args[1])
goto argerr;
CAfile = *++args;
}
else if (!strcmp (*args, "-CApath"))
{
if (!args[1])
goto argerr;
CApath = *++args;
}
else if (!strcmp (*args, "-in"))
{
if (!args[1])
goto argerr;
infile = *++args;
}
else if (!strcmp (*args, "-inform"))
{
if (!args[1])
goto argerr;
informat = str2fmt(*++args);
}
else if (!strcmp (*args, "-outform"))
{
if (!args[1])
goto argerr;
outformat = str2fmt(*++args);
}
else if (!strcmp (*args, "-out"))
{
if (!args[1])
goto argerr;
outfile = *++args;
}
else if (!strcmp (*args, "-content"))
{
if (!args[1])
goto argerr;
contfile = *++args;
}
else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
continue;
else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
badarg = 1;
args++;
}
if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
{
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto argerr;
}
if (operation & SMIME_SIGNERS)
{
/* Check to see if any final signer needs to be appended */
if (keyfile && !signerfile)
{
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto argerr;
}
if (signerfile)
{
if (!sksigners)
sksigners = sk_OPENSSL_STRING_new_null();
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!skkeys)
skkeys = sk_OPENSSL_STRING_new_null();
if (!keyfile)
keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
if (!sksigners)
{
BIO_printf(bio_err, "No signer certificate specified\n");
badarg = 1;
}
signerfile = NULL;
keyfile = NULL;
need_rand = 1;
}
else if (operation == SMIME_DECRYPT)
{
if (!recipfile && !keyfile)
{
BIO_printf(bio_err, "No recipient certificate or key specified\n");
badarg = 1;
}
}
else if (operation == SMIME_ENCRYPT)
{
if (!*args)
{
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
}
need_rand = 1;
}
else if (!operation)
badarg = 1;
if (badarg)
{
argerr:
BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
BIO_printf (bio_err, "where options are\n");
BIO_printf (bio_err, "-encrypt encrypt message\n");
BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
BIO_printf (bio_err, "-sign sign message\n");
BIO_printf (bio_err, "-verify verify signed message\n");
BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
#ifndef OPENSSL_NO_DES
BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
BIO_printf (bio_err, "-des encrypt with DES\n");
#endif
#ifndef OPENSSL_NO_SEED
BIO_printf (bio_err, "-seed encrypt with SEED\n");
#endif
#ifndef OPENSSL_NO_RC2
BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
#endif
#ifndef OPENSSL_NO_AES
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
#endif
BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
BIO_printf (bio_err, "-nosigs don't verify message signature\n");
BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
BIO_printf (bio_err, "-nodetach use opaque signing\n");
BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
BIO_printf (bio_err, "-binary don't translate message to text\n");
BIO_printf (bio_err, "-certfile file other certificates file\n");
BIO_printf (bio_err, "-signer file signer certificate file\n");
BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
BIO_printf (bio_err, "-to addr to address\n");
BIO_printf (bio_err, "-from ad from address\n");
BIO_printf (bio_err, "-subject s subject\n");
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
{
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if (need_rand)
{
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
ret = 2;
if (!(operation & SMIME_SIGNERS))
flags &= ~PKCS7_DETACHED;
if (operation & SMIME_OP)
{
if (outformat == FORMAT_ASN1)
outmode = "wb";
}
else
{
if (flags & PKCS7_BINARY)
outmode = "wb";
}
if (operation & SMIME_IP)
{
if (informat == FORMAT_ASN1)
inmode = "rb";
}
else
{
if (flags & PKCS7_BINARY)
inmode = "rb";
}
if (operation == SMIME_ENCRYPT)
{
if (!cipher)
{
#ifndef OPENSSL_NO_RC2
cipher = EVP_rc2_40_cbc();
#else
BIO_printf(bio_err, "No cipher selected\n");
goto end;
#endif
}
encerts = sk_X509_new_null();
while (*args)
{
if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
NULL, e, "recipient certificate file")))
{
#if 0 /* An appropriate message is already printed */
BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
#endif
goto end;
}
sk_X509_push(encerts, cert);
cert = NULL;
args++;
}
}
if (certfile)
{
if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
e, "certificate file")))
{
ERR_print_errors(bio_err);
goto end;
}
}
if (recipfile && (operation == SMIME_DECRYPT))
{
if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
e, "recipient certificate file")))
{
ERR_print_errors(bio_err);
goto end;
}
}
if (operation == SMIME_DECRYPT)
{
if (!keyfile)
keyfile = recipfile;
}
else if (operation == SMIME_SIGN)
{
if (!keyfile)
keyfile = signerfile;
}
else keyfile = NULL;
if (keyfile)
{
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file");
if (!key)
goto end;
}
if (infile)
{
if (!(in = BIO_new_file(infile, inmode)))
{
BIO_printf (bio_err,
"Can't open input file %s\n", infile);
goto end;
}
}
else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
if (operation & SMIME_IP)
{
if (informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata);
else if (informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else
{
BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
goto end;
}
if (!p7)
{
BIO_printf(bio_err, "Error reading S/MIME message\n");
goto end;
}
if (contfile)
{
BIO_free(indata);
if (!(indata = BIO_new_file(contfile, "rb")))
{
BIO_printf(bio_err, "Can't read content file %s\n", contfile);
goto end;
}
}
}
if (outfile)
{
if (!(out = BIO_new_file(outfile, outmode)))
{
BIO_printf (bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
else
{
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (operation == SMIME_VERIFY)
{
if (!(store = setup_verify(bio_err, CAfile, CApath)))
goto end;
X509_STORE_set_verify_cb(store, smime_cb);
if (vpm)
X509_STORE_set1_param(store, vpm);
}
ret = 3;
if (operation == SMIME_ENCRYPT)
{
if (indef)
flags |= PKCS7_STREAM;
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
}
else if (operation & SMIME_SIGNERS)
{
int i;
/* If detached data content we only enable streaming if
* S/MIME output format.
*/
if (operation == SMIME_SIGN)
{
if (flags & PKCS7_DETACHED)
{
if (outformat == FORMAT_SMIME)
flags |= PKCS7_STREAM;
}
else if (indef)
flags |= PKCS7_STREAM;
flags |= PKCS7_PARTIAL;
p7 = PKCS7_sign(NULL, NULL, other, in, flags);
if (!p7)
goto end;
}
else
flags |= PKCS7_REUSE_DIGEST;
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
{
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
goto end;
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file");
if (!key)
goto end;
if (!PKCS7_sign_add_signer(p7, signer, key,
sign_md, flags))
goto end;
X509_free(signer);
signer = NULL;
EVP_PKEY_free(key);
key = NULL;
}
/* If not streaming or resigning finalize structure */
if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM))
{
if (!PKCS7_final(p7, in, flags))
goto end;
}
}
if (!p7)
{
BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
goto end;
}
ret = 4;
if (operation == SMIME_DECRYPT)
{
if (!PKCS7_decrypt(p7, key, recip, out, flags))
{
BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
goto end;
}
}
else if (operation == SMIME_VERIFY)
{
STACK_OF(X509) *signers;
if (PKCS7_verify(p7, other, store, indata, out, flags))
BIO_printf(bio_err, "Verification successful\n");
else
{
BIO_printf(bio_err, "Verification failure\n");
goto end;
}
signers = PKCS7_get0_signers(p7, other, flags);
if (!save_certs(signerfile, signers))
{
BIO_printf(bio_err, "Error writing signers to %s\n",
signerfile);
ret = 5;
goto end;
}
sk_X509_free(signers);
}
else if (operation == SMIME_PK7OUT)
PEM_write_bio_PKCS7(out, p7);
else
{
if (to)
BIO_printf(out, "To: %s\n", to);
if (from)
BIO_printf(out, "From: %s\n", from);
if (subject)
BIO_printf(out, "Subject: %s\n", subject);
if (outformat == FORMAT_SMIME)
{
if (operation == SMIME_RESIGN)
SMIME_write_PKCS7(out, p7, indata, flags);
else
SMIME_write_PKCS7(out, p7, in, flags);
}
else if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS7_stream(out, p7, in, flags);
else if (outformat == FORMAT_ASN1)
i2d_PKCS7_bio_stream(out,p7, in, flags);
else
{
BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
goto end;
}
}
ret = 0;
end:
if (need_rand)
app_RAND_write_file(NULL, bio_err);
if (ret) ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (sksigners)
sk_OPENSSL_STRING_free(sksigners);
if (skkeys)
sk_OPENSSL_STRING_free(skkeys);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
X509_free(signer);
EVP_PKEY_free(key);
PKCS7_free(p7);
BIO_free(in);
BIO_free(indata);
BIO_free_all(out);
if (passin) OPENSSL_free(passin);
return (ret);
}
static int save_certs(char *signerfile, STACK_OF(X509) *signers)
{
int i;
BIO *tmp;
if (!signerfile)
return 1;
tmp = BIO_new_file(signerfile, "w");
if (!tmp) return 0;
for(i = 0; i < sk_X509_num(signers); i++)
PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
BIO_free(tmp);
return 1;
}
/* Minimal callback just to output policy info (if any) */
static int smime_cb(int ok, X509_STORE_CTX *ctx)
{
int error;
error = X509_STORE_CTX_get_error(ctx);
if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
&& ((error != X509_V_OK) || (ok != 2)))
return ok;
policies_print(NULL, ctx);
return ok;
}

2787
jni/openssl/apps/speed.c Normal file

File diff suppressed because it is too large Load Diff

308
jni/openssl/apps/spkac.c Normal file
View File

@ -0,0 +1,308 @@
/* apps/spkac.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999. Based on an original idea by Massimiliano Pala
* (madwolf@openca.org).
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/lhash.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#undef PROG
#define PROG spkac_main
/* -in arg - input file - default stdin
* -out arg - output file - default stdout
*/
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL;
int verify=0,noout=0,pubkey=0;
char *infile = NULL,*outfile = NULL,*prog;
char *passargin = NULL, *passin = NULL;
const char *spkac = "SPKAC", *spksect = "default";
char *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
apps_startup();
if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
keyfile= *(++argv);
}
else if (strcmp(*argv,"-challenge") == 0)
{
if (--argc < 1) goto bad;
challenge= *(++argv);
}
else if (strcmp(*argv,"-spkac") == 0)
{
if (--argc < 1) goto bad;
spkac= *(++argv);
}
else if (strcmp(*argv,"-spksect") == 0)
{
if (--argc < 1) goto bad;
spksect= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
pubkey=1;
else if (strcmp(*argv,"-verify") == 0)
verify=1;
else badops = 1;
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options]\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -key arg create SPKAC using private key\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -challenge arg challenge string\n");
BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
}
ERR_load_crypto_strings();
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(keyfile) {
pkey = load_key(bio_err,
strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key");
if(!pkey) {
goto end;
}
spki = NETSCAPE_SPKI_new();
if(challenge) ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (outfile) out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if(!out) {
BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(out, "SPKAC=%s\n", spkstr);
OPENSSL_free(spkstr);
ret = 0;
goto end;
}
if (infile) in = BIO_new_file(infile, "r");
else in = BIO_new_fp(stdin, BIO_NOCLOSE);
if(!in) {
BIO_printf(bio_err, "Error opening input file\n");
ERR_print_errors(bio_err);
goto end;
}
conf = NCONF_new(NULL);
i = NCONF_load_bio(conf, in, NULL);
if(!i) {
BIO_printf(bio_err, "Error parsing config file\n");
ERR_print_errors(bio_err);
goto end;
}
spkstr = NCONF_get_string(conf, spksect, spkac);
if(!spkstr) {
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
ERR_print_errors(bio_err);
goto end;
}
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if(!spki) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile) out = BIO_new_file(outfile, "w");
else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if(!out) {
BIO_printf(bio_err, "Error opening output file\n");
ERR_print_errors(bio_err);
goto end;
}
if(!noout) NETSCAPE_SPKI_print(out, spki);
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if(verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0) BIO_printf(bio_err, "Signature OK\n");
else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);
goto end;
}
}
if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
ret = 0;
end:
NCONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
if(passin) OPENSSL_free(passin);
apps_shutdown();
OPENSSL_EXIT(ret);
}

View File

@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX
MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq
hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL
VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI
hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S
uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/
-----END CERTIFICATE REQUEST-----

217
jni/openssl/apps/testdsa.h Normal file
View File

@ -0,0 +1,217 @@
/* NOCW */
/* used by apps/speed.c */
DSA *get_dsa512(void );
DSA *get_dsa1024(void );
DSA *get_dsa2048(void );
static unsigned char dsa512_priv[] = {
0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
};
static unsigned char dsa512_pub[] = {
0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,
0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,
0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
0xbe,0xba,0x0a,0x6b,0xc8,
};
static unsigned char dsa512_p[]={
0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9,
0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD,
0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,
0xA2,0x76,0x7D,0x31,
};
static unsigned char dsa512_q[]={
0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,
};
static unsigned char dsa512_g[]={
0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,
0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF,
0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE,
0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12,
0xA2,0x03,0x9D,0x20,
};
DSA *get_dsa512()
{
DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL);
dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
(dsa->q == NULL) || (dsa->g == NULL))
return(NULL);
return(dsa);
}
static unsigned char dsa1024_priv[]={
0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
};
static unsigned char dsa1024_pub[]={
0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,
0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,
0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,
0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,
0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,
0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,
0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,
0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
};
static unsigned char dsa1024_p[]={
0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,
0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,
0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,
0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,
0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,
0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,
0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,
0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
};
static unsigned char dsa1024_q[]={
0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
};
static unsigned char dsa1024_g[]={
0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,
0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,
0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,
0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,
0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,
0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,
0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,
0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,
0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,
};
DSA *get_dsa1024()
{
DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL);
dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
(dsa->q == NULL) || (dsa->g == NULL))
return(NULL);
return(dsa);
}
static unsigned char dsa2048_priv[]={
0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
};
static unsigned char dsa2048_pub[]={
0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,
0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,
0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,
0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,
0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,
0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,
0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,
0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,
0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,
0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,
0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,
0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,
0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,
0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,
0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,
0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,
0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,
0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,
0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
0x8b,0x33,0xb7,0xce,
};
static unsigned char dsa2048_p[]={
0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,
0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,
0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,
0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,
0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,
0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,
0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,
0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,
0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,
0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,
0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,
0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,
0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,
0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,
0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,
0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,
0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,
0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,
0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
0xF8,0x68,0xCF,0x9B,
};
static unsigned char dsa2048_q[]={
0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
};
static unsigned char dsa2048_g[]={
0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,
0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,
0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,
0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,
0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,
0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,
0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,
0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,
0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,
0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,
0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,
0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,
0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,
0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,
0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,
0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,
0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,
0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,
0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,
0xF8,0xB2,0xE5,0x38,
};
DSA *get_dsa2048()
{
DSA *dsa;
if ((dsa=DSA_new()) == NULL) return(NULL);
dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
(dsa->q == NULL) || (dsa->g == NULL))
return(NULL);
return(dsa);
}
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
static int rnd_fake = 0;

518
jni/openssl/apps/testrsa.h Normal file
View File

@ -0,0 +1,518 @@
/* apps/testrsa.h */
/* used by apps/speed.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
static unsigned char test512[]={
0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,
0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,
0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,
0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,
0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,
0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,
0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,
0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,
0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,
0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,
0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,
0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,
0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,
0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,
0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,
0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,
0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,
0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,
0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,
0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,
0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,
0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,
0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,
0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,
0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,
0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,
0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,
0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,
0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,
0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,
0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,
0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,
};
static unsigned char test1024[]={
0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,
0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,
0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,
0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,
0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,
0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,
0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,
0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,
0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,
0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,
0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,
0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,
0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,
0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,
0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,
0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,
0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,
0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,
0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,
0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,
0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,
0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,
0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,
0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,
0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,
0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,
0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,
0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,
0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,
0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,
0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,
0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,
0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,
0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,
0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,
0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,
0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,
0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,
0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,
0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,
0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,
0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,
0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,
0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,
0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,
0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,
0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,
0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,
0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,
0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,
0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,
0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,
0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,
0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,
0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,
0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,
0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,
0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,
0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,
0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,
0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,
};
static unsigned char test2048[]={
0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,
0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,
0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,
0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,
0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,
0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,
0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,
0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,
0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,
0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,
0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,
0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,
0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,
0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,
0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,
0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,
0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,
0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,
0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,
0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,
0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,
0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,
0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,
0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,
0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,
0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,
0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,
0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,
0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,
0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,
0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,
0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,
0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,
0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,
0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,
0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,
0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,
0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,
0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,
0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,
0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,
0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,
0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,
0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,
0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,
0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,
0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,
0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,
0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,
0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,
0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,
0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,
0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,
0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,
0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,
0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,
0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,
0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,
0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,
0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,
0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,
0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,
0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,
0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,
0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,
0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,
0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,
0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,
0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,
0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,
0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,
0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,
0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,
0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,
0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,
0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,
0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,
0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,
0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,
0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,
0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,
0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,
0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,
0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,
0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,
0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,
0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,
0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,
0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,
0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,
0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,
0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,
0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,
0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,
0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,
0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,
0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,
0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,
0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,
0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,
0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,
0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,
0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,
0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,
0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,
0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,
0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,
0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,
0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,
0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,
0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,
0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,
0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,
0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,
0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,
0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,
0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,
0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,
0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,
0x95,
};
static unsigned char test4096[]={
0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,
0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,
0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,
0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,
0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,
0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,
0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,
0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,
0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,
0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,
0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,
0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,
0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,
0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,
0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,
0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,
0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,
0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,
0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,
0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,
0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,
0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,
0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,
0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,
0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,
0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,
0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,
0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,
0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,
0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,
0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,
0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,
0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,
0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,
0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,
0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,
0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,
0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,
0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,
0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,
0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,
0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,
0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,
0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,
0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,
0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,
0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,
0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,
0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,
0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,
0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,
0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,
0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,
0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,
0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,
0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,
0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,
0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,
0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,
0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,
0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,
0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,
0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,
0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,
0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,
0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,
0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,
0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,
0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,
0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,
0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,
0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,
0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,
0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,
0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,
0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,
0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,
0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,
0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,
0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,
0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,
0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,
0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,
0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,
0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,
0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,
0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,
0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,
0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,
0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,
0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,
0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,
0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,
0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,
0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,
0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,
0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,
0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,
0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,
0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,
0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,
0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,
0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,
0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,
0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,
0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,
0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,
0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,
0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,
0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,
0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,
0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,
0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,
0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,
0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,
0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,
0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,
0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,
0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,
0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,
0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,
0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,
0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,
0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,
0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,
0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,
0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,
0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,
0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,
0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,
0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,
0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,
0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,
0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,
0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,
0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,
0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,
0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,
0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,
0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,
0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,
0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,
0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,
0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,
0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,
0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,
0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,
0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,
0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,
0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,
0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,
0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,
0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,
0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,
0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,
0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,
0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,
0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,
0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,
0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,
0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,
0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,
0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,
0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,
0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,
0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,
0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,
0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,
0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,
0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,
0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,
0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,
0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,
0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,
0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,
0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,
0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,
0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,
0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,
0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,
0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,
0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,
0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,
0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,
0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,
0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,
0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,
0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,
0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,
0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,
0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,
0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,
0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,
0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,
0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,
0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,
0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,
0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,
0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,
0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,
0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,
0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,
0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,
0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,
0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,
0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,
0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,
0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,
0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,
0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,
0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,
0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,
0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,
0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,
0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,
0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,
0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,
0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,
0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,
0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,
0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,
0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,
0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,
0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,
0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,
0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,
0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,
0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,
0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,
0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,
0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,
0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,
0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,
0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,
0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,
};

View File

@ -0,0 +1,67 @@
/* apps/timeouts.h */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef INCLUDED_TIMEOUTS_H
#define INCLUDED_TIMEOUTS_H
/* numbers in us */
#define DGRAM_RCV_TIMEOUT 250000
#define DGRAM_SND_TIMEOUT 250000
#endif /* ! INCLUDED_TIMEOUTS_H */

Some files were not shown because too many files have changed in this diff Show More