Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not

a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@
author: jsing <> 2014-08-26 17:47:25 +0000
committer: jsing <> 2014-08-26 17:47:25 +0000
commit: 5aab6333892d1796683d2fd5e0c53b48b711bfde (patch)
tree: 1f859a78eae941040f58599de8c0e1e56d61fdad /src/usr.bin/openssl/sess_id.c
parent: 7578aa547ab7082a9bb1785cf26323e92b898f79 (diff)
download: openbsd-5aab6333892d1796683d2fd5e0c53b48b711bfde.tar.gz
openbsd-5aab6333892d1796683d2fd5e0c53b48b711bfde.tar.bz2
openbsd-5aab6333892d1796683d2fd5e0c53b48b711bfde.zip
1 files changed, 282 insertions, 0 deletions
diff --git a/src/usr.bin/openssl/sess_id.c b/src/usr.bin/openssl/sess_id.c
new file mode 100644
index 0000000000..23df0301b3
--- /dev/null
+++ b/src/usr.bin/openssl/sess_id.c
@@ -0,0 +1,282 @@
+/* $OpenBSD: sess_id.c,v 1.1 2014/08/26 17:47:25 jsing Exp $ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+static const char *sess_id_usage[] = {
+        "usage: sess_id args\n",
+        "\n",
+        " -inform arg     - input format - default PEM (DER or PEM)\n",
+        " -outform arg    - output format - default PEM\n",
+        " -in arg         - input file - default stdin\n",
+        " -out arg        - output file - default stdout\n",
+        " -text           - print ssl session id details\n",
+        " -cert           - output certificate \n",
+        " -noout          - no output of encoded session info\n",
+        " -context arg    - set the session ID context\n",
+        NULL
+};
+static SSL_SESSION *load_sess_id(char *file, int format);
+int sess_id_main(int, char **);
+int
+sess_id_main(int argc, char **argv)
+{
+        SSL_SESSION *x = NULL;
+        X509 *peer = NULL;
+        int ret = 1, i, num, badops = 0;
+        BIO *out = NULL;
+        int informat, outformat;
+        char *infile = NULL, *outfile = NULL, *context = NULL;
+        int cert = 0, noout = 0, text = 0;
+        const char **pp;
+        informat = FORMAT_PEM;
+        outformat = FORMAT_PEM;
+        argc--;
+        argv++;
+        num = 0;
+        while (argc >= 1) {
+                if (strcmp(*argv, "-inform") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        informat = str2fmt(*(++argv));
+                } else if (strcmp(*argv, "-outform") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        outformat = str2fmt(*(++argv));
+                } else if (strcmp(*argv, "-in") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        infile = *(++argv);
+                } else if (strcmp(*argv, "-out") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        outfile = *(++argv);
+                } else if (strcmp(*argv, "-text") == 0)
+                        text = ++num;
+                else if (strcmp(*argv, "-cert") == 0)
+                        cert = ++num;
+                else if (strcmp(*argv, "-noout") == 0)
+                        noout = ++num;
+                else if (strcmp(*argv, "-context") == 0) {
+                        if (--argc < 1)
+                                goto bad;
+                        context = *++argv;
+                } else {
+                        BIO_printf(bio_err, "unknown option %s\n", *argv);
+                        badops = 1;
+                        break;
+                }
+                argc--;
+                argv++;
+        }
+        if (badops) {
+bad:
+                for (pp = sess_id_usage; (*pp != NULL); pp++)
+                        BIO_printf(bio_err, "%s", *pp);
+                goto end;
+        }
+        ERR_load_crypto_strings();
+        x = load_sess_id(infile, informat);
+        if (x == NULL) {
+                goto end;
+        }
+        peer = SSL_SESSION_get0_peer(x);
+        if (context) {
+                size_t ctx_len = strlen(context);
+                if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+                        BIO_printf(bio_err, "Context too long\n");
+                        goto end;
+                }
+                SSL_SESSION_set1_id_context(x, (unsigned char *) context, ctx_len);
+        }
+#ifdef undef
+        /* just testing for memory leaks :-) */
+        {
+                SSL_SESSION *s;
+                char buf[1024 * 10], *p;
+                int i;
+                s = SSL_SESSION_new();
+                p = &buf;
+                i = i2d_SSL_SESSION(x, &p);
+                p = &buf;
+                d2i_SSL_SESSION(&s, &p, (long) i);
+                p = &buf;
+                d2i_SSL_SESSION(&s, &p, (long) i);
+                p = &buf;
+                d2i_SSL_SESSION(&s, &p, (long) i);
+                SSL_SESSION_free(s);
+        }
+#endif
+        if (!noout || text) {
+                out = BIO_new(BIO_s_file());
+                if (out == NULL) {
+                        ERR_print_errors(bio_err);
+                        goto end;
+                }
+                if (outfile == NULL) {
+                        BIO_set_fp(out, stdout, BIO_NOCLOSE);
+                } else {
+                        if (BIO_write_filename(out, outfile) <= 0) {
+                                perror(outfile);
+                                goto end;
+                        }
+                }
+        }
+        if (text) {
+                SSL_SESSION_print(out, x);
+                if (cert) {
+                        if (peer == NULL)
+                                BIO_puts(out, "No certificate present\n");
+                        else
+                                X509_print(out, peer);
+                }
+        }
+        if (!noout && !cert) {
+                if (outformat == FORMAT_ASN1)
+                        i = i2d_SSL_SESSION_bio(out, x);
+                else if (outformat == FORMAT_PEM)
+                        i = PEM_write_bio_SSL_SESSION(out, x);
+                else {
+                        BIO_printf(bio_err, "bad output format specified for outfile\n");
+                        goto end;
+                }
+                if (!i) {
+                        BIO_printf(bio_err, "unable to write SSL_SESSION\n");
+                        goto end;
+                }
+        } else if (!noout && (peer != NULL)) {  /* just print the certificate */
+                if (outformat == FORMAT_ASN1)
+                        i = (int) i2d_X509_bio(out, peer);
+                else if (outformat == FORMAT_PEM)
+                        i = PEM_write_bio_X509(out, peer);
+                else {
+                        BIO_printf(bio_err, "bad output format specified for outfile\n");
+                        goto end;
+                }
+                if (!i) {
+                        BIO_printf(bio_err, "unable to write X509\n");
+                        goto end;
+                }
+        }
+        ret = 0;
+end:
+        if (out != NULL)
+                BIO_free_all(out);
+        if (x != NULL)
+                SSL_SESSION_free(x);
+        return (ret);
+}
+static SSL_SESSION *
+load_sess_id(char *infile, int format)
+{
+        SSL_SESSION *x = NULL;
+        BIO *in = NULL;
+        in = BIO_new(BIO_s_file());
+        if (in == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+        }
+        if (infile == NULL)
+                BIO_set_fp(in, stdin, BIO_NOCLOSE);
+        else {
+                if (BIO_read_filename(in, infile) <= 0) {
+                        perror(infile);
+                        goto end;
+                }
+        }
+        if (format == FORMAT_ASN1)
+                x = d2i_SSL_SESSION_bio(in, NULL);
+        else if (format == FORMAT_PEM)
+                x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
+        else {
+                BIO_printf(bio_err, "bad input format specified for input crl\n");
+                goto end;
+        }
+        if (x == NULL) {
+                BIO_printf(bio_err, "unable to load SSL_SESSION\n");
+                ERR_print_errors(bio_err);
+                goto end;
+        }
+end:
+        BIO_free(in);
+        return (x);
+}
author	jsing <>	2014-08-26 17:47:25 +0000
committer	jsing <>	2014-08-26 17:47:25 +0000
commit	5aab6333892d1796683d2fd5e0c53b48b711bfde (patch)
tree	1f859a78eae941040f58599de8c0e1e56d61fdad /src/usr.bin/openssl/sess_id.c
parent	7578aa547ab7082a9bb1785cf26323e92b898f79 (diff)
download	openbsd-5aab6333892d1796683d2fd5e0c53b48b711bfde.tar.gz openbsd-5aab6333892d1796683d2fd5e0c53b48b711bfde.tar.bz2 openbsd-5aab6333892d1796683d2fd5e0c53b48b711bfde.zip

diff --git a/src/usr.bin/openssl/sess_id.c b/src/usr.bin/openssl/sess_id.c new file mode 100644 index 0000000000..23df0301b3 --- /dev/null +++ b/src/usr.bin/openssl/sess_id.c
@@ -0,0 +1,282 @@
	1	/* $OpenBSD: sess_id.c,v 1.1 2014/08/26 17:47:25 jsing Exp $ */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include <stdlib.h>
	61	#include <string.h>
	62
	63	#include "apps.h"
	64
	65	#include <openssl/bio.h>
	66	#include <openssl/err.h>
	67	#include <openssl/pem.h>
	68	#include <openssl/ssl.h>
	69	#include <openssl/x509.h>
	70
	71	static const char *sess_id_usage[] = {
	72	"usage: sess_id args\n",
	73	"\n",
	74	" -inform arg - input format - default PEM (DER or PEM)\n",
	75	" -outform arg - output format - default PEM\n",
	76	" -in arg - input file - default stdin\n",
	77	" -out arg - output file - default stdout\n",
	78	" -text - print ssl session id details\n",
	79	" -cert - output certificate \n",
	80	" -noout - no output of encoded session info\n",
	81	" -context arg - set the session ID context\n",
	82	NULL
	83	};
	84
	85	static SSL_SESSION load_sess_id(char file, int format);
	86
	87	int sess_id_main(int, char **);
	88
	89	int
	90	sess_id_main(int argc, char **argv)
	91	{
	92	SSL_SESSION *x = NULL;
	93	X509 *peer = NULL;
	94	int ret = 1, i, num, badops = 0;
	95	BIO *out = NULL;
	96	int informat, outformat;
	97	char infile = NULL, outfile = NULL, *context = NULL;
	98	int cert = 0, noout = 0, text = 0;
	99	const char **pp;
	100
	101	informat = FORMAT_PEM;
	102	outformat = FORMAT_PEM;
	103
	104	argc--;
	105	argv++;
	106	num = 0;
	107	while (argc >= 1) {
	108	if (strcmp(*argv, "-inform") == 0) {
	109	if (--argc < 1)
	110	goto bad;
	111	informat = str2fmt(*(++argv));
	112	} else if (strcmp(*argv, "-outform") == 0) {
	113	if (--argc < 1)
	114	goto bad;
	115	outformat = str2fmt(*(++argv));
	116	} else if (strcmp(*argv, "-in") == 0) {
	117	if (--argc < 1)
	118	goto bad;
	119	infile = *(++argv);
	120	} else if (strcmp(*argv, "-out") == 0) {
	121	if (--argc < 1)
	122	goto bad;
	123	outfile = *(++argv);
	124	} else if (strcmp(*argv, "-text") == 0)
	125	text = ++num;
	126	else if (strcmp(*argv, "-cert") == 0)
	127	cert = ++num;
	128	else if (strcmp(*argv, "-noout") == 0)
	129	noout = ++num;
	130	else if (strcmp(*argv, "-context") == 0) {
	131	if (--argc < 1)
	132	goto bad;
	133	context = *++argv;
	134	} else {
	135	BIO_printf(bio_err, "unknown option %s\n", *argv);
	136	badops = 1;
	137	break;
	138	}
	139	argc--;
	140	argv++;
	141	}
	142
	143	if (badops) {
	144	bad:
	145	for (pp = sess_id_usage; (*pp != NULL); pp++)
	146	BIO_printf(bio_err, "%s", *pp);
	147	goto end;
	148	}
	149	ERR_load_crypto_strings();
	150	x = load_sess_id(infile, informat);
	151	if (x == NULL) {
	152	goto end;
	153	}
	154	peer = SSL_SESSION_get0_peer(x);
	155
	156	if (context) {
	157	size_t ctx_len = strlen(context);
	158	if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
	159	BIO_printf(bio_err, "Context too long\n");
	160	goto end;
	161	}
	162	SSL_SESSION_set1_id_context(x, (unsigned char *) context, ctx_len);
	163	}
	164	#ifdef undef
	165	/* just testing for memory leaks :-) */
	166	{
	167	SSL_SESSION *s;
	168	char buf[1024 * 10], *p;
	169	int i;
	170
	171	s = SSL_SESSION_new();
	172
	173	p = &buf;
	174	i = i2d_SSL_SESSION(x, &p);
	175	p = &buf;
	176	d2i_SSL_SESSION(&s, &p, (long) i);
	177	p = &buf;
	178	d2i_SSL_SESSION(&s, &p, (long) i);
	179	p = &buf;
	180	d2i_SSL_SESSION(&s, &p, (long) i);
	181	SSL_SESSION_free(s);
	182	}
	183	#endif
	184
	185	if (!noout \|\| text) {
	186	out = BIO_new(BIO_s_file());
	187	if (out == NULL) {
	188	ERR_print_errors(bio_err);
	189	goto end;
	190	}
	191	if (outfile == NULL) {
	192	BIO_set_fp(out, stdout, BIO_NOCLOSE);
	193	} else {
	194	if (BIO_write_filename(out, outfile) <= 0) {
	195	perror(outfile);
	196	goto end;
	197	}
	198	}
	199	}
	200	if (text) {
	201	SSL_SESSION_print(out, x);
	202
	203	if (cert) {
	204	if (peer == NULL)
	205	BIO_puts(out, "No certificate present\n");
	206	else
	207	X509_print(out, peer);
	208	}
	209	}
	210	if (!noout && !cert) {
	211	if (outformat == FORMAT_ASN1)
	212	i = i2d_SSL_SESSION_bio(out, x);
	213	else if (outformat == FORMAT_PEM)
	214	i = PEM_write_bio_SSL_SESSION(out, x);
	215	else {
	216	BIO_printf(bio_err, "bad output format specified for outfile\n");
	217	goto end;
	218	}
	219	if (!i) {
	220	BIO_printf(bio_err, "unable to write SSL_SESSION\n");
	221	goto end;
	222	}
	223	} else if (!noout && (peer != NULL)) { /* just print the certificate */
	224	if (outformat == FORMAT_ASN1)
	225	i = (int) i2d_X509_bio(out, peer);
	226	else if (outformat == FORMAT_PEM)
	227	i = PEM_write_bio_X509(out, peer);
	228	else {
	229	BIO_printf(bio_err, "bad output format specified for outfile\n");
	230	goto end;
	231	}
	232	if (!i) {
	233	BIO_printf(bio_err, "unable to write X509\n");
	234	goto end;
	235	}
	236	}
	237	ret = 0;
	238	end:
	239	if (out != NULL)
	240	BIO_free_all(out);
	241	if (x != NULL)
	242	SSL_SESSION_free(x);
	243
	244	return (ret);
	245	}
	246
	247	static SSL_SESSION *
	248	load_sess_id(char *infile, int format)
	249	{
	250	SSL_SESSION *x = NULL;
	251	BIO *in = NULL;
	252
	253	in = BIO_new(BIO_s_file());
	254	if (in == NULL) {
	255	ERR_print_errors(bio_err);
	256	goto end;
	257	}
	258	if (infile == NULL)
	259	BIO_set_fp(in, stdin, BIO_NOCLOSE);
	260	else {
	261	if (BIO_read_filename(in, infile) <= 0) {
	262	perror(infile);
	263	goto end;
	264	}
	265	}
	266	if (format == FORMAT_ASN1)
	267	x = d2i_SSL_SESSION_bio(in, NULL);
	268	else if (format == FORMAT_PEM)
	269	x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
	270	else {
	271	BIO_printf(bio_err, "bad input format specified for input crl\n");
	272	goto end;
	273	}
	274	if (x == NULL) {
	275	BIO_printf(bio_err, "unable to load SSL_SESSION\n");
	276	ERR_print_errors(bio_err);
	277	goto end;
	278	}
	279	end:
	280	BIO_free(in);
	281	return (x);
	282	}