summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortedu <>2014-04-16 18:35:15 +0000
committertedu <>2014-04-16 18:35:15 +0000
commitea9764c93eb4a4585d64617f2230f30a00ccb822 (patch)
tree48f39e78fdb4f29932b3c61258965b017e0fbd4c /src
parent793dc66b7edce4fdbf941ddf15750eb9dbbd9d63 (diff)
downloadopenbsd-ea9764c93eb4a4585d64617f2230f30a00ccb822.tar.gz
openbsd-ea9764c93eb4a4585d64617f2230f30a00ccb822.tar.bz2
openbsd-ea9764c93eb4a4585d64617f2230f30a00ccb822.zip
quoth the readme:
NOTE: Don't expect any of these programs to work with current OpenSSL releases, or even with later SSLeay releases. ok miod
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/src/demos/README9
-rw-r--r--src/lib/libssl/src/demos/asn1/README.ASN17
-rw-r--r--src/lib/libssl/src/demos/asn1/ocsp.c366
-rw-r--r--src/lib/libssl/src/demos/b64.c268
-rw-r--r--src/lib/libssl/src/demos/b64.pl20
-rw-r--r--src/lib/libssl/src/demos/bio/Makefile16
-rw-r--r--src/lib/libssl/src/demos/bio/README3
-rw-r--r--src/lib/libssl/src/demos/bio/saccept.c112
-rw-r--r--src/lib/libssl/src/demos/bio/sconnect.c121
-rw-r--r--src/lib/libssl/src/demos/bio/server.pem30
-rw-r--r--src/lib/libssl/src/demos/cms/cacert.pem18
-rw-r--r--src/lib/libssl/src/demos/cms/cakey.pem15
-rw-r--r--src/lib/libssl/src/demos/cms/cms_comp.c61
-rw-r--r--src/lib/libssl/src/demos/cms/cms_ddec.c89
-rw-r--r--src/lib/libssl/src/demos/cms/cms_dec.c79
-rw-r--r--src/lib/libssl/src/demos/cms/cms_denc.c97
-rw-r--r--src/lib/libssl/src/demos/cms/cms_enc.c92
-rw-r--r--src/lib/libssl/src/demos/cms/cms_sign.c89
-rw-r--r--src/lib/libssl/src/demos/cms/cms_sign2.c103
-rw-r--r--src/lib/libssl/src/demos/cms/cms_uncomp.c56
-rw-r--r--src/lib/libssl/src/demos/cms/cms_ver.c87
-rw-r--r--src/lib/libssl/src/demos/cms/comp.txt22
-rw-r--r--src/lib/libssl/src/demos/cms/encr.txt3
-rw-r--r--src/lib/libssl/src/demos/cms/sign.txt3
-rw-r--r--src/lib/libssl/src/demos/cms/signer.pem32
-rw-r--r--src/lib/libssl/src/demos/cms/signer2.pem32
-rw-r--r--src/lib/libssl/src/demos/easy_tls/Makefile123
-rw-r--r--src/lib/libssl/src/demos/easy_tls/README65
-rw-r--r--src/lib/libssl/src/demos/easy_tls/cacerts.pem18
-rw-r--r--src/lib/libssl/src/demos/easy_tls/cert.pem31
-rw-r--r--src/lib/libssl/src/demos/easy_tls/easy-tls.c1240
-rw-r--r--src/lib/libssl/src/demos/easy_tls/easy-tls.h57
-rw-r--r--src/lib/libssl/src/demos/easy_tls/test.c244
-rw-r--r--src/lib/libssl/src/demos/easy_tls/test.h11
-rw-r--r--src/lib/libssl/src/demos/eay/Makefile24
-rw-r--r--src/lib/libssl/src/demos/eay/base64.c49
-rw-r--r--src/lib/libssl/src/demos/eay/conn.c105
-rw-r--r--src/lib/libssl/src/demos/eay/loadrsa.c53
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/Makefile114
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h35
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c721
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec8
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c151
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h99
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/Makefile114
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c920
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec8
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c154
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h102
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h189
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/Makefile135
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/README22
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/rsaref.c685
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/rsaref.ec8
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/rsaref_err.c161
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/rsaref_err.h109
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/Makefile114
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod.c1739
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec8
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod.h160
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c151
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h99
-rw-r--r--src/lib/libssl/src/demos/maurice/Makefile59
-rw-r--r--src/lib/libssl/src/demos/maurice/README34
-rw-r--r--src/lib/libssl/src/demos/maurice/cert.pem77
-rw-r--r--src/lib/libssl/src/demos/maurice/example1.c198
-rw-r--r--src/lib/libssl/src/demos/maurice/example2.c75
-rw-r--r--src/lib/libssl/src/demos/maurice/example3.c87
-rw-r--r--src/lib/libssl/src/demos/maurice/example4.c123
-rw-r--r--src/lib/libssl/src/demos/maurice/loadkeys.c72
-rw-r--r--src/lib/libssl/src/demos/maurice/loadkeys.h19
-rw-r--r--src/lib/libssl/src/demos/maurice/privkey.pem27
-rw-r--r--src/lib/libssl/src/demos/pkcs12/README3
-rw-r--r--src/lib/libssl/src/demos/pkcs12/pkread.c61
-rw-r--r--src/lib/libssl/src/demos/pkcs12/pkwrite.c46
-rw-r--r--src/lib/libssl/src/demos/prime/Makefile20
-rw-r--r--src/lib/libssl/src/demos/prime/prime.c101
-rw-r--r--src/lib/libssl/src/demos/privkey.pem9
-rw-r--r--src/lib/libssl/src/demos/selfsign.c172
-rw-r--r--src/lib/libssl/src/demos/sign/Makefile15
-rw-r--r--src/lib/libssl/src/demos/sign/cert.pem14
-rw-r--r--src/lib/libssl/src/demos/sign/key.pem9
-rw-r--r--src/lib/libssl/src/demos/sign/sig.txt158
-rw-r--r--src/lib/libssl/src/demos/sign/sign.c153
-rw-r--r--src/lib/libssl/src/demos/sign/sign.txt170
-rw-r--r--src/lib/libssl/src/demos/smime/cacert.pem18
-rw-r--r--src/lib/libssl/src/demos/smime/cakey.pem15
-rw-r--r--src/lib/libssl/src/demos/smime/encr.txt3
-rw-r--r--src/lib/libssl/src/demos/smime/sign.txt3
-rw-r--r--src/lib/libssl/src/demos/smime/signer.pem32
-rw-r--r--src/lib/libssl/src/demos/smime/signer2.pem32
-rw-r--r--src/lib/libssl/src/demos/smime/smdec.c83
-rw-r--r--src/lib/libssl/src/demos/smime/smenc.c92
-rw-r--r--src/lib/libssl/src/demos/smime/smsign.c89
-rw-r--r--src/lib/libssl/src/demos/smime/smsign2.c107
-rw-r--r--src/lib/libssl/src/demos/smime/smver.c87
-rw-r--r--src/lib/libssl/src/demos/spkigen.c161
-rw-r--r--src/lib/libssl/src/demos/ssl/cli.cpp110
-rw-r--r--src/lib/libssl/src/demos/ssl/inetdsrv.cpp98
-rw-r--r--src/lib/libssl/src/demos/ssl/serv.cpp152
-rwxr-xr-xsrc/lib/libssl/src/demos/ssltest-ecc/ECC-RSAcertgen.sh98
-rwxr-xr-xsrc/lib/libssl/src/demos/ssltest-ecc/ECCcertgen.sh164
-rw-r--r--src/lib/libssl/src/demos/ssltest-ecc/README15
-rwxr-xr-xsrc/lib/libssl/src/demos/ssltest-ecc/RSAcertgen.sh121
-rwxr-xr-xsrc/lib/libssl/src/demos/ssltest-ecc/ssltest.sh188
-rw-r--r--src/lib/libssl/src/demos/state_machine/Makefile9
-rw-r--r--src/lib/libssl/src/demos/state_machine/state_machine.c416
-rw-r--r--src/lib/libssl/src/demos/tunala/A-client.pem84
-rw-r--r--src/lib/libssl/src/demos/tunala/A-server.pem84
-rw-r--r--src/lib/libssl/src/demos/tunala/CA.pem24
-rw-r--r--src/lib/libssl/src/demos/tunala/INSTALL107
-rw-r--r--src/lib/libssl/src/demos/tunala/Makefile41
-rw-r--r--src/lib/libssl/src/demos/tunala/Makefile.am7
-rw-r--r--src/lib/libssl/src/demos/tunala/README233
-rw-r--r--src/lib/libssl/src/demos/tunala/autogunk.sh25
-rw-r--r--src/lib/libssl/src/demos/tunala/autoungunk.sh19
-rw-r--r--src/lib/libssl/src/demos/tunala/breakage.c66
-rw-r--r--src/lib/libssl/src/demos/tunala/buffer.c205
-rw-r--r--src/lib/libssl/src/demos/tunala/cb.c162
-rw-r--r--src/lib/libssl/src/demos/tunala/configure.in29
-rw-r--r--src/lib/libssl/src/demos/tunala/ip.c146
-rw-r--r--src/lib/libssl/src/demos/tunala/sm.c151
-rwxr-xr-xsrc/lib/libssl/src/demos/tunala/test.sh107
-rw-r--r--src/lib/libssl/src/demos/tunala/tunala.c1109
-rw-r--r--src/lib/libssl/src/demos/tunala/tunala.h215
-rw-r--r--src/lib/libssl/src/demos/x509/README3
-rw-r--r--src/lib/libssl/src/demos/x509/mkcert.c172
-rw-r--r--src/lib/libssl/src/demos/x509/mkreq.c162
128 files changed, 0 insertions, 16802 deletions
diff --git a/src/lib/libssl/src/demos/README b/src/lib/libssl/src/demos/README
deleted file mode 100644
index d2155ef973..0000000000
--- a/src/lib/libssl/src/demos/README
+++ /dev/null
@@ -1,9 +0,0 @@
1NOTE: Don't expect any of these programs to work with current
2OpenSSL releases, or even with later SSLeay releases.
3
4Original README:
5=============================================================================
6
7Some demo programs sent to me by various people
8
9eric
diff --git a/src/lib/libssl/src/demos/asn1/README.ASN1 b/src/lib/libssl/src/demos/asn1/README.ASN1
deleted file mode 100644
index ac497be184..0000000000
--- a/src/lib/libssl/src/demos/asn1/README.ASN1
+++ /dev/null
@@ -1,7 +0,0 @@
1This is a demo of the new ASN1 code. Its an OCSP ASN1 module. Doesn't
2do much yet other than demonstrate what the new ASN1 modules might look
3like.
4
5It wont even compile yet: the new code isn't in place.
6
7
diff --git a/src/lib/libssl/src/demos/asn1/ocsp.c b/src/lib/libssl/src/demos/asn1/ocsp.c
deleted file mode 100644
index e89f1f72a6..0000000000
--- a/src/lib/libssl/src/demos/asn1/ocsp.c
+++ /dev/null
@@ -1,366 +0,0 @@
1/* ocsp.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58#include <openssl/asn1.h>
59#include <openssl/asn1t.h>
60#include <openssl/x509v3.h>
61
62
63
64
65/* Example of new ASN1 code, OCSP request
66
67 OCSPRequest ::= SEQUENCE {
68 tbsRequest TBSRequest,
69 optionalSignature [0] EXPLICIT Signature OPTIONAL }
70
71 TBSRequest ::= SEQUENCE {
72 version [0] EXPLICIT Version DEFAULT v1,
73 requestorName [1] EXPLICIT GeneralName OPTIONAL,
74 requestList SEQUENCE OF Request,
75 requestExtensions [2] EXPLICIT Extensions OPTIONAL }
76
77 Signature ::= SEQUENCE {
78 signatureAlgorithm AlgorithmIdentifier,
79 signature BIT STRING,
80 certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
81
82 Version ::= INTEGER { v1(0) }
83
84 Request ::= SEQUENCE {
85 reqCert CertID,
86 singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
87
88 CertID ::= SEQUENCE {
89 hashAlgorithm AlgorithmIdentifier,
90 issuerNameHash OCTET STRING, -- Hash of Issuer's DN
91 issuerKeyHash OCTET STRING, -- Hash of Issuers public key
92 serialNumber CertificateSerialNumber }
93
94 OCSPResponse ::= SEQUENCE {
95 responseStatus OCSPResponseStatus,
96 responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
97
98 OCSPResponseStatus ::= ENUMERATED {
99 successful (0), --Response has valid confirmations
100 malformedRequest (1), --Illegal confirmation request
101 internalError (2), --Internal error in issuer
102 tryLater (3), --Try again later
103 --(4) is not used
104 sigRequired (5), --Must sign the request
105 unauthorized (6) --Request unauthorized
106 }
107
108 ResponseBytes ::= SEQUENCE {
109 responseType OBJECT IDENTIFIER,
110 response OCTET STRING }
111
112 BasicOCSPResponse ::= SEQUENCE {
113 tbsResponseData ResponseData,
114 signatureAlgorithm AlgorithmIdentifier,
115 signature BIT STRING,
116 certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
117
118 ResponseData ::= SEQUENCE {
119 version [0] EXPLICIT Version DEFAULT v1,
120 responderID ResponderID,
121 producedAt GeneralizedTime,
122 responses SEQUENCE OF SingleResponse,
123 responseExtensions [1] EXPLICIT Extensions OPTIONAL }
124
125 ResponderID ::= CHOICE {
126 byName [1] Name, --EXPLICIT
127 byKey [2] KeyHash }
128
129 KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
130 --(excluding the tag and length fields)
131
132 SingleResponse ::= SEQUENCE {
133 certID CertID,
134 certStatus CertStatus,
135 thisUpdate GeneralizedTime,
136 nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
137 singleExtensions [1] EXPLICIT Extensions OPTIONAL }
138
139 CertStatus ::= CHOICE {
140 good [0] IMPLICIT NULL,
141 revoked [1] IMPLICIT RevokedInfo,
142 unknown [2] IMPLICIT UnknownInfo }
143
144 RevokedInfo ::= SEQUENCE {
145 revocationTime GeneralizedTime,
146 revocationReason [0] EXPLICIT CRLReason OPTIONAL }
147
148 UnknownInfo ::= NULL -- this can be replaced with an enumeration
149
150 ArchiveCutoff ::= GeneralizedTime
151
152 AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
153
154 ServiceLocator ::= SEQUENCE {
155 issuer Name,
156 locator AuthorityInfoAccessSyntax }
157
158 -- Object Identifiers
159
160 id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
161 id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
162 id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
163 id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
164 id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
165 id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
166 id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
167 id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
168 id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
169
170*/
171
172/* Request Structures */
173
174DECLARE_STACK_OF(Request)
175
176typedef struct {
177 ASN1_INTEGER *version;
178 GENERAL_NAME *requestorName;
179 STACK_OF(Request) *requestList;
180 STACK_OF(X509_EXTENSION) *requestExtensions;
181} TBSRequest;
182
183typedef struct {
184 X509_ALGOR *signatureAlgorithm;
185 ASN1_BIT_STRING *signature;
186 STACK_OF(X509) *certs;
187} Signature;
188
189typedef struct {
190 TBSRequest *tbsRequest;
191 Signature *optionalSignature;
192} OCSPRequest;
193
194typedef struct {
195 X509_ALGOR *hashAlgorithm;
196 ASN1_OCTET_STRING *issuerNameHash;
197 ASN1_OCTET_STRING *issuerKeyHash;
198 ASN1_INTEGER *certificateSerialNumber;
199} CertID;
200
201typedef struct {
202 CertID *reqCert;
203 STACK_OF(X509_EXTENSION) *singleRequestExtensions;
204} Request;
205
206/* Response structures */
207
208typedef struct {
209 ASN1_OBJECT *responseType;
210 ASN1_OCTET_STRING *response;
211} ResponseBytes;
212
213typedef struct {
214 ASN1_ENUMERATED *responseStatus;
215 ResponseBytes *responseBytes;
216} OCSPResponse;
217
218typedef struct {
219 int type;
220 union {
221 X509_NAME *byName;
222 ASN1_OCTET_STRING *byKey;
223 }d;
224} ResponderID;
225
226typedef struct {
227 ASN1_INTEGER *version;
228 ResponderID *responderID;
229 ASN1_GENERALIZEDTIME *producedAt;
230 STACK_OF(SingleResponse) *responses;
231 STACK_OF(X509_EXTENSION) *responseExtensions;
232} ResponseData;
233
234typedef struct {
235 ResponseData *tbsResponseData;
236 X509_ALGOR *signatureAlgorithm;
237 ASN1_BIT_STRING *signature;
238 STACK_OF(X509) *certs;
239} BasicOCSPResponse;
240
241typedef struct {
242 ASN1_GENERALIZEDTIME *revocationTime;
243 ASN1_ENUMERATED * revocationReason;
244} RevokedInfo;
245
246typedef struct {
247 int type;
248 union {
249 ASN1_NULL *good;
250 RevokedInfo *revoked;
251 ASN1_NULL *unknown;
252 } d;
253} CertStatus;
254
255typedef struct {
256 CertID *certID;
257 CertStatus *certStatus;
258 ASN1_GENERALIZEDTIME *thisUpdate;
259 ASN1_GENERALIZEDTIME *nextUpdate;
260 STACK_OF(X509_EXTENSION) *singleExtensions;
261} SingleResponse;
262
263
264typedef struct {
265 X509_NAME *issuer;
266 STACK_OF(ACCESS_DESCRIPTION) *locator;
267} ServiceLocator;
268
269
270/* Now the ASN1 templates */
271
272IMPLEMENT_COMPAT_ASN1(X509);
273IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
274//IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
275IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
276IMPLEMENT_COMPAT_ASN1(X509_NAME);
277
278ASN1_SEQUENCE(X509_EXTENSION) = {
279 ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
280 ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
281 ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
282} ASN1_SEQUENCE_END(X509_EXTENSION);
283
284
285ASN1_SEQUENCE(Signature) = {
286 ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
287 ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
288 ASN1_SEQUENCE_OF(Signature, certs, X509)
289} ASN1_SEQUENCE_END(Signature);
290
291ASN1_SEQUENCE(CertID) = {
292 ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
293 ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
294 ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
295 ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
296} ASN1_SEQUENCE_END(CertID);
297
298ASN1_SEQUENCE(Request) = {
299 ASN1_SIMPLE(Request, reqCert, CertID),
300 ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
301} ASN1_SEQUENCE_END(Request);
302
303ASN1_SEQUENCE(TBSRequest) = {
304 ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
305 ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
306 ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
307 ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
308} ASN1_SEQUENCE_END(TBSRequest);
309
310ASN1_SEQUENCE(OCSPRequest) = {
311 ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
312 ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
313} ASN1_SEQUENCE_END(OCSPRequest);
314
315
316/* Response templates */
317
318ASN1_SEQUENCE(ResponseBytes) = {
319 ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
320 ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
321} ASN1_SEQUENCE_END(ResponseBytes);
322
323ASN1_SEQUENCE(OCSPResponse) = {
324 ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
325 ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
326} ASN1_SEQUENCE_END(OCSPResponse);
327
328ASN1_CHOICE(ResponderID) = {
329 ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
330 ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
331} ASN1_CHOICE_END(ResponderID);
332
333ASN1_SEQUENCE(RevokedInfo) = {
334 ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
335 ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
336} ASN1_SEQUENCE_END(RevokedInfo);
337
338ASN1_CHOICE(CertStatus) = {
339 ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
340 ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
341 ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
342} ASN1_CHOICE_END(CertStatus);
343
344ASN1_SEQUENCE(SingleResponse) = {
345 ASN1_SIMPLE(SingleResponse, certID, CertID),
346 ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
347 ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
348 ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
349 ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
350} ASN1_SEQUENCE_END(SingleResponse);
351
352ASN1_SEQUENCE(ResponseData) = {
353 ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
354 ASN1_SIMPLE(ResponseData, responderID, ResponderID),
355 ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
356 ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
357 ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
358} ASN1_SEQUENCE_END(ResponseData);
359
360ASN1_SEQUENCE(BasicOCSPResponse) = {
361 ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
362 ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
363 ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
364 ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
365} ASN1_SEQUENCE_END(BasicOCSPResponse);
366
diff --git a/src/lib/libssl/src/demos/b64.c b/src/lib/libssl/src/demos/b64.c
deleted file mode 100644
index efdd44457d..0000000000
--- a/src/lib/libssl/src/demos/b64.c
+++ /dev/null
@@ -1,268 +0,0 @@
1/* demos/b64.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include "../apps/apps.h"
63#include <openssl/buffer.h>
64#include <openssl/err.h>
65#include <openssl/evp.h>
66#include <openssl/objects.h>
67#include <openssl/x509.h>
68#include <openssl/pem.h>
69
70#undef SIZE
71#undef BSIZE
72#undef PROG
73
74#define SIZE (512)
75#define BSIZE (8*1024)
76#define PROG enc_main
77
78int main(argc,argv)
79int argc;
80char **argv;
81 {
82 char *strbuf=NULL;
83 unsigned char *buff=NULL,*bufsize=NULL;
84 int bsize=BSIZE,verbose=0;
85 int ret=1,inl;
86 char *str=NULL;
87 char *hkey=NULL,*hiv=NULL;
88 int enc=1,printkey=0,i,base64=0;
89 int debug=0;
90 EVP_CIPHER *cipher=NULL,*c;
91 char *inf=NULL,*outf=NULL;
92 BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
93#define PROG_NAME_SIZE 39
94
95
96 apps_startup();
97
98 if (bio_err == NULL)
99 if ((bio_err=BIO_new(BIO_s_file())) != NULL)
100 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
101
102 base64=1;
103
104 argc--;
105 argv++;
106 while (argc >= 1)
107 {
108 if (strcmp(*argv,"-e") == 0)
109 enc=1;
110 if (strcmp(*argv,"-in") == 0)
111 {
112 if (--argc < 1) goto bad;
113 inf= *(++argv);
114 }
115 else if (strcmp(*argv,"-out") == 0)
116 {
117 if (--argc < 1) goto bad;
118 outf= *(++argv);
119 }
120 else if (strcmp(*argv,"-d") == 0)
121 enc=0;
122 else if (strcmp(*argv,"-v") == 0)
123 verbose=1;
124 else if (strcmp(*argv,"-debug") == 0)
125 debug=1;
126 else if (strcmp(*argv,"-bufsize") == 0)
127 {
128 if (--argc < 1) goto bad;
129 bufsize=(unsigned char *)*(++argv);
130 }
131 else
132 {
133 BIO_printf(bio_err,"unknown option '%s'\n",*argv);
134bad:
135 BIO_printf(bio_err,"options are\n");
136 BIO_printf(bio_err,"%-14s input file\n","-in <file>");
137 BIO_printf(bio_err,"%-14s output file\n","-out <file>");
138 BIO_printf(bio_err,"%-14s encode\n","-e");
139 BIO_printf(bio_err,"%-14s decode\n","-d");
140 BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
141
142 goto end;
143 }
144 argc--;
145 argv++;
146 }
147
148 if (bufsize != NULL)
149 {
150 int i;
151 unsigned long n;
152
153 for (n=0; *bufsize; bufsize++)
154 {
155 i= *bufsize;
156 if ((i <= '9') && (i >= '0'))
157 n=n*10+i-'0';
158 else if (i == 'k')
159 {
160 n*=1024;
161 bufsize++;
162 break;
163 }
164 }
165 if (*bufsize != '\0')
166 {
167 BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
168 goto end;
169 }
170
171 /* It must be large enough for a base64 encoded line */
172 if (n < 80) n=80;
173
174 bsize=(int)n;
175 if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
176 }
177
178 strbuf=OPENSSL_malloc(SIZE);
179 buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
180 if ((buff == NULL) || (strbuf == NULL))
181 {
182 BIO_printf(bio_err,"OPENSSL_malloc failure\n");
183 goto end;
184 }
185
186 in=BIO_new(BIO_s_file());
187 out=BIO_new(BIO_s_file());
188 if ((in == NULL) || (out == NULL))
189 {
190 ERR_print_errors(bio_err);
191 goto end;
192 }
193 if (debug)
194 {
195 BIO_set_callback(in,BIO_debug_callback);
196 BIO_set_callback(out,BIO_debug_callback);
197 BIO_set_callback_arg(in,bio_err);
198 BIO_set_callback_arg(out,bio_err);
199 }
200
201 if (inf == NULL)
202 BIO_set_fp(in,stdin,BIO_NOCLOSE);
203 else
204 {
205 if (BIO_read_filename(in,inf) <= 0)
206 {
207 perror(inf);
208 goto end;
209 }
210 }
211
212 if (outf == NULL)
213 BIO_set_fp(out,stdout,BIO_NOCLOSE);
214 else
215 {
216 if (BIO_write_filename(out,outf) <= 0)
217 {
218 perror(outf);
219 goto end;
220 }
221 }
222
223 rbio=in;
224 wbio=out;
225
226 if (base64)
227 {
228 if ((b64=BIO_new(BIO_f_base64())) == NULL)
229 goto end;
230 if (debug)
231 {
232 BIO_set_callback(b64,BIO_debug_callback);
233 BIO_set_callback_arg(b64,bio_err);
234 }
235 if (enc)
236 wbio=BIO_push(b64,wbio);
237 else
238 rbio=BIO_push(b64,rbio);
239 }
240
241 for (;;)
242 {
243 inl=BIO_read(rbio,(char *)buff,bsize);
244 if (inl <= 0) break;
245 if (BIO_write(wbio,(char *)buff,inl) != inl)
246 {
247 BIO_printf(bio_err,"error writing output file\n");
248 goto end;
249 }
250 }
251 BIO_flush(wbio);
252
253 ret=0;
254 if (verbose)
255 {
256 BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
257 BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
258 }
259end:
260 if (strbuf != NULL) OPENSSL_free(strbuf);
261 if (buff != NULL) OPENSSL_free(buff);
262 if (in != NULL) BIO_free(in);
263 if (out != NULL) BIO_free(out);
264 if (benc != NULL) BIO_free(benc);
265 if (b64 != NULL) BIO_free(b64);
266 EXIT(ret);
267 }
268
diff --git a/src/lib/libssl/src/demos/b64.pl b/src/lib/libssl/src/demos/b64.pl
deleted file mode 100644
index 8aa5fb464d..0000000000
--- a/src/lib/libssl/src/demos/b64.pl
+++ /dev/null
@@ -1,20 +0,0 @@
1#!/usr/local/bin/perl
2
3#
4# Make PEM encoded data have lines of 64 bytes of data
5#
6
7while (<>)
8 {
9 if (/^-----BEGIN/ .. /^-----END/)
10 {
11 if (/^-----BEGIN/) { $first=$_; next; }
12 if (/^-----END/) { $last=$_; next; }
13 $out.=$_;
14 }
15 }
16$out =~ s/\s//g;
17$out =~ s/(.{64})/$1\n/g;
18print "$first$out\n$last\n";
19
20
diff --git a/src/lib/libssl/src/demos/bio/Makefile b/src/lib/libssl/src/demos/bio/Makefile
deleted file mode 100644
index 4351540532..0000000000
--- a/src/lib/libssl/src/demos/bio/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
1CC=cc
2CFLAGS= -g -I../../include
3LIBS= -L../.. ../../libssl.a ../../libcrypto.a
4EXAMPLES=saccept sconnect
5
6all: $(EXAMPLES)
7
8saccept: saccept.o
9 $(CC) -o saccept saccept.o $(LIBS)
10
11sconnect: sconnect.o
12 $(CC) -o sconnect sconnect.o $(LIBS)
13
14clean:
15 rm -f $(EXAMPLES) *.o
16
diff --git a/src/lib/libssl/src/demos/bio/README b/src/lib/libssl/src/demos/bio/README
deleted file mode 100644
index 0b24e5b80c..0000000000
--- a/src/lib/libssl/src/demos/bio/README
+++ /dev/null
@@ -1,3 +0,0 @@
1This directory contains some simple examples of the use of BIO's
2to simplify socket programming.
3
diff --git a/src/lib/libssl/src/demos/bio/saccept.c b/src/lib/libssl/src/demos/bio/saccept.c
deleted file mode 100644
index 40cd4daad2..0000000000
--- a/src/lib/libssl/src/demos/bio/saccept.c
+++ /dev/null
@@ -1,112 +0,0 @@
1/* NOCW */
2/* demos/bio/saccept.c */
3
4/* A minimal program to server an SSL connection.
5 * It uses blocking.
6 * saccept host:port
7 * host is the interface IP to use. If any interface, use *:port
8 * The default it *:4433
9 *
10 * cc -I../../include saccept.c -L../.. -lssl -lcrypto
11 */
12
13#include <stdio.h>
14#include <signal.h>
15#include <openssl/err.h>
16#include <openssl/ssl.h>
17
18#define CERT_FILE "server.pem"
19
20BIO *in=NULL;
21
22void close_up()
23 {
24 if (in != NULL)
25 BIO_free(in);
26 }
27
28int main(argc,argv)
29int argc;
30char *argv[];
31 {
32 char *port=NULL;
33 BIO *ssl_bio,*tmp;
34 SSL_CTX *ctx;
35 SSL *ssl;
36 char buf[512];
37 int ret=1,i;
38
39 if (argc <= 1)
40 port="*:4433";
41 else
42 port=argv[1];
43
44 signal(SIGINT,close_up);
45
46 SSL_load_error_strings();
47
48#ifdef WATT32
49 dbug_init();
50 sock_init();
51#endif
52
53 /* Add ciphers and message digests */
54 OpenSSL_add_ssl_algorithms();
55
56 ctx=SSL_CTX_new(SSLv23_server_method());
57 if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
58 goto err;
59 if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
60 goto err;
61 if (!SSL_CTX_check_private_key(ctx))
62 goto err;
63
64 /* Setup server side SSL bio */
65 ssl=SSL_new(ctx);
66 ssl_bio=BIO_new_ssl(ctx,0);
67
68 if ((in=BIO_new_accept(port)) == NULL) goto err;
69
70 /* This means that when a new connection is acceptede on 'in',
71 * The ssl_bio will be 'dupilcated' and have the new socket
72 * BIO push into it. Basically it means the SSL BIO will be
73 * automatically setup */
74 BIO_set_accept_bios(in,ssl_bio);
75
76again:
77 /* The first call will setup the accept socket, and the second
78 * will get a socket. In this loop, the first actual accept
79 * will occur in the BIO_read() function. */
80
81 if (BIO_do_accept(in) <= 0) goto err;
82
83 for (;;)
84 {
85 i=BIO_read(in,buf,512);
86 if (i == 0)
87 {
88 /* If we have finished, remove the underlying
89 * BIO stack so the next time we call any function
90 * for this BIO, it will attempt to do an
91 * accept */
92 printf("Done\n");
93 tmp=BIO_pop(in);
94 BIO_free_all(tmp);
95 goto again;
96 }
97 if (i < 0) goto err;
98 fwrite(buf,1,i,stdout);
99 fflush(stdout);
100 }
101
102 ret=0;
103err:
104 if (ret)
105 {
106 ERR_print_errors_fp(stderr);
107 }
108 if (in != NULL) BIO_free(in);
109 exit(ret);
110 return(!ret);
111 }
112
diff --git a/src/lib/libssl/src/demos/bio/sconnect.c b/src/lib/libssl/src/demos/bio/sconnect.c
deleted file mode 100644
index 880344eb78..0000000000
--- a/src/lib/libssl/src/demos/bio/sconnect.c
+++ /dev/null
@@ -1,121 +0,0 @@
1/* NOCW */
2/* demos/bio/sconnect.c */
3
4/* A minimal program to do SSL to a passed host and port.
5 * It is actually using non-blocking IO but in a very simple manner
6 * sconnect host:port - it does a 'GET / HTTP/1.0'
7 *
8 * cc -I../../include sconnect.c -L../.. -lssl -lcrypto
9 */
10#include <stdio.h>
11#include <stdlib.h>
12#include <unistd.h>
13#include <openssl/err.h>
14#include <openssl/ssl.h>
15
16extern int errno;
17
18int main(argc,argv)
19int argc;
20char *argv[];
21 {
22 char *host;
23 BIO *out;
24 char buf[1024*10],*p;
25 SSL_CTX *ssl_ctx=NULL;
26 SSL *ssl;
27 BIO *ssl_bio;
28 int i,len,off,ret=1;
29
30 if (argc <= 1)
31 host="localhost:4433";
32 else
33 host=argv[1];
34
35#ifdef WATT32
36 dbug_init();
37 sock_init();
38#endif
39
40 /* Lets get nice error messages */
41 SSL_load_error_strings();
42
43 /* Setup all the global SSL stuff */
44 OpenSSL_add_ssl_algorithms();
45 ssl_ctx=SSL_CTX_new(SSLv23_client_method());
46
47 /* Lets make a SSL structure */
48 ssl=SSL_new(ssl_ctx);
49 SSL_set_connect_state(ssl);
50
51 /* Use it inside an SSL BIO */
52 ssl_bio=BIO_new(BIO_f_ssl());
53 BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
54
55 /* Lets use a connect BIO under the SSL BIO */
56 out=BIO_new(BIO_s_connect());
57 BIO_set_conn_hostname(out,host);
58 BIO_set_nbio(out,1);
59 out=BIO_push(ssl_bio,out);
60
61 p="GET / HTTP/1.0\r\n\r\n";
62 len=strlen(p);
63
64 off=0;
65 for (;;)
66 {
67 i=BIO_write(out,&(p[off]),len);
68 if (i <= 0)
69 {
70 if (BIO_should_retry(out))
71 {
72 fprintf(stderr,"write DELAY\n");
73 sleep(1);
74 continue;
75 }
76 else
77 {
78 goto err;
79 }
80 }
81 off+=i;
82 len-=i;
83 if (len <= 0) break;
84 }
85
86 for (;;)
87 {
88 i=BIO_read(out,buf,sizeof(buf));
89 if (i == 0) break;
90 if (i < 0)
91 {
92 if (BIO_should_retry(out))
93 {
94 fprintf(stderr,"read DELAY\n");
95 sleep(1);
96 continue;
97 }
98 goto err;
99 }
100 fwrite(buf,1,i,stdout);
101 }
102
103 ret=1;
104
105 if (0)
106 {
107err:
108 if (ERR_peek_error() == 0) /* system call error */
109 {
110 fprintf(stderr,"errno=%d ",errno);
111 perror("error");
112 }
113 else
114 ERR_print_errors_fp(stderr);
115 }
116 BIO_free_all(out);
117 if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx);
118 exit(!ret);
119 return(ret);
120 }
121
diff --git a/src/lib/libssl/src/demos/bio/server.pem b/src/lib/libssl/src/demos/bio/server.pem
deleted file mode 100644
index 5cf1387d65..0000000000
--- a/src/lib/libssl/src/demos/bio/server.pem
+++ /dev/null
@@ -1,30 +0,0 @@
1subject=/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
2issuer= /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
3-----BEGIN X509 CERTIFICATE-----
4
5MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
6BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
7MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
8RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
9BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
10LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
11/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
12DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
13IMs6ZOZB
14-----END X509 CERTIFICATE-----
15-----BEGIN RSA PRIVATE KEY-----
16
17MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
18Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
19hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
20sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
21tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
22agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
23g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
24-----END RSA PRIVATE KEY-----
25
26-----BEGIN DH PARAMETERS-----
27MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
28a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
29-----END DH PARAMETERS-----
30
diff --git a/src/lib/libssl/src/demos/cms/cacert.pem b/src/lib/libssl/src/demos/cms/cacert.pem
deleted file mode 100644
index 75cbb347aa..0000000000
--- a/src/lib/libssl/src/demos/cms/cacert.pem
+++ /dev/null
@@ -1,18 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
3BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
4dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3
5WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD
6aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN
7RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz
8i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR
9ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT
10jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx
11CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B
12SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD
13VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB
14ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc
15G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo
16u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF
171je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw==
18-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/demos/cms/cakey.pem b/src/lib/libssl/src/demos/cms/cakey.pem
deleted file mode 100644
index 3b53c5e817..0000000000
--- a/src/lib/libssl/src/demos/cms/cakey.pem
+++ /dev/null
@@ -1,15 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd
3c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3
4dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB
5AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5
6HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs
7tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS
8rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18
99R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u
10jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is
11uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU
12+VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP
13wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW
148nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg==
15-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/cms/cms_comp.c b/src/lib/libssl/src/demos/cms/cms_comp.c
deleted file mode 100644
index 01bf092546..0000000000
--- a/src/lib/libssl/src/demos/cms/cms_comp.c
+++ /dev/null
@@ -1,61 +0,0 @@
1/* Simple S/MIME compress example */
2#include <openssl/pem.h>
3#include <openssl/cms.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL;
9 CMS_ContentInfo *cms = NULL;
10 int ret = 1;
11
12 /*
13 * On OpenSSL 1.0.0+ only:
14 * for streaming set CMS_STREAM
15 */
16 int flags = CMS_STREAM;
17
18 OpenSSL_add_all_algorithms();
19 ERR_load_crypto_strings();
20
21 /* Open content being compressed */
22
23 in = BIO_new_file("comp.txt", "r");
24
25 if (!in)
26 goto err;
27
28 /* compress content */
29 cms = CMS_compress(in, NID_zlib_compression, flags);
30
31 if (!cms)
32 goto err;
33
34 out = BIO_new_file("smcomp.txt", "w");
35 if (!out)
36 goto err;
37
38 /* Write out S/MIME message */
39 if (!SMIME_write_CMS(out, cms, in, flags))
40 goto err;
41
42 ret = 0;
43
44 err:
45
46 if (ret)
47 {
48 fprintf(stderr, "Error Compressing Data\n");
49 ERR_print_errors_fp(stderr);
50 }
51
52 if (cms)
53 CMS_ContentInfo_free(cms);
54 if (in)
55 BIO_free(in);
56 if (out)
57 BIO_free(out);
58
59 return ret;
60
61 }
diff --git a/src/lib/libssl/src/demos/cms/cms_ddec.c b/src/lib/libssl/src/demos/cms/cms_ddec.c
deleted file mode 100644
index ba68cfdf76..0000000000
--- a/src/lib/libssl/src/demos/cms/cms_ddec.c
+++ /dev/null
@@ -1,89 +0,0 @@
1/* S/MIME detached data decrypt example: rarely done but
2 * should the need arise this is an example....
3 */
4#include <openssl/pem.h>
5#include <openssl/cms.h>
6#include <openssl/err.h>
7
8int main(int argc, char **argv)
9 {
10 BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL;
11 X509 *rcert = NULL;
12 EVP_PKEY *rkey = NULL;
13 CMS_ContentInfo *cms = NULL;
14 int ret = 1;
15
16 OpenSSL_add_all_algorithms();
17 ERR_load_crypto_strings();
18
19 /* Read in recipient certificate and private key */
20 tbio = BIO_new_file("signer.pem", "r");
21
22 if (!tbio)
23 goto err;
24
25 rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
26
27 BIO_reset(tbio);
28
29 rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
30
31 if (!rcert || !rkey)
32 goto err;
33
34 /* Open PEM file containing enveloped data */
35
36 in = BIO_new_file("smencr.pem", "r");
37
38 if (!in)
39 goto err;
40
41 /* Parse PEM content */
42 cms = PEM_read_bio_CMS(in, NULL, 0, NULL);
43
44 if (!cms)
45 goto err;
46
47 /* Open file containing detached content */
48 dcont = BIO_new_file("smencr.out", "rb");
49
50 if (!in)
51 goto err;
52
53 out = BIO_new_file("encrout.txt", "w");
54 if (!out)
55 goto err;
56
57 /* Decrypt S/MIME message */
58 if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0))
59 goto err;
60
61 ret = 0;
62
63 err:
64
65 if (ret)
66 {
67 fprintf(stderr, "Error Decrypting Data\n");
68 ERR_print_errors_fp(stderr);
69 }
70
71 if (cms)
72 CMS_ContentInfo_free(cms);
73 if (rcert)
74 X509_free(rcert);
75 if (rkey)
76 EVP_PKEY_free(rkey);
77
78 if (in)
79 BIO_free(in);
80 if (out)
81 BIO_free(out);
82 if (tbio)
83 BIO_free(tbio);
84 if (dcont)
85 BIO_free(dcont);
86
87 return ret;
88
89 }
diff --git a/src/lib/libssl/src/demos/cms/cms_dec.c b/src/lib/libssl/src/demos/cms/cms_dec.c
deleted file mode 100644
index 9fee0a3ebf..0000000000
--- a/src/lib/libssl/src/demos/cms/cms_dec.c
+++ /dev/null
@@ -1,79 +0,0 @@
1/* Simple S/MIME decryption example */
2#include <openssl/pem.h>
3#include <openssl/cms.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL, *tbio = NULL;
9 X509 *rcert = NULL;
10 EVP_PKEY *rkey = NULL;
11 CMS_ContentInfo *cms = NULL;
12 int ret = 1;
13
14 OpenSSL_add_all_algorithms();
15 ERR_load_crypto_strings();
16
17 /* Read in recipient certificate and private key */
18 tbio = BIO_new_file("signer.pem", "r");
19
20 if (!tbio)
21 goto err;
22
23 rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
24
25 BIO_reset(tbio);
26
27 rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
28
29 if (!rcert || !rkey)
30 goto err;
31
32 /* Open S/MIME message to decrypt */
33
34 in = BIO_new_file("smencr.txt", "r");
35
36 if (!in)
37 goto err;
38
39 /* Parse message */
40 cms = SMIME_read_CMS(in, NULL);
41
42 if (!cms)
43 goto err;
44
45 out = BIO_new_file("decout.txt", "w");
46 if (!out)
47 goto err;
48
49 /* Decrypt S/MIME message */
50 if (!CMS_decrypt(cms, rkey, rcert, NULL, out, 0))
51 goto err;
52
53 ret = 0;
54
55 err:
56
57 if (ret)
58 {
59 fprintf(stderr, "Error Decrypting Data\n");
60 ERR_print_errors_fp(stderr);
61 }
62
63 if (cms)
64 CMS_ContentInfo_free(cms);
65 if (rcert)
66 X509_free(rcert);
67 if (rkey)
68 EVP_PKEY_free(rkey);
69
70 if (in)
71 BIO_free(in);
72 if (out)
73 BIO_free(out);
74 if (tbio)
75 BIO_free(tbio);
76
77 return ret;
78
79 }
diff --git a/src/lib/libssl/src/demos/cms/cms_denc.c b/src/lib/libssl/src/demos/cms/cms_denc.c
deleted file mode 100644
index 9265e47bf9..0000000000
--- a/src/lib/libssl/src/demos/cms/cms_denc.c
+++ /dev/null
@@ -1,97 +0,0 @@
1/* S/MIME detached data encrypt example: rarely done but
2 * should the need arise this is an example....
3 */
4#include <openssl/pem.h>
5#include <openssl/cms.h>
6#include <openssl/err.h>
7
8int main(int argc, char **argv)
9 {
10 BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL;
11 X509 *rcert = NULL;
12 STACK_OF(X509) *recips = NULL;
13 CMS_ContentInfo *cms = NULL;
14 int ret = 1;
15
16 int flags = CMS_STREAM|CMS_DETACHED;
17
18 OpenSSL_add_all_algorithms();
19 ERR_load_crypto_strings();
20
21 /* Read in recipient certificate */
22 tbio = BIO_new_file("signer.pem", "r");
23
24 if (!tbio)
25 goto err;
26
27 rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
28
29 if (!rcert)
30 goto err;
31
32 /* Create recipient STACK and add recipient cert to it */
33 recips = sk_X509_new_null();
34
35 if (!recips || !sk_X509_push(recips, rcert))
36 goto err;
37
38 /* sk_X509_pop_free will free up recipient STACK and its contents
39 * so set rcert to NULL so it isn't freed up twice.
40 */
41 rcert = NULL;
42
43 /* Open content being encrypted */
44
45 in = BIO_new_file("encr.txt", "r");
46
47 dout = BIO_new_file("smencr.out", "wb");
48
49 if (!in)
50 goto err;
51
52 /* encrypt content */
53 cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
54
55 if (!cms)
56 goto err;
57
58 out = BIO_new_file("smencr.pem", "w");
59 if (!out)
60 goto err;
61
62 if (!CMS_final(cms, in, dout, flags))
63 goto err;
64
65 /* Write out CMS structure without content */
66 if (!PEM_write_bio_CMS(out, cms))
67 goto err;
68
69 ret = 0;
70
71 err:
72
73 if (ret)
74 {
75 fprintf(stderr, "Error Encrypting Data\n");
76 ERR_print_errors_fp(stderr);
77 }
78
79 if (cms)
80 CMS_ContentInfo_free(cms);
81 if (rcert)
82 X509_free(rcert);
83 if (recips)
84 sk_X509_pop_free(recips, X509_free);
85
86 if (in)
87 BIO_free(in);
88 if (out)
89 BIO_free(out);
90 if (dout)
91 BIO_free(dout);
92 if (tbio)
93 BIO_free(tbio);
94
95 return ret;
96
97 }
diff --git a/src/lib/libssl/src/demos/cms/cms_enc.c b/src/lib/libssl/src/demos/cms/cms_enc.c
deleted file mode 100644
index 916b479d3c..0000000000
--- a/src/lib/libssl/src/demos/cms/cms_enc.c
+++ /dev/null
@@ -1,92 +0,0 @@
1/* Simple S/MIME encrypt example */
2#include <openssl/pem.h>
3#include <openssl/cms.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL, *tbio = NULL;
9 X509 *rcert = NULL;
10 STACK_OF(X509) *recips = NULL;
11 CMS_ContentInfo *cms = NULL;
12 int ret = 1;
13
14 /*
15 * On OpenSSL 1.0.0 and later only:
16 * for streaming set CMS_STREAM
17 */
18 int flags = CMS_STREAM;
19
20 OpenSSL_add_all_algorithms();
21 ERR_load_crypto_strings();
22
23 /* Read in recipient certificate */
24 tbio = BIO_new_file("signer.pem", "r");
25
26 if (!tbio)
27 goto err;
28
29 rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
30
31 if (!rcert)
32 goto err;
33
34 /* Create recipient STACK and add recipient cert to it */
35 recips = sk_X509_new_null();
36
37 if (!recips || !sk_X509_push(recips, rcert))
38 goto err;
39
40 /* sk_X509_pop_free will free up recipient STACK and its contents
41 * so set rcert to NULL so it isn't freed up twice.
42 */
43 rcert = NULL;
44
45 /* Open content being encrypted */
46
47 in = BIO_new_file("encr.txt", "r");
48
49 if (!in)
50 goto err;
51
52 /* encrypt content */
53 cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
54
55 if (!cms)
56 goto err;
57
58 out = BIO_new_file("smencr.txt", "w");
59 if (!out)
60 goto err;
61
62 /* Write out S/MIME message */
63 if (!SMIME_write_CMS(out, cms, in, flags))
64 goto err;
65
66 ret = 0;
67
68 err:
69
70 if (ret)
71 {
72 fprintf(stderr, "Error Encrypting Data\n");
73 ERR_print_errors_fp(stderr);
74 }
75
76 if (cms)
77 CMS_ContentInfo_free(cms);
78 if (rcert)
79 X509_free(rcert);
80 if (recips)
81 sk_X509_pop_free(recips, X509_free);
82
83 if (in)
84 BIO_free(in);
85 if (out)
86 BIO_free(out);
87 if (tbio)
88 BIO_free(tbio);
89
90 return ret;
91
92 }
diff --git a/src/lib/libssl/src/demos/cms/cms_sign.c b/src/lib/libssl/src/demos/cms/cms_sign.c
deleted file mode 100644
index 6823c34a0e..0000000000
--- a/src/lib/libssl/src/demos/cms/cms_sign.c
+++ /dev/null
@@ -1,89 +0,0 @@
1/* Simple S/MIME signing example */
2#include <openssl/pem.h>
3#include <openssl/cms.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL, *tbio = NULL;
9 X509 *scert = NULL;
10 EVP_PKEY *skey = NULL;
11 CMS_ContentInfo *cms = NULL;
12 int ret = 1;
13
14 /* For simple S/MIME signing use CMS_DETACHED.
15 * On OpenSSL 1.0.0 only:
16 * for streaming detached set CMS_DETACHED|CMS_STREAM
17 * for streaming non-detached set CMS_STREAM
18 */
19 int flags = CMS_DETACHED|CMS_STREAM;
20
21 OpenSSL_add_all_algorithms();
22 ERR_load_crypto_strings();
23
24 /* Read in signer certificate and private key */
25 tbio = BIO_new_file("signer.pem", "r");
26
27 if (!tbio)
28 goto err;
29
30 scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
31
32 BIO_reset(tbio);
33
34 skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
35
36 if (!scert || !skey)
37 goto err;
38
39 /* Open content being signed */
40
41 in = BIO_new_file("sign.txt", "r");
42
43 if (!in)
44 goto err;
45
46 /* Sign content */
47 cms = CMS_sign(scert, skey, NULL, in, flags);
48
49 if (!cms)
50 goto err;
51
52 out = BIO_new_file("smout.txt", "w");
53 if (!out)
54 goto err;
55
56 if (!(flags & CMS_STREAM))
57 BIO_reset(in);
58
59 /* Write out S/MIME message */
60 if (!SMIME_write_CMS(out, cms, in, flags))
61 goto err;
62
63 ret = 0;
64
65 err:
66
67 if (ret)
68 {
69 fprintf(stderr, "Error Signing Data\n");
70 ERR_print_errors_fp(stderr);
71 }
72
73 if (cms)
74 CMS_ContentInfo_free(cms);
75 if (scert)
76 X509_free(scert);
77 if (skey)
78 EVP_PKEY_free(skey);
79
80 if (in)
81 BIO_free(in);
82 if (out)
83 BIO_free(out);
84 if (tbio)
85 BIO_free(tbio);
86
87 return ret;
88
89 }
diff --git a/src/lib/libssl/src/demos/cms/cms_sign2.c b/src/lib/libssl/src/demos/cms/cms_sign2.c
deleted file mode 100644
index 36adee7304..0000000000
--- a/src/lib/libssl/src/demos/cms/cms_sign2.c
+++ /dev/null
@@ -1,103 +0,0 @@
1/* S/MIME signing example: 2 signers */
2#include <openssl/pem.h>
3#include <openssl/cms.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL, *tbio = NULL;
9 X509 *scert = NULL, *scert2 = NULL;
10 EVP_PKEY *skey = NULL, *skey2 = NULL;
11 CMS_ContentInfo *cms = NULL;
12 int ret = 1;
13
14 OpenSSL_add_all_algorithms();
15 ERR_load_crypto_strings();
16
17 tbio = BIO_new_file("signer.pem", "r");
18
19 if (!tbio)
20 goto err;
21
22 scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
23
24 BIO_reset(tbio);
25
26 skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
27
28 BIO_free(tbio);
29
30 tbio = BIO_new_file("signer2.pem", "r");
31
32 if (!tbio)
33 goto err;
34
35 scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
36
37 BIO_reset(tbio);
38
39 skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
40
41 if (!scert2 || !skey2)
42 goto err;
43
44 in = BIO_new_file("sign.txt", "r");
45
46 if (!in)
47 goto err;
48
49 cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM|CMS_PARTIAL);
50
51 if (!cms)
52 goto err;
53
54 /* Add each signer in turn */
55
56 if (!CMS_add1_signer(cms, scert, skey, NULL, 0))
57 goto err;
58
59 if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0))
60 goto err;
61
62 out = BIO_new_file("smout.txt", "w");
63 if (!out)
64 goto err;
65
66 /* NB: content included and finalized by SMIME_write_CMS */
67
68 if (!SMIME_write_CMS(out, cms, in, CMS_STREAM))
69 goto err;
70
71 ret = 0;
72
73 err:
74
75 if (ret)
76 {
77 fprintf(stderr, "Error Signing Data\n");
78 ERR_print_errors_fp(stderr);
79 }
80
81 if (cms)
82 CMS_ContentInfo_free(cms);
83
84 if (scert)
85 X509_free(scert);
86 if (skey)
87 EVP_PKEY_free(skey);
88
89 if (scert2)
90 X509_free(scert2);
91 if (skey)
92 EVP_PKEY_free(skey2);
93
94 if (in)
95 BIO_free(in);
96 if (out)
97 BIO_free(out);
98 if (tbio)
99 BIO_free(tbio);
100
101 return ret;
102
103 }
diff --git a/src/lib/libssl/src/demos/cms/cms_uncomp.c b/src/lib/libssl/src/demos/cms/cms_uncomp.c
deleted file mode 100644
index f15ae2f132..0000000000
--- a/src/lib/libssl/src/demos/cms/cms_uncomp.c
+++ /dev/null
@@ -1,56 +0,0 @@
1/* Simple S/MIME uncompression example */
2#include <openssl/pem.h>
3#include <openssl/cms.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL;
9 CMS_ContentInfo *cms = NULL;
10 int ret = 1;
11
12 OpenSSL_add_all_algorithms();
13 ERR_load_crypto_strings();
14
15 /* Open compressed content */
16
17 in = BIO_new_file("smcomp.txt", "r");
18
19 if (!in)
20 goto err;
21
22 /* Sign content */
23 cms = SMIME_read_CMS(in, NULL);
24
25 if (!cms)
26 goto err;
27
28 out = BIO_new_file("smuncomp.txt", "w");
29 if (!out)
30 goto err;
31
32 /* Uncompress S/MIME message */
33 if (!CMS_uncompress(cms, out, NULL, 0))
34 goto err;
35
36 ret = 0;
37
38 err:
39
40 if (ret)
41 {
42 fprintf(stderr, "Error Uncompressing Data\n");
43 ERR_print_errors_fp(stderr);
44 }
45
46 if (cms)
47 CMS_ContentInfo_free(cms);
48
49 if (in)
50 BIO_free(in);
51 if (out)
52 BIO_free(out);
53
54 return ret;
55
56 }
diff --git a/src/lib/libssl/src/demos/cms/cms_ver.c b/src/lib/libssl/src/demos/cms/cms_ver.c
deleted file mode 100644
index bf1145ed8b..0000000000
--- a/src/lib/libssl/src/demos/cms/cms_ver.c
+++ /dev/null
@@ -1,87 +0,0 @@
1/* Simple S/MIME verification example */
2#include <openssl/pem.h>
3#include <openssl/cms.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
9 X509_STORE *st = NULL;
10 X509 *cacert = NULL;
11 CMS_ContentInfo *cms = NULL;
12
13 int ret = 1;
14
15 OpenSSL_add_all_algorithms();
16 ERR_load_crypto_strings();
17
18 /* Set up trusted CA certificate store */
19
20 st = X509_STORE_new();
21
22 /* Read in CA certificate */
23 tbio = BIO_new_file("cacert.pem", "r");
24
25 if (!tbio)
26 goto err;
27
28 cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
29
30 if (!cacert)
31 goto err;
32
33 if (!X509_STORE_add_cert(st, cacert))
34 goto err;
35
36 /* Open message being verified */
37
38 in = BIO_new_file("smout.txt", "r");
39
40 if (!in)
41 goto err;
42
43 /* parse message */
44 cms = SMIME_read_CMS(in, &cont);
45
46 if (!cms)
47 goto err;
48
49 /* File to output verified content to */
50 out = BIO_new_file("smver.txt", "w");
51 if (!out)
52 goto err;
53
54 if (!CMS_verify(cms, NULL, st, cont, out, 0))
55 {
56 fprintf(stderr, "Verification Failure\n");
57 goto err;
58 }
59
60 fprintf(stderr, "Verification Successful\n");
61
62 ret = 0;
63
64 err:
65
66 if (ret)
67 {
68 fprintf(stderr, "Error Verifying Data\n");
69 ERR_print_errors_fp(stderr);
70 }
71
72 if (cms)
73 CMS_ContentInfo_free(cms);
74
75 if (cacert)
76 X509_free(cacert);
77
78 if (in)
79 BIO_free(in);
80 if (out)
81 BIO_free(out);
82 if (tbio)
83 BIO_free(tbio);
84
85 return ret;
86
87 }
diff --git a/src/lib/libssl/src/demos/cms/comp.txt b/src/lib/libssl/src/demos/cms/comp.txt
deleted file mode 100644
index 1672328e77..0000000000
--- a/src/lib/libssl/src/demos/cms/comp.txt
+++ /dev/null
@@ -1,22 +0,0 @@
1Content-type: text/plain
2
3Some Text To be Compressed
4Some Text To be Compressed
5Some Text To be Compressed
6Some Text To be Compressed
7Some Text To be Compressed
8Some Text To be Compressed
9Some Text To be Compressed
10Some Text To be Compressed
11Some Text To be Compressed
12Some Text To be Compressed
13Some Text To be Compressed
14Some Text To be Compressed
15Some Text To be Compressed
16Some Text To be Compressed
17Some Text To be Compressed
18Some Text To be Compressed
19Some Text To be Compressed
20Some Text To be Compressed
21Some Text To be Compressed
22Some Text To be Compressed
diff --git a/src/lib/libssl/src/demos/cms/encr.txt b/src/lib/libssl/src/demos/cms/encr.txt
deleted file mode 100644
index 0eceb407b5..0000000000
--- a/src/lib/libssl/src/demos/cms/encr.txt
+++ /dev/null
@@ -1,3 +0,0 @@
1Content-type: text/plain
2
3Sample OpenSSL Data for CMS encryption
diff --git a/src/lib/libssl/src/demos/cms/sign.txt b/src/lib/libssl/src/demos/cms/sign.txt
deleted file mode 100644
index c3f9d73d65..0000000000
--- a/src/lib/libssl/src/demos/cms/sign.txt
+++ /dev/null
@@ -1,3 +0,0 @@
1Content-type: text/plain
2
3Test OpenSSL CMS Signed Content
diff --git a/src/lib/libssl/src/demos/cms/signer.pem b/src/lib/libssl/src/demos/cms/signer.pem
deleted file mode 100644
index bac16ba963..0000000000
--- a/src/lib/libssl/src/demos/cms/signer.pem
+++ /dev/null
@@ -1,32 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
3BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
4dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
5WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
6TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
7bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
8jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
9ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
10gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
11AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
12BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
132lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
14MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
15+Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
16lDiQlgX0JtmLgA==
17-----END CERTIFICATE-----
18-----BEGIN RSA PRIVATE KEY-----
19MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
201I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
21Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
22AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
23mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
24wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
2504+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
26qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
27YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
28sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
294rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
307t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
31xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
32-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/cms/signer2.pem b/src/lib/libssl/src/demos/cms/signer2.pem
deleted file mode 100644
index 25e23d131a..0000000000
--- a/src/lib/libssl/src/demos/cms/signer2.pem
+++ /dev/null
@@ -1,32 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
3BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
4dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0
5WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
6TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl
7bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ
8jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW
9ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW
10GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
11AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
12BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
132lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X
14h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4
15aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR
162aX6rl2JEuJ5Yg==
17-----END CERTIFICATE-----
18-----BEGIN RSA PRIVATE KEY-----
19MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM
20nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f
21nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB
22AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF
236r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2
24CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf
25m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX
262m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr
27upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4
28ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL
29SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk
30gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX
31pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A=
32-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/easy_tls/Makefile b/src/lib/libssl/src/demos/easy_tls/Makefile
deleted file mode 100644
index ea457a4110..0000000000
--- a/src/lib/libssl/src/demos/easy_tls/Makefile
+++ /dev/null
@@ -1,123 +0,0 @@
1# Makefile for easy-tls example application (rudimentary client and server)
2# $Id: Makefile,v 1.5 2014/04/13 15:25:34 miod Exp $
3
4SOLARIS_CFLAGS=-Wall -pedantic -g -O2
5SOLARIS_LIBS=-lxnet
6
7LINUX_CFLAGS=-Wall -pedantic -g -O2
8LINUX_LIBS=
9
10
11auto-all:
12 case `uname -s` in \
13 SunOS) echo Using SunOS configuration; \
14 make SYSCFLAGS="$(SOLARIS_CFLAGS)" SYSLIBS="$(SOLARIS_LIBS)" all;; \
15 Linux) echo Using Linux configuration; \
16 make SYSCFLAGS="$(LINUX_CFLAGS)" SYSLIBS="$(LINUX_LIBS)" all;; \
17 *) echo "unknown system"; exit 1;; \
18 esac
19
20all: test TAGS
21
22# For adapting this Makefile to a different system, only the following
23# definitions should need customizing:
24
25OPENSSLDIR=../..
26CC=gcc
27
28SYSCFLAGS=whatever
29SYSLIBS=whatever
30
31
32#############################################################################
33#
34# SSLeay/OpenSSL imports
35#
36# OPENSSLDIR (set above) can be either the directory where OpenSSL is
37# installed or the directory where it was compiled.
38
39# We rely on having a new OpenSSL release where include files
40# have names like <openssl/ssl.h> (not just <ssl.h>).
41OPENSSLINCLUDES=-I$(OPENSSLDIR)/include
42
43# libcrypto.a and libssl.a are directly in $(OPENSSLDIR) if this is
44# the compile directory, or in $(OPENSSLDIR)/lib if we use an installed
45# library. With the following definition, we can handle either case.
46OPENSSLLIBS=-L$(OPENSSLDIR) -L$(OPENSSLDIR)/lib -lssl -lcrypto
47
48
49#############################################################################
50#
51# Stuff for handling the source files
52#
53
54SOURCES=easy-tls.c test.c
55HEADERS=easy-tls.h test.h
56DOCSandEXAMPLESetc=Makefile cert.pem cacerts.pem
57EVERYTHING=$(SOURCES) $(HEADERS) $(DOCSandEXAMPLESetc)
58
59ls: ls-l
60ls-l:
61 ls -l $(EVERYTHING)
62# For RCS:
63tag:
64 -rcs -n_`date +%y%m%d`: $(EVERYTHING)
65 rcs -nMYTAG $(EVERYTHING)
66 rcs -nMYTAG: $(EVERYTHING)
67diff:
68 -rcsdiff -rMYTAG -u $(EVERYTHING)
69today:
70 -rcsdiff -r_`date +%y%m%d` -u $(EVERYTHING)
71ident:
72 for a in $(EVERYTHING); do ident $$a; done
73
74# Distribution .tar:
75easy-tls.tar.gz: $(EVERYTHING)
76 tar cvf - $(EVERYTHING) | \
77 gzip -9 > easy-tls.tar.gz
78
79# Working .tar:
80tls.tgz: $(EVERYTHING)
81 tar cfv - `find . -type f -a ! -name '*.tgz' -a ! -name '*.tar.gz'` | \
82 gzip -9 > tls.tgz
83
84# For emacs:
85etags: TAGS
86TAGS: $(SOURCES) $(HEADERS)
87 -etags $(SOURCES) $(HEADERS)
88
89
90#############################################################################
91#
92# Compilation
93#
94# The following definitions are system dependent (and hence defined
95# at the beginning of this Makefile, where they are more easily found):
96
97### CC=gcc
98### SYSCFLAGS=-Wall -pedantic -g -O2
99### SYSLIBS=-lxnet
100
101EXTRACFLAGS=-DTLS_APP=\"test.h\"
102# EXTRACFLAGS=-DTLS_APP=\"test.h\" -DDEBUG_TLS
103
104#
105# The rest shouldn't need to be touched.
106#
107LDFLAGS=$(SYSLIBS) $(OPENSSLLIBS)
108INCLUDES=$(OPENSSLINCLUDES)
109CFLAGS=$(SYSCFLAGS) $(EXTRACFLAGS) $(INCLUDES)
110
111OBJS=easy-tls.o test.o
112
113clean:
114 @rm -f test
115 @rm -f TAGS
116 @rm -f *.o
117 @rm -f core
118
119test: $(OBJS)
120 $(CC) $(OBJS) $(LDFLAGS) -o test
121
122test.o: $(HEADERS)
123easy-tls.o: $(HEADERS)
diff --git a/src/lib/libssl/src/demos/easy_tls/README b/src/lib/libssl/src/demos/easy_tls/README
deleted file mode 100644
index 816a58009c..0000000000
--- a/src/lib/libssl/src/demos/easy_tls/README
+++ /dev/null
@@ -1,65 +0,0 @@
1easy_tls - generic SSL/TLS proxy
2========
3
4(... and example for non-blocking SSL/TLS I/O multiplexing.)
5
6
7 easy_tls.c, easy_tls.h:
8
9 Small generic SSL/TLS proxy library: With a few function calls,
10 an application socket will be replaced by a pipe handled by a
11 separate SSL/TLS proxy process. This allows easily adding
12 SSL/TLS support to many programs not originally designed for it.
13
14 [Actually easy_tls.c is not a proper library: Customization
15 requires defining preprocessor macros while compiling it.
16 This is quite confusing, so I'll probably change it.]
17
18 These files may be used under the OpenSSL license.
19
20
21
22 test.c, test.h, Makefile, cert.pem, cacerts.pem:
23
24 Rudimentary example program using the easy_tls library, and
25 example key and certificates for it. Usage examples:
26
27 $ ./test 8443 # create server listening at port 8443
28 $ ./test 127.0.0.1 8443 # create client, connect to port 8443
29 # at IP address 127.0.0.1
30
31 'test' will not automatically do SSL/TLS, or even read or write
32 data -- it must be told to do so on input lines starting
33 with a command letter. 'W' means write a line, 'R' means
34 read a line, 'C' means close the connection, 'T' means
35 start an SSL/TLS proxy. E.g. (user input tagged with '*'):
36
37 * R
38 <<< 220 mail.example.net
39 * WSTARTTLS
40 >>> STARTTLS
41 * R
42 <<< 220 Ready to start TLS
43 * T
44 test_process_init(fd = 3, client_p = 1, apparg = (nil))
45 +++ `E:self signed certificate in certificate chain'
46 +++ `<... certificate info ...>'
47 * WHELO localhost
48 >>> HELO localhost
49 R
50 <<< 250 mail.example.net
51
52 You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using
53 'T' multiple times. I have no idea why you would want to though.
54
55
56This code is rather old. When I find time I will update anything that
57should be changed, and improve code comments. To compile the sample
58program 'test' on platforms other then Linux or Solaris, you will have
59to edit the Makefile.
60
61As noted above, easy_tls.c will be changed to become a library one
62day, which means that future revisions will not be fully compatible to
63the current version.
64
65Bodo Möller <bodo@openssl.org>
diff --git a/src/lib/libssl/src/demos/easy_tls/cacerts.pem b/src/lib/libssl/src/demos/easy_tls/cacerts.pem
deleted file mode 100644
index c23d49bba7..0000000000
--- a/src/lib/libssl/src/demos/easy_tls/cacerts.pem
+++ /dev/null
@@ -1,18 +0,0 @@
1$Id: cacerts.pem,v 1.5 2014/04/13 15:25:34 miod Exp $
2
3issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
4subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
5-----BEGIN CERTIFICATE-----
6MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
7BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
8VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
9OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
10BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
11IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
12DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
131F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
14mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
15hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
16YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
17q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
18-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/demos/easy_tls/cert.pem b/src/lib/libssl/src/demos/easy_tls/cert.pem
deleted file mode 100644
index 6613c2df44..0000000000
--- a/src/lib/libssl/src/demos/easy_tls/cert.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1$Id: cert.pem,v 1.5 2014/04/13 15:25:34 miod Exp $
2
3Example certificate and key.
4
5-----BEGIN CERTIFICATE-----
6MIIB1jCCAT8CAQEwDQYJKoZIhvcNAQEEBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
7BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
8ZDAeFw05OTA1MDEwMTI2MzVaFw05OTA1MzEwMTI2MzVaMCIxCzAJBgNVBAYTAkRF
9MRMwEQYDVQQDEwpUZXN0c2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
10gQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68/8MbT3ou0pdF
11AcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2ai7emdjMjXVL
12tzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQABMA0GCSqGSIb3
13DQEBBAUAA4GBAMgM+sbAk8DfjSfa+Rf2gcGXmbrvZAzKzC+5RU3kaq/NyxIXAGco
149dZjozzWfN/xuGup5boFk+KrP+xdgsaqGHsyzlgEoqz4ekqLjQeVbnoj339hVFU9
15MhPi6JULPxjXKumjfX2LLNkikW5puz8Df3UiX0EiaJvd7EwP8J75tiUT
16-----END CERTIFICATE-----
17-----BEGIN RSA PRIVATE KEY-----
18MIICXQIBAAKBgQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68
19/8MbT3ou0pdFAcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2
20ai7emdjMjXVLtzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQAB
21AoGANST8c1etf1MU19oIO5aqaE19OCXIG7oakNLCCtVTPMfvnE+vffBJH7BPIUuU
224BBzwRv1nQrkvk72TPjVjOAu81B1SStKQueun2flVuYxp9NyupNWCBley4QdohlP
23I92ml2tzTSPmNIoA6jdGyNzFcGchapRRmejsC39F1RUbHQECQQD9KX81Wt8ZOrri
24dWiEXja1L3X8Bkb9vvUjVMQDTJJPxBJjehC6eurgE6PP6SJD5p/f3RHPCcLr8tSM
25D4P/OpKhAkEA/PFNlhIZUDKK6aTvG2mn7qQ5phbadOoyN1Js3ttWG5OMOZ6b/QlC
26Wvp84h44506BIlv+Tg2YAI0AdBUrf7oEowJAM4joAVd/ROaEtqbJ4PBA2L9RmD06
275FqkEk4mHLnQqvYx/BgUIbH18ClvVlqSBBqFfw/EmU3WZSuogt6Bs0ocIQJBAOxB
28AoPiYcxbeQ5kZIVJOXaX49SzUdaUDNVJYrEBUzsspHQJJo/Avz606kJVkjbSR6Ft
29JWmIHuqcyMikIV4KxFsCQQCU2evoVjVsqkkbHi7W28f73PGBsyu0KIwlK7nu4h08
30Daf7TAI+A6jW/WRUsJ6dFhUYi7/Jvkcdrlnbgm2fxziX
31-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/easy_tls/easy-tls.c b/src/lib/libssl/src/demos/easy_tls/easy-tls.c
deleted file mode 100644
index 72047b3e80..0000000000
--- a/src/lib/libssl/src/demos/easy_tls/easy-tls.c
+++ /dev/null
@@ -1,1240 +0,0 @@
1/* -*- Mode: C; c-file-style: "bsd" -*- */
2/*
3 * easy-tls.c -- generic TLS proxy.
4 * $Id: easy-tls.c,v 1.6 2014/04/13 15:25:34 miod Exp $
5 */
6/*
7 (c) Copyright 1999 Bodo Moeller. All rights reserved.
8
9 This is free software; you can redistributed and/or modify it
10 unter the terms of either
11 - the GNU General Public License as published by the
12 Free Software Foundation, version 1, or (at your option)
13 any later version,
14 or
15 - the following license:
16*/
17/*
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that each of the following
20 * conditions is met:
21 *
22 * 1. Redistributions qualify as "freeware" or "Open Source Software" under
23 * one of the following terms:
24 *
25 * (a) Redistributions are made at no charge beyond the reasonable cost of
26 * materials and delivery.
27 *
28 * (b) Redistributions are accompanied by a copy of the Source Code
29 * or by an irrevocable offer to provide a copy of the Source Code
30 * for up to three years at the cost of materials and delivery.
31 * Such redistributions must allow further use, modification, and
32 * redistribution of the Source Code under substantially the same
33 * terms as this license.
34 *
35 * 2. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 *
38 * 3. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in
40 * the documentation and/or other materials provided with the
41 * distribution.
42 *
43 * 4. All advertising materials mentioning features or use of this
44 * software must display the following acknowledgment:
45 * "This product includes software developed by Bodo Moeller."
46 * (If available, substitute umlauted o for oe.)
47 *
48 * 5. Redistributions of any form whatsoever must retain the following
49 * acknowledgment:
50 * "This product includes software developed by Bodo Moeller."
51 *
52 * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY
53 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
55 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BODO MOELLER OR
56 * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
57 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
58 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
59 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
61 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
62 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
63 * OF THE POSSIBILITY OF SUCH DAMAGE.
64 */
65/*
66 * Attribution for OpenSSL library:
67 *
68 * This product includes cryptographic software written by Eric Young
69 * (eay@cryptsoft.com). This product includes software written by Tim
70 * Hudson (tjh@cryptsoft.com).
71 * This product includes software developed by the OpenSSL Project
72 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)
73 */
74
75static char const rcsid[] =
76"$Id: easy-tls.c,v 1.6 2014/04/13 15:25:34 miod Exp $";
77
78#include <assert.h>
79#include <errno.h>
80#include <fcntl.h>
81#include <limits.h>
82#include <stdarg.h>
83#include <stdio.h>
84#include <string.h>
85#include <sys/select.h>
86#include <sys/socket.h>
87#include <sys/stat.h>
88#include <sys/time.h>
89#include <sys/types.h>
90#include <sys/utsname.h>
91#include <unistd.h>
92
93#include <openssl/crypto.h>
94#include <openssl/dh.h>
95#include <openssl/dsa.h>
96#include <openssl/err.h>
97#include <openssl/evp.h>
98#include <openssl/opensslv.h>
99#include <openssl/pem.h>
100#include <openssl/rand.h>
101#ifndef NO_RSA
102 #include <openssl/rsa.h>
103#endif
104#include <openssl/ssl.h>
105#include <openssl/x509.h>
106#include <openssl/x509_vfy.h>
107
108#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */
109# error "This program needs OpenSSL 0.9.4 or later."
110#endif
111
112#include "easy-tls.h" /* include after <openssl/ssl.h> if both are needed */
113
114#if TLS_INFO_SIZE > PIPE_BUF
115# if PIPE_BUF < 512
116# error "PIPE_BUF < 512" /* non-POSIX */
117# endif
118# error "TLS_INFO_SIZE > PIPE_BUF"
119#endif
120
121/*****************************************************************************/
122
123#ifdef TLS_APP
124# include TLS_APP
125#endif
126
127/* Applications can define:
128 * TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
129 * TLS_CUMULATE_ERRORS
130 * TLS_ERROR_BUFSIZ
131 * TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg)
132 */
133
134#ifndef TLS_APP_PROCESS_INIT
135# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0)
136#endif
137
138#ifndef TLS_ERROR_BUFSIZ
139# define TLS_ERROR_BUFSIZ (10*160)
140#endif
141#if TLS_ERROR_BUFSIZ < 2 /* {'\n',0} */
142# error "TLS_ERROR_BUFSIZE is too small."
143#endif
144
145#ifndef TLS_APP_ERRFLUSH
146# define TLS_APP_ERRFLUSH tls_app_errflush
147static void
148tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg)
149{
150 fputs(errbuf, stderr);
151}
152#endif
153
154/*****************************************************************************/
155
156#ifdef DEBUG_TLS
157# define DEBUG_MSG(x) fprintf(stderr," %s\n",x)
158# define DEBUG_MSG2(x,y) fprintf(stderr, " %s: %d\n",x,y)
159static int tls_loop_count = 0;
160static int tls_select_count = 0;
161#else
162# define DEBUG_MSG(x) (void)0
163# define DEBUG_MSG2(x,y) (void)0
164#endif
165
166static void tls_rand_seed_uniquely(void);
167static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p);
168static int tls_socket_nonblocking(int fd);
169
170static int tls_child_p = 0;
171static void *tls_child_apparg;
172
173
174struct tls_start_proxy_args
175tls_start_proxy_defaultargs(void)
176{
177 struct tls_start_proxy_args ret;
178
179 ret.fd = -1;
180 ret.client_p = -1;
181 ret.ctx = NULL;
182 ret.pid = NULL;
183 ret.infofd = NULL;
184
185 return ret;
186}
187
188/* Slice in TLS proxy process at fd.
189 * Return value:
190 * 0 ok (*pid is set to child's PID if pid != NULL),
191 * < 0 look at errno
192 * > 0 other error
193 * (return value encodes place of error)
194 *
195 */
196int
197tls_start_proxy(struct tls_start_proxy_args a, void *apparg)
198{
199 int fds[2] = {-1, -1};
200 int infofds[2] = {-1, -1};
201 int r, getfd, getfl;
202 int ret;
203
204 DEBUG_MSG2("tls_start_proxy fd", a.fd);
205 DEBUG_MSG2("tls_start_proxy client_p", a.client_p);
206
207 if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL)
208 return 1;
209
210 if (a.pid != NULL) {
211 *a.pid = 0;
212 }
213 if (a.infofd != NULL) {
214 *a.infofd = -1;
215 }
216
217 r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
218 if (r == -1)
219 return -1;
220 if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) {
221 ret = 2;
222 goto err;
223 }
224 if (a.infofd != NULL) {
225 r = pipe(infofds);
226 if (r == -1) {
227 ret = -3;
228 goto err;
229 }
230 }
231
232 r = fork();
233 if (r == -1) {
234 ret = -4;
235 goto err;
236 }
237 if (r == 0) {
238 DEBUG_MSG("fork");
239 tls_child_p = 1;
240 tls_child_apparg = apparg;
241 close(fds[1]);
242 if (infofds[0] != -1)
243 close(infofds[0]);
244 TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg);
245 DEBUG_MSG("TLS_APP_PROCESS_INIT");
246 tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p);
247 exit(0);
248 }
249 if (a.pid != NULL)
250 *a.pid = r;
251 if (infofds[1] != -1) {
252 close(infofds[1]);
253 infofds[1] = -1;
254 }
255 /* install fds[1] in place of fd: */
256 close(fds[0]);
257 fds[0] = -1;
258 getfd = fcntl(a.fd, F_GETFD);
259 getfl = fcntl(a.fd, F_GETFL);
260 r = dup2(fds[1], a.fd);
261 close(fds[1]);
262 fds[1] = -1;
263 if (r == -1) {
264 ret = -5;
265 goto err;
266 }
267 if (getfd != 1)
268 fcntl(a.fd, F_SETFD, getfd);
269 if (getfl & O_NONBLOCK)
270 (void)tls_socket_nonblocking(a.fd);
271 if (a.infofd != NULL)
272 *a.infofd = infofds[0];
273 return 0;
274
275 err:
276 if (fds[0] != -1)
277 close(fds[0]);
278 if (fds[1] != -1)
279 close(fds[1]);
280 if (infofds[0] != -1)
281 close(infofds[0]);
282 if (infofds[1] != -1)
283 close(infofds[1]);
284 return ret;
285}
286
287/*****************************************************************************/
288
289static char errbuf[TLS_ERROR_BUFSIZ];
290static size_t errbuf_i = 0;
291
292static void
293tls_errflush(void *apparg)
294{
295 if (errbuf_i == 0)
296 return;
297
298 assert(errbuf_i < sizeof errbuf);
299 assert(errbuf[errbuf_i] == 0);
300 if (errbuf_i == sizeof errbuf - 1) {
301 /* make sure we have a newline, even if string has been truncated */
302 errbuf[errbuf_i - 1] = '\n';
303 }
304
305 /* TLS_APP_ERRFLUSH may modify the string as needed,
306 * e.g. substitute other characters for \n for convenience */
307 TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg);
308
309 errbuf_i = 0;
310}
311
312static void
313tls_errprintf(int flush, void *apparg, const char *fmt, ...)
314{
315 va_list args;
316 int r;
317
318 if (errbuf_i < sizeof errbuf - 1) {
319 size_t n;
320
321 va_start(args, fmt);
322 n = (sizeof errbuf) - errbuf_i;
323 r = vsnprintf(errbuf + errbuf_i, n, fmt, args);
324 if (r >= n)
325 r = n - 1;
326 if (r >= 0) {
327 errbuf_i += r;
328 } else {
329 errbuf_i = sizeof errbuf - 1;
330 errbuf[errbuf_i] = '\0';
331 }
332 assert(errbuf_i < sizeof errbuf);
333 assert(errbuf[errbuf_i] == 0);
334 }
335#ifndef TLS_CUMULATE_ERRORS
336 tls_errflush(apparg);
337#else
338 if (flush)
339 tls_errflush(apparg);
340#endif
341}
342
343/* app_prefix.. are for additional information provided by caller.
344 * If OpenSSL error queue is empty, print default_text ("???" if NULL).
345 */
346static char *
347tls_openssl_errors(const char *app_prefix_1, const char *app_prefix_2, const char *default_text, void *apparg)
348{
349 static char reasons[255];
350 size_t reasons_i;
351 unsigned long err;
352 const char *file;
353 int line;
354 const char *data;
355 int flags;
356 char *errstring;
357 int printed_something = 0;
358
359 reasons_i = 0;
360
361 assert(app_prefix_1 != NULL);
362 assert(app_prefix_2 != NULL);
363
364 if (default_text == NULL)
365 default_text = "?""?""?";
366
367 while ((err = ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) {
368 if (reasons_i < sizeof reasons) {
369 size_t n;
370 int r;
371
372 n = (sizeof reasons) - reasons_i;
373 r = snprintf(reasons + reasons_i, n, "%s%s", (reasons_i > 0 ? ", " : ""), ERR_reason_error_string(err));
374 if (r >= n)
375 r = n - 1;
376 if (r >= 0) {
377 reasons_i += r;
378 } else {
379 reasons_i = sizeof reasons;
380 }
381 assert(reasons_i <= sizeof reasons);
382 }
383
384 errstring = ERR_error_string(err, NULL);
385 assert(errstring != NULL);
386 tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n", app_prefix_1, app_prefix_2, errstring, file, line, (flags & ERR_TXT_STRING) ? data : "");
387 printed_something = 1;
388 }
389
390 if (!printed_something) {
391 assert(reasons_i == 0);
392 snprintf(reasons, sizeof reasons, "%s", default_text);
393 tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1, app_prefix_2, default_text);
394 }
395
396#ifdef TLS_CUMULATE_ERRORS
397 tls_errflush(apparg);
398#endif
399 assert(errbuf_i == 0);
400
401 return reasons;
402}
403
404/*****************************************************************************/
405
406static int tls_init_done = 0;
407
408static int
409tls_init(void *apparg)
410{
411 if (tls_init_done)
412 return 0;
413
414 SSL_load_error_strings();
415 if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) {
416 tls_errprintf(1, apparg, "SSL_library_init failed.\n");
417 return -1;
418 }
419 tls_init_done = 1;
420 tls_rand_seed();
421 return 0;
422}
423
424/*****************************************************************************/
425
426static void
427tls_rand_seed_uniquely(void)
428{
429 struct {
430 pid_t pid;
431 time_t time;
432 void *stack;
433 } data;
434
435 data.pid = getpid();
436 data.time = time(NULL);
437 data.stack = (void *)&data;
438
439 RAND_seed((const void *)&data, sizeof data);
440}
441
442void
443tls_rand_seed(void)
444{
445 struct {
446 struct utsname uname;
447 int uname_1;
448 int uname_2;
449 uid_t uid;
450 uid_t euid;
451 gid_t gid;
452 gid_t egid;
453 } data;
454
455 data.uname_1 = uname(&data.uname);
456 data.uname_2 = errno; /* Let's hope that uname fails randomly :-) */
457
458 data.uid = getuid();
459 data.euid = geteuid();
460 data.gid = getgid();
461 data.egid = getegid();
462
463 RAND_seed((const void *)&data, sizeof data);
464 tls_rand_seed_uniquely();
465}
466
467static int tls_rand_seeded_p = 0;
468
469#define my_MIN_SEED_BYTES 256 /* struct stat can be larger than 128 */
470int
471tls_rand_seed_from_file(const char *filename, size_t n, void *apparg)
472{
473 /* Seed OpenSSL's random number generator from file.
474 Try to read n bytes if n > 0, whole file if n == 0. */
475
476 int r;
477
478 if (tls_init(apparg) == -1)
479 return -1;
480 tls_rand_seed();
481
482 r = RAND_load_file(filename, (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX);
483 /* r is the number of bytes filled into the random number generator,
484 * which are taken from "stat(filename, ...)" in addition to the
485 * file contents.
486 */
487 assert(1 < my_MIN_SEED_BYTES);
488 /* We need to detect at least those cases when the file does not exist
489 * at all. With current versions of OpenSSL, this should do it: */
490 if (n == 0)
491 n = my_MIN_SEED_BYTES;
492 if (r < n) {
493 tls_errprintf(1, apparg, "rand_seed_from_file: could not read %d bytes from %s.\n", n, filename);
494 return -1;
495 } else {
496 tls_rand_seeded_p = 1;
497 return 0;
498 }
499}
500
501void
502tls_rand_seed_from_memory(const void *buf, size_t n)
503{
504 size_t i = 0;
505
506 while (i < n) {
507 size_t rest = n - i;
508 int chunk = rest < INT_MAX ? (int)rest : INT_MAX;
509 RAND_seed((const char *)buf + i, chunk);
510 i += chunk;
511 }
512 tls_rand_seeded_p = 1;
513}
514
515
516/*****************************************************************************/
517
518struct tls_x509_name_string {
519 char str[100];
520};
521
522static void
523tls_get_x509_subject_name_oneline(X509 *cert, struct tls_x509_name_string *namestring)
524{
525 X509_NAME *name;
526
527 if (cert == NULL) {
528 namestring->str[0] = '\0';
529 return;
530 }
531
532 name = X509_get_subject_name(cert); /* does not increment any reference counter */
533
534 assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */
535
536 if (name == NULL) {
537 namestring->str[0] = '?';
538 namestring->str[1] = 0;
539 } else {
540 size_t len;
541
542 X509_NAME_oneline(name, namestring->str, sizeof namestring->str);
543 len = strlen(namestring->str);
544 assert(namestring->str[len] == 0);
545 assert(len < sizeof namestring->str);
546
547 if (len+1 == sizeof namestring->str) {
548 /* (Probably something was cut off.)
549 * Does not really work -- X509_NAME_oneline truncates after
550 * name components, we cannot tell from the result whether
551 * anything is missing. */
552
553 assert(namestring->str[len] == 0);
554 namestring->str[--len] = '.';
555 namestring->str[--len] = '.';
556 namestring->str[--len] = '.';
557 }
558 }
559}
560
561/*****************************************************************************/
562
563/* to hinder OpenSSL from asking for passphrases */
564static int
565no_passphrase_callback(char *buf, int num, int w, void *arg)
566{
567 return -1;
568}
569
570#if OPENSSL_VERSION_NUMBER >= 0x00907000L
571static int
572verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
573#else
574static int
575verify_dont_fail_cb(X509_STORE_CTX *c)
576#endif
577{
578 int i;
579
580 i = X509_verify_cert(c); /* sets c->error */
581#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified
582 * certificates -- they could
583 * survive session reuse, but
584 * OpenSSL < 0.9.5-dev does not
585 * preserve their verify_result */
586 if (i == 0)
587 return 1;
588 else
589#endif
590 return i;
591}
592
593static DH *tls_dhe1024 = NULL; /* generating these takes a while, so do it just once */
594
595void
596tls_set_dhe1024(int i, void *apparg)
597{
598 DSA *dsaparams;
599 DH *dhparams;
600 const char *seed[] = { ";-) :-( :-) :-( ",
601 ";-) :-( :-) :-( ",
602 "Random String no. 12",
603 ";-) :-( :-) :-( ",
604 "hackers have even mo", /* from jargon file */
605 };
606 unsigned char seedbuf[20];
607
608 tls_init(apparg);
609 if (i >= 0) {
610 i %= sizeof seed / sizeof seed[0];
611 assert(strlen(seed[i]) == 20);
612 memcpy(seedbuf, seed[i], 20);
613 dsaparams = DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);
614 } else {
615 /* random parameters (may take a while) */
616 dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
617 }
618
619 if (dsaparams == NULL) {
620 tls_openssl_errors("", "", NULL, apparg);
621 return;
622 }
623 dhparams = DSA_dup_DH(dsaparams);
624 DSA_free(dsaparams);
625 if (dhparams == NULL) {
626 tls_openssl_errors("", "", NULL, apparg);
627 return;
628 }
629 if (tls_dhe1024 != NULL)
630 DH_free(tls_dhe1024);
631 tls_dhe1024 = dhparams;
632}
633
634struct tls_create_ctx_args
635tls_create_ctx_defaultargs(void)
636{
637 struct tls_create_ctx_args ret;
638
639 ret.client_p = 0;
640 ret.certificate_file = NULL;
641 ret.key_file = NULL;
642 ret.ca_file = NULL;
643 ret.verify_depth = -1;
644 ret.fail_unless_verified = 0;
645 ret.export_p = 0;
646
647 return ret;
648}
649
650SSL_CTX *
651tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
652{
653 int r;
654 static long context_num = 0;
655 SSL_CTX *ret;
656 const char *err_pref_1 = "", *err_pref_2 = "";
657
658 if (tls_init(apparg) == -1)
659 return NULL;
660
661 ret = SSL_CTX_new((a.client_p? SSLv23_client_method:SSLv23_server_method)());
662
663 if (ret == NULL)
664 goto err;
665
666 SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback);
667 SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE);
668
669 if ((a.certificate_file != NULL) || (a.key_file != NULL)) {
670 if (a.key_file == NULL) {
671 tls_errprintf(1, apparg, "Need a key file.\n");
672 goto err_return;
673 }
674 if (a.certificate_file == NULL) {
675 tls_errprintf(1, apparg, "Need a certificate chain file.\n");
676 goto err_return;
677 }
678
679 if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM))
680 goto err;
681 if (!tls_rand_seeded_p) {
682 /* particularly paranoid people may not like this --
683 * so provide your own random seeding before calling this */
684 if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1)
685 goto err_return;
686 }
687 if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file))
688 goto err;
689 if (!SSL_CTX_check_private_key(ret)) {
690 tls_errprintf(1, apparg, "Private key \"%s\" does not match certificate \"%s\".\n", a.key_file, a.certificate_file);
691 goto err_peek;
692 }
693 }
694
695 if ((a.ca_file != NULL) || (a.verify_depth > 0)) {
696 context_num++;
697 r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num, (unsigned int)sizeof context_num);
698 if (!r)
699 goto err;
700
701 SSL_CTX_set_verify(ret, SSL_VERIFY_PEER | (a.fail_unless_verified ? SSL_VERIFY_FAIL_IF_NO_PEER_CERT : 0), 0);
702 if (!a.fail_unless_verified)
703 SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL);
704
705 if (a.verify_depth > 0)
706 SSL_CTX_set_verify_depth(ret, a.verify_depth);
707
708 if (a.ca_file != NULL) {
709 r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL /* no CA-directory */); /* does not report failure if file does not exist ... */
710 if (!r) {
711 err_pref_1 = " while processing certificate file ";
712 err_pref_2 = a.ca_file;
713 goto err;
714 }
715
716 if (!a.client_p) {
717 /* SSL_load_client_CA_file is a misnomer, it just creates a list of CNs. */
718 SSL_CTX_set_client_CA_list(ret, SSL_load_client_CA_file(a.ca_file));
719 /* SSL_CTX_set_client_CA_list does not have a return value;
720 * it does not really need one, but make sure
721 * (we really test if SSL_load_client_CA_file worked) */
722 if (SSL_CTX_get_client_CA_list(ret) == NULL) {
723 tls_errprintf(1, apparg, "Could not set client CA list from \"%s\".\n", a.ca_file);
724 goto err_peek;
725 }
726 }
727 }
728 }
729
730 if (!a.client_p) {
731 if (tls_dhe1024 == NULL) {
732 int i;
733
734 RAND_bytes((unsigned char *) &i, sizeof i);
735 /* make sure that i is non-negative -- pick one of the provided
736 * seeds */
737 if (i < 0)
738 i = -i;
739 if (i < 0)
740 i = 0;
741 tls_set_dhe1024(i, apparg);
742 if (tls_dhe1024 == NULL)
743 goto err_return;
744 }
745
746 if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024))
747 goto err;
748
749 /* avoid small subgroup attacks: */
750 SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);
751 }
752
753#ifndef NO_RSA
754 if (!a.client_p && a.export_p) {
755 RSA *tmpkey;
756
757 tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);
758 if (tmpkey == NULL)
759 goto err;
760 if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {
761 RSA_free(tmpkey);
762 goto err;
763 }
764 RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */
765 }
766#endif
767
768 return ret;
769
770 err_peek:
771 if (!ERR_peek_error())
772 goto err_return;
773 err:
774 tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg);
775 err_return:
776 if (ret != NULL)
777 SSL_CTX_free(ret);
778 return NULL;
779}
780
781
782/*****************************************************************************/
783
784static int
785tls_socket_nonblocking(int fd)
786{
787 int v, r;
788
789 v = fcntl(fd, F_GETFL, 0);
790 if (v == -1) {
791 if (errno == EINVAL)
792 return 0; /* already shut down -- ignore */
793 return -1;
794 }
795 r = fcntl(fd, F_SETFL, v | O_NONBLOCK);
796 if (r == -1) {
797 if (errno == EINVAL)
798 return 0; /* already shut down -- ignore */
799 return -1;
800 }
801 return 0;
802}
803
804static int
805max(int a, int b)
806{
807 return a > b ? a : b;
808}
809
810static void
811tls_sockets_select(int read_select_1, int read_select_2, int write_select_1, int write_select_2, int seconds /* timeout, -1 means no timeout */)
812{
813 int maxfd, n;
814 fd_set reads, writes;
815 struct timeval timeout;
816 struct timeval *timeout_p;
817
818 assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1 && write_select_2 >= -1);
819 assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE -1 && write_select_1 < FD_SETSIZE -1 && write_select_2 < FD_SETSIZE -1);
820
821 maxfd = max(max(read_select_1, read_select_2), max(write_select_1, write_select_2));
822 assert(maxfd >= 0);
823
824 FD_ZERO(&reads);
825 FD_ZERO(&writes);
826
827 for(n = 0; n < 4; ++n) {
828 int i = n % 2;
829 int w = n >= 2;
830 /* loop over all (i, w) in {0,1}x{0,1} */
831 int fd;
832
833 if (i == 0 && w == 0)
834 fd = read_select_1;
835 else if (i == 1 && w == 0)
836 fd = read_select_2;
837 else if (i == 0 && w == 1)
838 fd = write_select_1;
839 else {
840 assert(i == 1 && w == 1);
841 fd = write_select_2;
842 }
843
844 if (fd >= 0) {
845 if (w == 0)
846 FD_SET(fd, &reads);
847 else /* w == 1 */
848 FD_SET(fd, &writes);
849 }
850 }
851
852 if (seconds >= 0) {
853 timeout.tv_sec = seconds;
854 timeout.tv_usec = 0;
855 timeout_p = &timeout;
856 } else
857 timeout_p = NULL;
858
859 DEBUG_MSG2("select no.", ++tls_select_count);
860 select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p);
861 DEBUG_MSG("cont.");
862}
863
864/*****************************************************************************/
865
866#define TUNNELBUFSIZE (16*1024)
867struct tunnelbuf {
868 char buf[TUNNELBUFSIZE];
869 size_t len;
870 size_t offset;
871};
872
873static int tls_connect_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
874
875static int tls_accept_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
876
877static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
878
879static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
880
881static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);
882
883static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);
884
885static void write_info(SSL *ssl, int *info_fd)
886{
887 if (*info_fd != -1) {
888 long v;
889 int v_ok;
890 struct tls_x509_name_string peer;
891 char infobuf[TLS_INFO_SIZE];
892 int r;
893
894 DEBUG_MSG("write_info");
895 v = SSL_get_verify_result(ssl);
896 v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */
897 {
898 X509 *peercert;
899
900 peercert = SSL_get_peer_certificate(ssl);
901 tls_get_x509_subject_name_oneline(peercert, &peer);
902 if (peercert != NULL)
903 X509_free(peercert);
904 }
905 if (peer.str[0] == '\0')
906 v_ok = '0'; /* no cert at all */
907 else
908 if (strchr(peer.str, '\n')) {
909 /* should not happen, but make sure */
910 *strchr(peer.str, '\n') = '\0';
911 }
912 r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok, X509_verify_cert_error_string(v), peer.str);
913 DEBUG_MSG2("snprintf", r);
914 if (r == -1 || r >= sizeof infobuf)
915 r = sizeof infobuf - 1;
916 write(*info_fd, infobuf, r);
917 close (*info_fd);
918 *info_fd = -1;
919 }
920}
921
922
923/* tls_proxy expects that all fds are closed after return */
924static void
925tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)
926{
927 struct tunnelbuf clear_to_tls, tls_to_clear;
928 SSL *ssl;
929 BIO *rbio, *wbio;
930 int closed, in_handshake;
931 const char *err_pref_1 = "", *err_pref_2 = "";
932 const char *err_def = NULL;
933
934 assert(clear_fd != -1);
935 assert(tls_fd != -1);
936 assert(clear_fd < FD_SETSIZE);
937 assert(tls_fd < FD_SETSIZE);
938 /* info_fd may be -1 */
939 assert(ctx != NULL);
940
941 tls_rand_seed_uniquely();
942
943 tls_socket_nonblocking(clear_fd);
944 DEBUG_MSG2("clear_fd", clear_fd);
945 tls_socket_nonblocking(tls_fd);
946 DEBUG_MSG2("tls_fd", tls_fd);
947
948 ssl = SSL_new(ctx);
949 if (ssl == NULL)
950 goto err;
951 DEBUG_MSG("SSL_new");
952 if (!SSL_set_fd(ssl, tls_fd))
953 goto err;
954 rbio = SSL_get_rbio(ssl);
955 wbio = SSL_get_wbio(ssl); /* should be the same, but who cares */
956 assert(rbio != NULL);
957 assert(wbio != NULL);
958 if (client_p)
959 SSL_set_connect_state(ssl);
960 else
961 SSL_set_accept_state(ssl);
962
963 closed = 0;
964 in_handshake = 1;
965 tls_to_clear.len = 0;
966 tls_to_clear.offset = 0;
967 clear_to_tls.len = 0;
968 clear_to_tls.offset = 0;
969
970 err_def = "I/O error";
971
972 /* loop finishes as soon as we detect that one side closed;
973 * when all (program and OS) buffers have enough space,
974 * the data from the last succesful read in each direction is transferred
975 * before close */
976 do {
977 int clear_read_select = 0, clear_write_select = 0,
978 tls_read_select = 0, tls_write_select = 0,
979 progress = 0;
980 int r;
981 unsigned long num_read = BIO_number_read(rbio),
982 num_written = BIO_number_written(wbio);
983
984 DEBUG_MSG2("loop iteration", ++tls_loop_count);
985
986 if (in_handshake) {
987 DEBUG_MSG("in_handshake");
988 if (client_p)
989 r = tls_connect_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
990 else
991 r = tls_accept_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
992 if (r != 0) {
993 write_info(ssl, &info_fd);
994 goto err;
995 }
996 if (closed)
997 goto err_return;
998 if (!SSL_in_init(ssl)) {
999 in_handshake = 0;
1000 write_info(ssl, &info_fd);
1001 }
1002 }
1003
1004 if (clear_to_tls.len != 0 && !in_handshake) {
1005 assert(!closed);
1006
1007 r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
1008 if (r != 0)
1009 goto err;
1010 if (closed) {
1011 assert(progress);
1012 tls_to_clear.offset = 0;
1013 tls_to_clear.len = 0;
1014 }
1015 }
1016
1017 if (tls_to_clear.len != 0) {
1018 assert(!closed);
1019
1020 r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select, &closed, &progress);
1021 if (r != 0)
1022 goto err_return;
1023 if (closed) {
1024 assert(progress);
1025 clear_to_tls.offset = 0;
1026 clear_to_tls.len = 0;
1027 }
1028 }
1029
1030 if (!closed) {
1031 if (clear_to_tls.offset + clear_to_tls.len < sizeof clear_to_tls.buf) {
1032 r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select, &closed, &progress);
1033 if (r != 0)
1034 goto err_return;
1035 if (closed) {
1036 r = SSL_shutdown(ssl);
1037 DEBUG_MSG2("SSL_shutdown", r);
1038 }
1039 }
1040 }
1041
1042 if (!closed && !in_handshake) {
1043 if (tls_to_clear.offset + tls_to_clear.len < sizeof tls_to_clear.buf) {
1044 r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
1045 if (r != 0)
1046 goto err;
1047 if (closed) {
1048 r = SSL_shutdown(ssl);
1049 DEBUG_MSG2("SSL_shutdown", r);
1050 }
1051 }
1052 }
1053
1054 if (!progress) {
1055 DEBUG_MSG("!progress?");
1056 if (num_read != BIO_number_read(rbio) || num_written != BIO_number_written(wbio))
1057 progress = 1;
1058
1059 if (!progress) {
1060 DEBUG_MSG("!progress");
1061 assert(clear_read_select || tls_read_select || clear_write_select || tls_write_select);
1062 tls_sockets_select(clear_read_select ? clear_fd : -1, tls_read_select ? tls_fd : -1, clear_write_select ? clear_fd : -1, tls_write_select ? tls_fd : -1, -1);
1063 }
1064 }
1065 } while (!closed);
1066 return;
1067
1068 err:
1069 tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg);
1070 err_return:
1071 return;
1072}
1073
1074
1075static int
1076tls_get_error(SSL *ssl, int r, int *write_select, int *read_select, int *closed, int *progress)
1077{
1078 int err = SSL_get_error(ssl, r);
1079
1080 if (err == SSL_ERROR_NONE) {
1081 assert(r > 0);
1082 *progress = 1;
1083 return 0;
1084 }
1085
1086 assert(r <= 0);
1087
1088 switch (err) {
1089 case SSL_ERROR_ZERO_RETURN:
1090 assert(r == 0);
1091 *closed = 1;
1092 *progress = 1;
1093 return 0;
1094
1095 case SSL_ERROR_WANT_WRITE:
1096 *write_select = 1;
1097 return 0;
1098
1099 case SSL_ERROR_WANT_READ:
1100 *read_select = 1;
1101 return 0;
1102 }
1103
1104 return -1;
1105}
1106
1107static int
1108tls_connect_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
1109{
1110 int n, r;
1111
1112 DEBUG_MSG("tls_connect_attempt");
1113 n = SSL_connect(ssl);
1114 DEBUG_MSG2("SSL_connect",n);
1115 r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
1116 if (r == -1)
1117 *err_pref = " during SSL_connect";
1118 return r;
1119}
1120
1121static int
1122tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
1123{
1124 int n, r;
1125
1126 DEBUG_MSG("tls_accept_attempt");
1127 n = SSL_accept(ssl);
1128 DEBUG_MSG2("SSL_accept",n);
1129 r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
1130 if (r == -1)
1131 *err_pref = " during SSL_accept";
1132 return r;
1133}
1134
1135static int
1136tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
1137{
1138 int n, r;
1139
1140 DEBUG_MSG("tls_write_attempt");
1141 n = SSL_write(ssl, buf->buf + buf->offset, buf->len);
1142 DEBUG_MSG2("SSL_write",n);
1143 r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
1144 if (n > 0) {
1145 buf->len -= n;
1146 assert(buf->len >= 0);
1147 if (buf->len == 0)
1148 buf->offset = 0;
1149 else
1150 buf->offset += n;
1151 }
1152 if (r == -1)
1153 *err_pref = " during SSL_write";
1154 return r;
1155}
1156
1157static int
1158tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
1159{
1160 int n, r;
1161 size_t total;
1162
1163 DEBUG_MSG("tls_read_attempt");
1164 total = buf->offset + buf->len;
1165 assert(total < sizeof buf->buf);
1166 n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total);
1167 DEBUG_MSG2("SSL_read",n);
1168 r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
1169 if (n > 0) {
1170 buf->len += n;
1171 assert(buf->offset + buf->len <= sizeof buf->buf);
1172 }
1173 if (r == -1)
1174 *err_pref = " during SSL_read";
1175 return r;
1176}
1177
1178static int
1179get_error(int r, int *select, int *closed, int *progress)
1180{
1181 if (r >= 0) {
1182 *progress = 1;
1183 if (r == 0)
1184 *closed = 1;
1185 return 0;
1186 } else {
1187 assert(r == -1);
1188 if (errno == EAGAIN || errno == EWOULDBLOCK) {
1189 *select = 1;
1190 return 0;
1191 } else if (errno == EPIPE) {
1192 *progress = 1;
1193 *closed = 1;
1194 return 0;
1195 } else
1196 return -1;
1197 }
1198}
1199
1200static int write_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)
1201{
1202 int n, r;
1203
1204 DEBUG_MSG("write_attempt");
1205 n = write(fd, buf->buf + buf->offset, buf->len);
1206 DEBUG_MSG2("write",n);
1207 r = get_error(n, select, closed, progress);
1208 if (n > 0) {
1209 buf->len -= n;
1210 assert(buf->len >= 0);
1211 if (buf->len == 0)
1212 buf->offset = 0;
1213 else
1214 buf->offset += n;
1215 }
1216 if (r == -1)
1217 tls_errprintf(1, tls_child_apparg, "write error: %s\n", strerror(errno));
1218 return r;
1219}
1220
1221static int
1222read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)
1223{
1224 int n, r;
1225 size_t total;
1226
1227 DEBUG_MSG("read_attempt");
1228 total = buf->offset + buf->len;
1229 assert(total < sizeof buf->buf);
1230 n = read(fd, buf->buf + total, (sizeof buf->buf) - total);
1231 DEBUG_MSG2("read",n);
1232 r = get_error(n, select, closed, progress);
1233 if (n > 0) {
1234 buf->len += n;
1235 assert(buf->offset + buf->len <= sizeof buf->buf);
1236 }
1237 if (r == -1)
1238 tls_errprintf(1, tls_child_apparg, "read error: %s\n", strerror(errno));
1239 return r;
1240}
diff --git a/src/lib/libssl/src/demos/easy_tls/easy-tls.h b/src/lib/libssl/src/demos/easy_tls/easy-tls.h
deleted file mode 100644
index 844a5874b9..0000000000
--- a/src/lib/libssl/src/demos/easy_tls/easy-tls.h
+++ /dev/null
@@ -1,57 +0,0 @@
1/* -*- Mode: C; c-file-style: "bsd" -*- */
2/*
3 * easy-tls.h -- generic TLS proxy.
4 * $Id: easy-tls.h,v 1.5 2014/04/13 15:25:34 miod Exp $
5 */
6/*
7 * (c) Copyright 1999 Bodo Moeller. All rights reserved.
8 */
9
10#ifndef HEADER_TLS_H
11#define HEADER_TLS_H
12
13#ifndef HEADER_SSL_H
14typedef struct ssl_ctx_st SSL_CTX;
15#endif
16
17#define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */
18
19void tls_set_dhe1024(int i, void* apparg);
20/* Generate DHE parameters:
21 * i >= 0 deterministic (i selects seed), i < 0 random (may take a while).
22 * tls_create_ctx calls this with random non-negative i if the application
23 * has never called it.*/
24
25void tls_rand_seed(void);
26int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
27void tls_rand_seed_from_memory(const void *buf, size_t n);
28
29struct tls_create_ctx_args
30{
31 int client_p;
32 const char *certificate_file;
33 const char *key_file;
34 const char *ca_file;
35 int verify_depth;
36 int fail_unless_verified;
37 int export_p;
38};
39struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
40/* struct tls_create_ctx_args is similar to a conventional argument list,
41 * but it can provide default values and allows for future extension. */
42SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
43
44struct tls_start_proxy_args
45{
46 int fd;
47 int client_p;
48 SSL_CTX *ctx;
49 pid_t *pid;
50 int *infofd;
51};
52struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
53/* tls_start_proxy return value *MUST* be checked!
54 * 0 means ok, otherwise we've probably run out of some resources. */
55int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
56
57#endif
diff --git a/src/lib/libssl/src/demos/easy_tls/test.c b/src/lib/libssl/src/demos/easy_tls/test.c
deleted file mode 100644
index 4e884c4851..0000000000
--- a/src/lib/libssl/src/demos/easy_tls/test.c
+++ /dev/null
@@ -1,244 +0,0 @@
1/* test.c */
2/* $Id: test.c,v 1.5 2014/04/13 15:25:34 miod Exp $ */
3
4#define L_PORT 9999
5#define C_PORT 443
6
7#include <arpa/inet.h>
8#include <assert.h>
9#include <errno.h>
10#include <fcntl.h>
11#include <netinet/in.h>
12#include <netinet/tcp.h>
13#include <stdlib.h>
14#include <stdio.h>
15#include <string.h>
16#include <sys/select.h>
17#include <sys/socket.h>
18#include <unistd.h>
19
20#include "test.h"
21#include "easy-tls.h"
22
23void
24test_process_init(int fd, int client_p, void *apparg)
25{
26 fprintf(stderr, "test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd, client_p, apparg);
27}
28
29void
30test_errflush(int child_p, char *errbuf, size_t num, void *apparg)
31{
32 fputs(errbuf, stderr);
33}
34
35
36int
37main(int argc, char *argv[])
38{
39 int s, fd, r;
40 FILE *conn_in;
41 FILE *conn_out;
42 char buf[256];
43 SSL_CTX *ctx;
44 int client_p = 0;
45 int port;
46 int tls = 0;
47 char infobuf[TLS_INFO_SIZE + 1];
48
49 if (argc > 1 && argv[1][0] == '-') {
50 fputs("Usage: test [port] -- server\n"
51 " test num.num.num.num [port] -- client\n",
52 stderr);
53 exit(1);
54 }
55
56 if (argc > 1) {
57 if (strchr(argv[1], '.')) {
58 client_p = 1;
59 }
60 }
61
62 fputs(client_p ? "Client\n" : "Server\n", stderr);
63
64 {
65 struct tls_create_ctx_args a = tls_create_ctx_defaultargs();
66 a.client_p = client_p;
67 a.certificate_file = "cert.pem";
68 a.key_file = "cert.pem";
69 a.ca_file = "cacerts.pem";
70
71 ctx = tls_create_ctx(a, NULL);
72 if (ctx == NULL)
73 exit(1);
74 }
75
76 s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
77 if (s == -1) {
78 perror("socket");
79 exit(1);
80 }
81
82 if (client_p) {
83 struct sockaddr_in addr;
84 size_t addr_len = sizeof addr;
85
86 addr.sin_family = AF_INET;
87 assert(argc > 1);
88 if (argc > 2)
89 sscanf(argv[2], "%d", &port);
90 else
91 port = C_PORT;
92 addr.sin_port = htons(port);
93 addr.sin_addr.s_addr = inet_addr(argv[1]);
94
95 r = connect(s, &addr, addr_len);
96 if (r != 0) {
97 perror("connect");
98 exit(1);
99 }
100 fd = s;
101 fprintf(stderr, "Connect (fd = %d).\n", fd);
102 } else {
103 /* server */
104 {
105 int i = 1;
106
107 r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *) &i, sizeof i);
108 if (r == -1) {
109 perror("setsockopt");
110 exit(1);
111 }
112 }
113
114 {
115 struct sockaddr_in addr;
116 size_t addr_len = sizeof addr;
117
118 if (argc > 1)
119 sscanf(argv[1], "%d", &port);
120 else
121 port = L_PORT;
122 addr.sin_family = AF_INET;
123 addr.sin_port = htons(port);
124 addr.sin_addr.s_addr = INADDR_ANY;
125
126 r = bind(s, &addr, addr_len);
127 if (r != 0) {
128 perror("bind");
129 exit(1);
130 }
131 }
132
133 r = listen(s, 1);
134 if (r == -1) {
135 perror("listen");
136 exit(1);
137 }
138
139 fprintf(stderr, "Listening at port %i.\n", port);
140
141 fd = accept(s, NULL, 0);
142 if (fd == -1) {
143 perror("accept");
144 exit(1);
145 }
146
147 fprintf(stderr, "Accept (fd = %d).\n", fd);
148 }
149
150 conn_in = fdopen(fd, "r");
151 if (conn_in == NULL) {
152 perror("fdopen");
153 exit(1);
154 }
155 conn_out = fdopen(fd, "w");
156 if (conn_out == NULL) {
157 perror("fdopen");
158 exit(1);
159 }
160
161 setvbuf(conn_in, NULL, _IOLBF, 256);
162 setvbuf(conn_out, NULL, _IOLBF, 256);
163
164 while (fgets(buf, sizeof buf, stdin) != NULL) {
165 if (buf[0] == 'W') {
166 fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1), buf + 1);
167 fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1), buf + 1);
168 } else if (buf[0] == 'C') {
169 fprintf(stderr, "Closing.\n");
170 fclose(conn_in);
171 fclose(conn_out);
172 exit(0);
173 } else if (buf[0] == 'R') {
174 int lines = 0;
175
176 sscanf(buf + 1, "%d", &lines);
177 do {
178 if (fgets(buf, sizeof buf, conn_in) == NULL) {
179 if (ferror(conn_in)) {
180 fprintf(stderr, "ERROR\n");
181 exit(1);
182 }
183 fprintf(stderr, "CLOSED\n");
184 return 0;
185 }
186 fprintf(stderr, "<<< %s", buf);
187 } while (--lines > 0);
188 } else if (buf[0] == 'T') {
189 int infofd;
190
191 tls++;
192 {
193 struct tls_start_proxy_args a = tls_start_proxy_defaultargs();
194 a.fd = fd;
195 a.client_p = client_p;
196 a.ctx = ctx;
197 a.infofd = &infofd;
198 r = tls_start_proxy(a, NULL);
199 }
200 assert(r != 1);
201 if (r != 0) {
202 fprintf(stderr, "tls_start_proxy failed: %d\n", r);
203 switch (r) {
204 case -1:
205 fputs("socketpair", stderr); break;
206 case 2:
207 fputs("FD_SETSIZE exceeded", stderr); break;
208 case -3:
209 fputs("pipe", stderr); break;
210 case -4:
211 fputs("fork", stderr); break;
212 case -5:
213 fputs("dup2", stderr); break;
214 default:
215 fputs("?", stderr);
216 }
217 if (r < 0)
218 perror("");
219 else
220 fputc('\n', stderr);
221 exit(1);
222 }
223
224 r = read(infofd, infobuf, sizeof infobuf - 1);
225 if (r > 0) {
226 const char *info = infobuf;
227 const char *eol;
228
229 infobuf[r] = '\0';
230 while ((eol = strchr(info, '\n')) != NULL) {
231 fprintf(stderr, "+++ `%.*s'\n", eol - info, info);
232 info = eol+1;
233 }
234 close (infofd);
235 }
236 } else {
237 fprintf(stderr, "W... write line to network\n"
238 "R[n] read line (n lines) from network\n"
239 "C close\n"
240 "T start %sTLS proxy\n", tls ? "another " : "");
241 }
242 }
243 return 0;
244}
diff --git a/src/lib/libssl/src/demos/easy_tls/test.h b/src/lib/libssl/src/demos/easy_tls/test.h
deleted file mode 100644
index b88d569fe8..0000000000
--- a/src/lib/libssl/src/demos/easy_tls/test.h
+++ /dev/null
@@ -1,11 +0,0 @@
1/* test.h */
2/* $Id: test.h,v 1.5 2014/04/13 15:25:34 miod Exp $ */
3
4
5void test_process_init(int fd, int client_p, void *apparg);
6#define TLS_APP_PROCESS_INIT test_process_init
7
8#undef TLS_CUMULATE_ERRORS
9
10void test_errflush(int child_p, char *errbuf, size_t num, void *apparg);
11#define TLS_APP_ERRFLUSH test_errflush
diff --git a/src/lib/libssl/src/demos/eay/Makefile b/src/lib/libssl/src/demos/eay/Makefile
deleted file mode 100644
index 2d22eaca56..0000000000
--- a/src/lib/libssl/src/demos/eay/Makefile
+++ /dev/null
@@ -1,24 +0,0 @@
1CC=cc
2CFLAGS= -g -I../../include
3#LIBS= -L../.. -lcrypto -lssl
4LIBS= -L../.. ../../libssl.a ../../libcrypto.a
5
6# the file conn.c requires a file "proxy.h" which I couldn't find...
7#EXAMPLES=base64 conn loadrsa
8EXAMPLES=base64 loadrsa
9
10all: $(EXAMPLES)
11
12base64: base64.o
13 $(CC) -o base64 base64.o $(LIBS)
14#
15# sorry... can't find "proxy.h"
16#conn: conn.o
17# $(CC) -o conn conn.o $(LIBS)
18
19loadrsa: loadrsa.o
20 $(CC) -o loadrsa loadrsa.o $(LIBS)
21
22clean:
23 rm -f $(EXAMPLES) *.o
24
diff --git a/src/lib/libssl/src/demos/eay/base64.c b/src/lib/libssl/src/demos/eay/base64.c
deleted file mode 100644
index 4b8b0627d1..0000000000
--- a/src/lib/libssl/src/demos/eay/base64.c
+++ /dev/null
@@ -1,49 +0,0 @@
1/* This is a simple example of using the base64 BIO to a memory BIO and then
2 * getting the data.
3 */
4#include <stdio.h>
5#include <openssl/bio.h>
6#include <openssl/evp.h>
7
8main()
9 {
10 int i;
11 BIO *mbio,*b64bio,*bio;
12 char buf[512];
13 char *p;
14
15 mbio=BIO_new(BIO_s_mem());
16 b64bio=BIO_new(BIO_f_base64());
17
18 bio=BIO_push(b64bio,mbio);
19 /* We now have bio pointing at b64->mem, the base64 bio encodes on
20 * write and decodes on read */
21
22 for (;;)
23 {
24 i=fread(buf,1,512,stdin);
25 if (i <= 0) break;
26 BIO_write(bio,buf,i);
27 }
28 /* We need to 'flush' things to push out the encoding of the
29 * last few bytes. There is special encoding if it is not a
30 * multiple of 3
31 */
32 BIO_flush(bio);
33
34 printf("We have %d bytes available\n",BIO_pending(mbio));
35
36 /* We will now get a pointer to the data and the number of elements. */
37 /* hmm... this one was not defined by a macro in bio.h, it will be for
38 * 0.9.1. The other option is too just read from the memory bio.
39 */
40 i=(int)BIO_ctrl(mbio,BIO_CTRL_INFO,0,(char *)&p);
41
42 printf("%d\n",i);
43 fwrite("---\n",1,4,stdout);
44 fwrite(p,1,i,stdout);
45 fwrite("---\n",1,4,stdout);
46
47 /* This call will walk the chain freeing all the BIOs */
48 BIO_free_all(bio);
49 }
diff --git a/src/lib/libssl/src/demos/eay/conn.c b/src/lib/libssl/src/demos/eay/conn.c
deleted file mode 100644
index c4b8f5163e..0000000000
--- a/src/lib/libssl/src/demos/eay/conn.c
+++ /dev/null
@@ -1,105 +0,0 @@
1/* NOCW */
2/* demos/eay/conn.c */
3
4/* A minimal program to connect to a port using the sock4a protocol.
5 *
6 * cc -I../../include conn.c -L../.. -lcrypto
7 */
8#include <stdio.h>
9#include <stdlib.h>
10#include <openssl/err.h>
11#include <openssl/bio.h>
12/* #include "proxy.h" */
13
14extern int errno;
15
16int main(argc,argv)
17int argc;
18char *argv[];
19 {
20 PROXY *pxy;
21 char *host;
22 char buf[1024*10],*p;
23 BIO *bio;
24 int i,len,off,ret=1;
25
26 if (argc <= 1)
27 host="localhost:4433";
28 else
29 host=argv[1];
30
31 /* Lets get nice error messages */
32 ERR_load_crypto_strings();
33
34 /* First, configure proxy settings */
35 pxy=PROXY_new();
36 PROXY_add_server(pxy,PROXY_PROTOCOL_SOCKS,"gromit:1080");
37
38 bio=BIO_new(BIO_s_socks4a_connect());
39
40 BIO_set_conn_hostname(bio,host);
41 BIO_set_proxies(bio,pxy);
42 BIO_set_socks_userid(bio,"eay");
43 BIO_set_nbio(bio,1);
44
45 p="GET / HTTP/1.0\r\n\r\n";
46 len=strlen(p);
47
48 off=0;
49 for (;;)
50 {
51 i=BIO_write(bio,&(p[off]),len);
52 if (i <= 0)
53 {
54 if (BIO_should_retry(bio))
55 {
56 fprintf(stderr,"write DELAY\n");
57 sleep(1);
58 continue;
59 }
60 else
61 {
62 goto err;
63 }
64 }
65 off+=i;
66 len-=i;
67 if (len <= 0) break;
68 }
69
70 for (;;)
71 {
72 i=BIO_read(bio,buf,sizeof(buf));
73 if (i == 0) break;
74 if (i < 0)
75 {
76 if (BIO_should_retry(bio))
77 {
78 fprintf(stderr,"read DELAY\n");
79 sleep(1);
80 continue;
81 }
82 goto err;
83 }
84 fwrite(buf,1,i,stdout);
85 }
86
87 ret=1;
88
89 if (0)
90 {
91err:
92 if (ERR_peek_error() == 0) /* system call error */
93 {
94 fprintf(stderr,"errno=%d ",errno);
95 perror("error");
96 }
97 else
98 ERR_print_errors_fp(stderr);
99 }
100 BIO_free_all(bio);
101 if (pxy != NULL) PROXY_free(pxy);
102 exit(!ret);
103 return(ret);
104 }
105
diff --git a/src/lib/libssl/src/demos/eay/loadrsa.c b/src/lib/libssl/src/demos/eay/loadrsa.c
deleted file mode 100644
index 79f1885ca4..0000000000
--- a/src/lib/libssl/src/demos/eay/loadrsa.c
+++ /dev/null
@@ -1,53 +0,0 @@
1#include <stdio.h>
2#include <openssl/rsa.h>
3
4/* This is a simple program to generate an RSA private key. It then
5 * saves both the public and private key into a char array, then
6 * re-reads them. It saves them as DER encoded binary data.
7 */
8
9void callback(stage,count,arg)
10int stage,count;
11char *arg;
12 {
13 FILE *out;
14
15 out=(FILE *)arg;
16 fprintf(out,"%d",stage);
17 if (stage == 3)
18 fprintf(out,"\n");
19 fflush(out);
20 }
21
22main()
23 {
24 RSA *rsa,*pub_rsa,*priv_rsa;
25 int len;
26 unsigned char buf[1024],*p;
27
28 rsa=RSA_generate_key(512,RSA_F4,callback,(char *)stdout);
29
30 p=buf;
31
32 /* Save the public key into buffer, we know it will be big enough
33 * but we should really check how much space we need by calling the
34 * i2d functions with a NULL second parameter */
35 len=i2d_RSAPublicKey(rsa,&p);
36 len+=i2d_RSAPrivateKey(rsa,&p);
37
38 printf("The public and private key are now both in a char array\n");
39 printf("and are taking up %d bytes\n",len);
40
41 RSA_free(rsa);
42
43 p=buf;
44 pub_rsa=d2i_RSAPublicKey(NULL,&p,(long)len);
45 len-=(p-buf);
46 priv_rsa=d2i_RSAPrivateKey(NULL,&p,(long)len);
47
48 if ((pub_rsa == NULL) || (priv_rsa == NULL))
49 ERR_print_errors_fp(stderr);
50
51 RSA_free(pub_rsa);
52 RSA_free(priv_rsa);
53 }
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/Makefile b/src/lib/libssl/src/demos/engines/cluster_labs/Makefile
deleted file mode 100644
index 956193f093..0000000000
--- a/src/lib/libssl/src/demos/engines/cluster_labs/Makefile
+++ /dev/null
@@ -1,114 +0,0 @@
1LIBNAME= libclabs
2SRC= hw_cluster_labs.c
3OBJ= hw_cluster_labs.o
4HEADER= hw_cluster_labs.h
5
6CC= gcc
7PIC= -fPIC
8CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
9AR= ar r
10RANLIB= ranlib
11
12LIB= $(LIBNAME).a
13SHLIB= $(LIBNAME).so
14
15all:
16 @echo 'Please choose a system to build on:'
17 @echo ''
18 @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
19 @echo 'solaris: Solaris'
20 @echo 'irix: IRIX'
21 @echo 'hpux32: 32-bit HP/UX'
22 @echo 'hpux64: 64-bit HP/UX'
23 @echo 'aix: AIX'
24 @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
25 @echo ''
26
27FORCE.update:
28update: FORCE.update
29 perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
30 -nostatic -staticloader -write hw_cluster_labs.c
31
32gnu: $(SHLIB).gnu
33tru64: $(SHLIB).tru64
34solaris: $(SHLIB).solaris
35irix: $(SHLIB).irix
36hpux32: $(SHLIB).hpux32
37hpux64: $(SHLIB).hpux64
38aix: $(SHLIB).aix
39
40$(LIB): $(OBJ)
41 $(AR) $(LIB) $(OBJ)
42 - $(RANLIB) $(LIB)
43
44LINK_SO= \
45 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
46 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
47 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
48
49$(SHLIB).gnu: $(LIB)
50 ALLSYMSFLAGS='--whole-archive' \
51 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
52 SHAREDCMD='$(CC)'; \
53 $(LINK_SO)
54 touch $(SHLIB).gnu
55$(SHLIB).tru64: $(LIB)
56 ALLSYMSFLAGS='-all' \
57 SHAREDFLAGS='-shared' \
58 SHAREDCMD='$(CC)'; \
59 $(LINK_SO)
60 touch $(SHLIB).tru64
61$(SHLIB).solaris: $(LIB)
62 ALLSYMSFLAGS='-z allextract' \
63 SHAREDFLAGS='-G -h $(SHLIB)' \
64 SHAREDCMD='$(CC)'; \
65 $(LINK_SO)
66 touch $(SHLIB).solaris
67$(SHLIB).irix: $(LIB)
68 ALLSYMSFLAGS='-all' \
69 SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
70 SHAREDCMD='$(CC)'; \
71 $(LINK_SO)
72 touch $(SHLIB).irix
73$(SHLIB).hpux32: $(LIB)
74 ALLSYMSFLAGS='-Fl' \
75 SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
76 SHAREDCMD='/usr/ccs/bin/ld'; \
77 $(LINK_SO)
78 touch $(SHLIB).hpux32
79$(SHLIB).hpux64: $(LIB)
80 ALLSYMSFLAGS='+forceload' \
81 SHAREDFLAGS='-b -z +h $(SHLIB)' \
82 SHAREDCMD='/usr/ccs/bin/ld'; \
83 $(LINK_SO)
84 touch $(SHLIB).hpux64
85$(SHLIB).aix: $(LIB)
86 ALLSYMSFLAGS='-bnogc' \
87 SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
88 SHAREDCMD='$(CC)'; \
89 $(LINK_SO)
90 touch $(SHLIB).aix
91
92depend:
93 sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
94 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
95 gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
96 perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
97 rm -f Makefile.tmp Makefile
98 mv Makefile.new Makefile
99
100# DO NOT DELETE THIS LINE -- make depend depends on it.
101
102rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
103rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
104rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
105rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
106rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
107rsaref.o: ../../../include/openssl/opensslconf.h
108rsaref.o: ../../../include/openssl/opensslv.h
109rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
110rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
111rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
112rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
113rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
114rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h b/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h
deleted file mode 100644
index d0926796f0..0000000000
--- a/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h
+++ /dev/null
@@ -1,35 +0,0 @@
1typedef int cl_engine_init(void);
2typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
3 const BIGNUM *m, BN_CTX *cgx);
4typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
5 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
6 const BIGNUM *iqmp, BN_CTX *ctx);
7typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
8typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
9 unsigned char *to, RSA *rsa, int padding);
10typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
11 unsigned char *to, RSA *rsa, int padding);
12typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,
13 unsigned char *to, RSA *rsa, int padding);
14typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,
15 unsigned char *to, RSA *rsa, int padding);
16typedef int cl_rand_bytes(unsigned char *buf, int num);
17typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
18typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
19 DSA_SIG *sig, DSA *dsa);
20
21
22static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
23static const char *CLUSTER_LABS_F1 = "hw_engine_init";
24static const char *CLUSTER_LABS_F2 = "hw_mod_exp";
25static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt";
26static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp";
27static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc";
28static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec";
29static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc";
30static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec";
31static const char *CLUSTER_LABS_F20 = "hw_rand_bytes";
32static const char *CLUSTER_LABS_F30 = "hw_dsa_sign";
33static const char *CLUSTER_LABS_F31 = "hw_dsa_verify";
34
35
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c
deleted file mode 100644
index 036f48bafa..0000000000
--- a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c
+++ /dev/null
@@ -1,721 +0,0 @@
1/* crypto/engine/hw_cluster_labs.c */
2/* Written by Jan Tschirschwitz (jan.tschirschwitz@cluster-labs.com
3 * for the OpenSSL project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#define MSC_VER /* only used cryptic.h */
60
61#include <stdio.h>
62#include <openssl/crypto.h>
63#include <openssl/dso.h>
64#include <openssl/des.h>
65#include <openssl/engine.h>
66
67#ifndef NO_HW
68#ifndef NO_HW_CLUSTER_LABS
69
70#ifdef FLAT_INC
71#include "cluster_labs.h"
72#else
73#include "vendor_defns/cluster_labs.h"
74#endif
75
76#define CL_LIB_NAME "cluster_labs engine"
77#include "hw_cluster_labs_err.c"
78
79
80static int cluster_labs_destroy(ENGINE *e);
81static int cluster_labs_init(ENGINE *e);
82static int cluster_labs_finish(ENGINE *e);
83static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
84
85
86/* BIGNUM stuff */
87/* This function is aliased to mod_exp (with the mont stuff dropped). */
88static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
89 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
90
91/* RSA stuff */
92#ifndef OPENSSL_NO_RSA
93static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
94 unsigned char *to, RSA *rsa, int padding);
95static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
96 unsigned char *to, RSA *rsa, int padding);
97static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
98 unsigned char *to, RSA *rsa, int padding);
99static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
100 unsigned char *to, RSA *rsa, int padding);
101static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
102#endif
103
104/* DSA stuff */
105#ifndef OPENSSL_NO_DSA
106static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
107static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
108 DSA_SIG *sig, DSA *dsa);
109static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
110 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
111 BN_CTX *ctx, BN_MONT_CTX *in_mont);
112static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
113 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
114 BN_MONT_CTX *m_ctx);
115#endif
116
117/* DH stuff */
118#ifndef OPENSSL_NO_DH
119/* This function is alised to mod_exp (with the DH and mont dropped). */
120static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
121 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
122#endif
123
124/* RANDOM stuff */
125static int cluster_labs_rand_bytes(unsigned char *buf, int num);
126
127/* The definitions for control commands specific to this engine */
128#define CLUSTER_LABS_CMD_SO_PATH ENGINE_CMD_BASE
129static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] =
130 {
131 { CLUSTER_LABS_CMD_SO_PATH,
132 "SO_PATH",
133 "Specifies the path to the 'cluster labs' shared library",
134 ENGINE_CMD_FLAG_STRING
135 },
136 {0, NULL, NULL, 0}
137 };
138
139/* Our internal RSA_METHOD that we provide pointers to */
140#ifndef OPENSSL_NO_RSA
141static RSA_METHOD cluster_labs_rsa =
142 {
143 "Cluster Labs RSA method",
144 cluster_labs_rsa_pub_enc, /* rsa_pub_enc */
145 cluster_labs_rsa_pub_dec, /* rsa_pub_dec */
146 cluster_labs_rsa_priv_enc, /* rsa_priv_enc */
147 cluster_labs_rsa_priv_dec, /* rsa_priv_dec */
148 cluster_labs_rsa_mod_exp, /* rsa_mod_exp */
149 cluster_labs_mod_exp_mont, /* bn_mod_exp */
150 NULL, /* init */
151 NULL, /* finish */
152 0, /* flags */
153 NULL, /* apps_data */
154 NULL, /* rsa_sign */
155 NULL /* rsa_verify */
156 };
157#endif
158
159/* Our internal DSA_METHOD that we provide pointers to */
160#ifndef OPENSSL_NO_DSA
161static DSA_METHOD cluster_labs_dsa =
162 {
163 "Cluster Labs DSA method",
164 cluster_labs_dsa_sign, /* dsa_do_sign */
165 NULL, /* dsa_sign_setup */
166 cluster_labs_dsa_verify, /* dsa_do_verify */
167 cluster_labs_dsa_mod_exp, /* dsa_mod_exp */
168 cluster_labs_mod_exp_dsa, /* bn_mod_exp */
169 NULL, /* init */
170 NULL, /* finish */
171 0, /* flags */
172 NULL /* app_data */
173 };
174#endif
175
176/* Our internal DH_METHOD that we provide pointers to */
177#ifndef OPENSSL_NO_DH
178static DH_METHOD cluster_labs_dh =
179 {
180 "Cluster Labs DH method",
181 NULL, /* generate key */
182 NULL, /* compute key */
183 cluster_labs_mod_exp_dh, /* bn_mod_exp */
184 NULL, /* init */
185 NULL, /* finish */
186 0, /* flags */
187 NULL /* app_data */
188 };
189#endif
190
191static RAND_METHOD cluster_labs_rand =
192 {
193 /* "Cluster Labs RAND method", */
194 NULL, /* seed */
195 cluster_labs_rand_bytes, /* bytes */
196 NULL, /* cleanup */
197 NULL, /* add */
198 cluster_labs_rand_bytes, /* pseudorand */
199 NULL, /* status */
200 };
201
202static const char *engine_cluster_labs_id = "cluster_labs";
203static const char *engine_cluster_labs_name = "Cluster Labs hardware engine support";
204
205/* engine implementation */
206/*-----------------------*/
207static int bind_helper(ENGINE *e)
208 {
209
210 if(!ENGINE_set_id(e, engine_cluster_labs_id) ||
211 !ENGINE_set_name(e, engine_cluster_labs_name) ||
212#ifndef OPENSSL_NO_RSA
213 !ENGINE_set_RSA(e, &cluster_labs_rsa) ||
214#endif
215#ifndef OPENSSL_NO_DSA
216 !ENGINE_set_DSA(e, &cluster_labs_dsa) ||
217#endif
218#ifndef OPENSSL_NO_DH
219 !ENGINE_set_DH(e, &cluster_labs_dh) ||
220#endif
221 !ENGINE_set_RAND(e, &cluster_labs_rand) ||
222 !ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
223 !ENGINE_set_init_function(e, cluster_labs_init) ||
224 !ENGINE_set_finish_function(e, cluster_labs_finish) ||
225 !ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
226 !ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
227 return 0;
228 /* Ensure the error handling is set up */
229 ERR_load_CL_strings();
230 return 1;
231 }
232
233#ifndef ENGINE_DYNAMIC_SUPPORT
234static ENGINE *engine_cluster_labs(void)
235 {
236 ENGINE *ret = ENGINE_new();
237
238 if(!ret)
239 return NULL;
240 if(!bind_helper(ret))
241 {
242 ENGINE_free(ret);
243 return NULL;
244 }
245 return ret;
246 }
247
248#ifdef ENGINE_DYNAMIC_SUPPORT
249static
250#endif
251void ENGINE_load_cluster_labs(void)
252 {
253
254 ENGINE *cluster_labs = engine_cluster_labs();
255
256 if(!cluster_labs) return;
257 ENGINE_add(cluster_labs);
258 ENGINE_free(cluster_labs);
259 ERR_clear_error();
260 }
261#endif /* !ENGINE_DYNAMIC_SUPPORT */
262
263static int cluster_labs_destroy(ENGINE *e)
264 {
265
266 ERR_unload_CL_strings();
267 return 1;
268 }
269
270
271
272/* This is a process-global DSO handle used for loading and unloading
273 * the Cluster Labs library. NB: This is only set (or unset) during an
274 * init() or finish() call (reference counts permitting) and they're
275 * operating with global locks, so this should be thread-safe
276 * implicitly. */
277static DSO *cluster_labs_dso = NULL;
278
279/* These are the function pointers that are (un)set when the library has
280 * successfully (un)loaded. */
281static cl_engine_init *p_cl_engine_init = NULL;
282static cl_mod_exp *p_cl_mod_exp = NULL;
283static cl_mod_exp_crt *p_cl_mod_exp_crt = NULL;
284static cl_rsa_mod_exp *p_cl_rsa_mod_exp = NULL;
285static cl_rsa_priv_enc *p_cl_rsa_priv_enc = NULL;
286static cl_rsa_priv_dec *p_cl_rsa_priv_dec = NULL;
287static cl_rsa_pub_enc *p_cl_rsa_pub_enc = NULL;
288static cl_rsa_pub_dec *p_cl_rsa_pub_dec = NULL;
289static cl_rand_bytes *p_cl_rand_bytes = NULL;
290static cl_dsa_sign *p_cl_dsa_sign = NULL;
291static cl_dsa_verify *p_cl_dsa_verify = NULL;
292
293
294int cluster_labs_init(ENGINE *e)
295 {
296
297 cl_engine_init *p1;
298 cl_mod_exp *p2;
299 cl_mod_exp_crt *p3;
300 cl_rsa_mod_exp *p4;
301 cl_rsa_priv_enc *p5;
302 cl_rsa_priv_dec *p6;
303 cl_rsa_pub_enc *p7;
304 cl_rsa_pub_dec *p8;
305 cl_rand_bytes *p20;
306 cl_dsa_sign *p30;
307 cl_dsa_verify *p31;
308
309 /* engine already loaded */
310 if(cluster_labs_dso != NULL)
311 {
312 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_ALREADY_LOADED);
313 goto err;
314 }
315 /* try to load engine */
316 cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL,0);
317 if(cluster_labs_dso == NULL)
318 {
319 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
320 goto err;
321 }
322 /* bind functions */
323 if( !(p1 = (cl_engine_init *)DSO_bind_func(
324 cluster_labs_dso, CLUSTER_LABS_F1)) ||
325 !(p2 = (cl_mod_exp *)DSO_bind_func(
326 cluster_labs_dso, CLUSTER_LABS_F2)) ||
327 !(p3 = (cl_mod_exp_crt *)DSO_bind_func(
328 cluster_labs_dso, CLUSTER_LABS_F3)) ||
329 !(p4 = (cl_rsa_mod_exp *)DSO_bind_func(
330 cluster_labs_dso, CLUSTER_LABS_F4)) ||
331 !(p5 = (cl_rsa_priv_enc *)DSO_bind_func(
332 cluster_labs_dso, CLUSTER_LABS_F5)) ||
333 !(p6 = (cl_rsa_priv_dec *)DSO_bind_func(
334 cluster_labs_dso, CLUSTER_LABS_F6)) ||
335 !(p7 = (cl_rsa_pub_enc *)DSO_bind_func(
336 cluster_labs_dso, CLUSTER_LABS_F7)) ||
337 !(p8 = (cl_rsa_pub_dec *)DSO_bind_func(
338 cluster_labs_dso, CLUSTER_LABS_F8)) ||
339 !(p20= (cl_rand_bytes *)DSO_bind_func(
340 cluster_labs_dso, CLUSTER_LABS_F20)) ||
341 !(p30= (cl_dsa_sign *)DSO_bind_func(
342 cluster_labs_dso, CLUSTER_LABS_F30)) ||
343 !(p31= (cl_dsa_verify *)DSO_bind_func(
344 cluster_labs_dso, CLUSTER_LABS_F31)))
345 {
346 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
347 goto err;
348 }
349
350 /* copy function pointers */
351 p_cl_engine_init = p1;
352 p_cl_mod_exp = p2;
353 p_cl_mod_exp_crt = p3;
354 p_cl_rsa_mod_exp = p4;
355 p_cl_rsa_priv_enc = p5;
356 p_cl_rsa_priv_dec = p6;
357 p_cl_rsa_pub_enc = p7;
358 p_cl_rsa_pub_dec = p8;
359 p_cl_rand_bytes = p20;
360 p_cl_dsa_sign = p30;
361 p_cl_dsa_verify = p31;
362
363
364
365 /* cluster labs engine init */
366 if(p_cl_engine_init()== 0){
367 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_INIT_FAILED);
368 goto err;
369 }
370
371 return(1);
372
373err:
374 /* reset all pointers */
375 if(cluster_labs_dso)
376 DSO_free(cluster_labs_dso);
377
378 cluster_labs_dso = NULL;
379 p_cl_engine_init = NULL;
380 p_cl_mod_exp = NULL;
381 p_cl_mod_exp_crt = NULL;
382 p_cl_rsa_mod_exp = NULL;
383 p_cl_rsa_priv_enc = NULL;
384 p_cl_rsa_priv_dec = NULL;
385 p_cl_rsa_pub_enc = NULL;
386 p_cl_rsa_pub_dec = NULL;
387 p_cl_rand_bytes = NULL;
388 p_cl_dsa_sign = NULL;
389 p_cl_dsa_verify = NULL;
390
391 return(0);
392 }
393
394
395static int cluster_labs_finish(ENGINE *e)
396 {
397
398 if(cluster_labs_dso == NULL)
399 {
400 CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_NOT_LOADED);
401 return 0;
402 }
403 if(!DSO_free(cluster_labs_dso))
404 {
405 CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_DSO_FAILURE);
406 return 0;
407 }
408
409 cluster_labs_dso = NULL;
410 p_cl_engine_init = NULL;
411 p_cl_mod_exp = NULL;
412 p_cl_rsa_mod_exp = NULL;
413 p_cl_mod_exp_crt = NULL;
414 p_cl_rsa_priv_enc = NULL;
415 p_cl_rsa_priv_dec = NULL;
416 p_cl_rsa_pub_enc = NULL;
417 p_cl_rsa_pub_dec = NULL;
418 p_cl_rand_bytes = NULL;
419 p_cl_dsa_sign = NULL;
420 p_cl_dsa_verify = NULL;
421
422 return(1);
423
424 }
425
426static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
427 {
428 int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);
429
430 switch(cmd)
431 {
432 case CLUSTER_LABS_CMD_SO_PATH:
433 if(p == NULL)
434 {
435 CLerr(CL_F_CLUSTER_LABS_CTRL,ERR_R_PASSED_NULL_PARAMETER);
436 return 0;
437 }
438 if(initialised)
439 {
440 CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_ALREADY_LOADED);
441 return 0;
442 }
443 CLUSTER_LABS_LIB_NAME = (const char *)p;
444 return 1;
445 default:
446 break;
447 }
448 CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_COMMAND_NOT_IMPLEMENTED);
449 return 0;
450 }
451
452
453static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
454 const BIGNUM *m, BN_CTX *ctx)
455 {
456
457 if(cluster_labs_dso == NULL)
458 {
459 CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_NOT_LOADED);
460 return 0;
461 }
462 if(p_cl_mod_exp == NULL)
463 {
464 CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
465 return 0;
466 }
467
468 return p_cl_mod_exp(r, a, p, m, ctx);
469
470 }
471
472static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
473 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
474 const BIGNUM *iqmp, BN_CTX *ctx)
475 {
476
477 if(cluster_labs_dso == NULL)
478 {
479 CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_NOT_LOADED);
480 return 0;
481 }
482 if(p_cl_mod_exp_crt == NULL)
483 {
484 CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_FUNCTION_NOT_BINDED);
485 return 0;
486 }
487
488 return p_cl_mod_exp_crt(r, a, p, q,dmp1, dmq1, iqmp, ctx);
489
490 }
491
492static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
493 {
494
495 if(cluster_labs_dso == NULL)
496 {
497 CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_NOT_LOADED);
498 return 0;
499 }
500 if(p_cl_rsa_mod_exp == NULL)
501 {
502 CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
503 return 0;
504 }
505
506 return p_cl_rsa_mod_exp(r0, I, rsa);
507
508 }
509
510static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
511 {
512
513 if(cluster_labs_dso == NULL)
514 {
515 CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_NOT_LOADED);
516 return 0;
517 }
518 if(p_cl_dsa_sign == NULL)
519 {
520 CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_FUNCTION_NOT_BINDED);
521 return 0;
522 }
523
524 return p_cl_dsa_sign(dgst, dlen, dsa);
525
526 }
527
528static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
529 DSA_SIG *sig, DSA *dsa)
530 {
531
532 if(cluster_labs_dso == NULL)
533 {
534 CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_NOT_LOADED);
535 return 0;
536 }
537
538 if(p_cl_dsa_verify == NULL)
539 {
540 CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_FUNCTION_NOT_BINDED);
541 return 0;
542 }
543
544 return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);
545
546 }
547
548static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
549 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
550 BN_CTX *ctx, BN_MONT_CTX *in_mont)
551 {
552 BIGNUM t;
553 int status = 0;
554
555 BN_init(&t);
556 /* let rr = a1 ^ p1 mod m */
557 if (!cluster_labs_mod_exp(rr,a1,p1,m,ctx)) goto end;
558 /* let t = a2 ^ p2 mod m */
559 if (!cluster_labs_mod_exp(&t,a2,p2,m,ctx)) goto end;
560 /* let rr = rr * t mod m */
561 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
562 status = 1;
563end:
564 BN_free(&t);
565
566 return(1);
567
568 }
569
570static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
571 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
572 BN_MONT_CTX *m_ctx)
573 {
574 return cluster_labs_mod_exp(r, a, p, m, ctx);
575 }
576
577/* This function is aliased to mod_exp (with the mont stuff dropped). */
578static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
579 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
580 {
581 return cluster_labs_mod_exp(r, a, p, m, ctx);
582 }
583
584
585/* This function is aliased to mod_exp (with the dh and mont dropped). */
586static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
587 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
588 {
589 return cluster_labs_mod_exp(r, a, p, m, ctx);
590 }
591
592
593static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
594 unsigned char *to, RSA *rsa, int padding)
595 {
596
597 if(cluster_labs_dso == NULL)
598 {
599 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_NOT_LOADED);
600 return 0;
601 }
602 if(p_cl_rsa_priv_enc == NULL)
603 {
604 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_FUNCTION_NOT_BINDED);
605 return 0;
606 }
607
608 return p_cl_rsa_pub_enc(flen, from, to, rsa, padding);
609
610 }
611
612static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
613 unsigned char *to, RSA *rsa, int padding)
614 {
615
616 if(cluster_labs_dso == NULL)
617 {
618 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_NOT_LOADED);
619 return 0;
620 }
621 if(p_cl_rsa_priv_enc == NULL)
622 {
623 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_FUNCTION_NOT_BINDED);
624 return 0;
625 }
626
627 return p_cl_rsa_pub_dec(flen, from, to, rsa, padding);
628
629 }
630
631
632static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
633 unsigned char *to, RSA *rsa, int padding)
634 {
635
636 if(cluster_labs_dso == NULL)
637 {
638 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_NOT_LOADED);
639 return 0;
640 }
641
642 if(p_cl_rsa_priv_enc == NULL)
643 {
644 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_FUNCTION_NOT_BINDED);
645 return 0;
646 }
647
648 return p_cl_rsa_priv_enc(flen, from, to, rsa, padding);
649
650 }
651
652static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
653 unsigned char *to, RSA *rsa, int padding)
654 {
655
656 if(cluster_labs_dso == NULL)
657 {
658 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_NOT_LOADED);
659 return 0;
660 }
661 if(p_cl_rsa_priv_dec == NULL)
662 {
663 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_FUNCTION_NOT_BINDED);
664 return 0;
665 }
666
667 return p_cl_rsa_priv_dec(flen, from, to, rsa, padding);
668
669 }
670
671/************************************************************************************
672* Symmetric algorithms
673************************************************************************************/
674/* this will be come soon! */
675
676/************************************************************************************
677* Random generator
678************************************************************************************/
679
680static int cluster_labs_rand_bytes(unsigned char *buf, int num){
681
682 if(cluster_labs_dso == NULL)
683 {
684 CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_NOT_LOADED);
685 return 0;
686 }
687 if(p_cl_mod_exp_crt == NULL)
688 {
689 CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_FUNCTION_NOT_BINDED);
690 return 0;
691 }
692
693 return p_cl_rand_bytes(buf, num);
694
695}
696
697
698/* This stuff is needed if this ENGINE is being compiled into a self-contained
699 * shared-library. */
700#ifdef ENGINE_DYNAMIC_SUPPORT
701static int bind_fn(ENGINE *e, const char *id)
702 {
703 fprintf(stderr, "bind_fn CLUSTER_LABS\n");
704 if(id && (strcmp(id, engine_cluster_labs_id) != 0)) {
705 fprintf(stderr, "bind_fn return(0) first\n");
706 return 0;
707 }
708 if(!bind_helper(e)) {
709 fprintf(stderr, "bind_fn return(1) first\n");
710 return 0;
711 }
712 fprintf(stderr, "bind_fn return(1)\n");
713 return 1;
714 }
715IMPLEMENT_DYNAMIC_CHECK_FN()
716IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
717#endif /* ENGINE_DYNAMIC_SUPPORT */
718
719#endif /* !NO_HW_CLUSTER_LABS */
720#endif /* !NO_HW */
721
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec
deleted file mode 100644
index 1f64786542..0000000000
--- a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec
+++ /dev/null
@@ -1,8 +0,0 @@
1# configuration file for util/mkerr.pl
2#
3# use like this:
4#
5# perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
6# -nostatic -staticloader -write *.c
7
8L CL hw_cluster_labs_err.h hw_cluster_labs_err.c
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c
deleted file mode 100644
index a7fa4083b1..0000000000
--- a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c
+++ /dev/null
@@ -1,151 +0,0 @@
1/* hw_cluster_labs_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_cluster_labs_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA CL_str_functs[]=
68 {
69{ERR_PACK(0,CL_F_CLUSTER_LABS_CTRL,0), "CLUSTER_LABS_CTRL"},
70{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_SIGN,0), "CLUSTER_LABS_DSA_SIGN"},
71{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_VERIFY,0), "CLUSTER_LABS_DSA_VERIFY"},
72{ERR_PACK(0,CL_F_CLUSTER_LABS_FINISH,0), "CLUSTER_LABS_FINISH"},
73{ERR_PACK(0,CL_F_CLUSTER_LABS_INIT,0), "CLUSTER_LABS_INIT"},
74{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP,0), "CLUSTER_LABS_MOD_EXP"},
75{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP_CRT,0), "CLUSTER_LABS_MOD_EXP_CRT"},
76{ERR_PACK(0,CL_F_CLUSTER_LABS_RAND_BYTES,0), "CLUSTER_LABS_RAND_BYTES"},
77{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_MOD_EXP,0), "CLUSTER_LABS_RSA_MOD_EXP"},
78{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_DEC,0), "CLUSTER_LABS_RSA_PRIV_DEC"},
79{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_ENC,0), "CLUSTER_LABS_RSA_PRIV_ENC"},
80{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_DEC,0), "CLUSTER_LABS_RSA_PUB_DEC"},
81{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_ENC,0), "CLUSTER_LABS_RSA_PUB_ENC"},
82{0,NULL}
83 };
84
85static ERR_STRING_DATA CL_str_reasons[]=
86 {
87{CL_R_ALREADY_LOADED ,"already loaded"},
88{CL_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"},
89{CL_R_DSO_FAILURE ,"dso failure"},
90{CL_R_FUNCTION_NOT_BINDED ,"function not binded"},
91{CL_R_INIT_FAILED ,"init failed"},
92{CL_R_NOT_LOADED ,"not loaded"},
93{0,NULL}
94 };
95
96#endif
97
98#ifdef CL_LIB_NAME
99static ERR_STRING_DATA CL_lib_name[]=
100 {
101{0 ,CL_LIB_NAME},
102{0,NULL}
103 };
104#endif
105
106
107static int CL_lib_error_code=0;
108static int CL_error_init=1;
109
110static void ERR_load_CL_strings(void)
111 {
112 if (CL_lib_error_code == 0)
113 CL_lib_error_code=ERR_get_next_error_library();
114
115 if (CL_error_init)
116 {
117 CL_error_init=0;
118#ifndef OPENSSL_NO_ERR
119 ERR_load_strings(CL_lib_error_code,CL_str_functs);
120 ERR_load_strings(CL_lib_error_code,CL_str_reasons);
121#endif
122
123#ifdef CL_LIB_NAME
124 CL_lib_name->error = ERR_PACK(CL_lib_error_code,0,0);
125 ERR_load_strings(0,CL_lib_name);
126#endif
127 }
128 }
129
130static void ERR_unload_CL_strings(void)
131 {
132 if (CL_error_init == 0)
133 {
134#ifndef OPENSSL_NO_ERR
135 ERR_unload_strings(CL_lib_error_code,CL_str_functs);
136 ERR_unload_strings(CL_lib_error_code,CL_str_reasons);
137#endif
138
139#ifdef CL_LIB_NAME
140 ERR_unload_strings(0,CL_lib_name);
141#endif
142 CL_error_init=1;
143 }
144 }
145
146static void ERR_CL_error(int function, int reason, char *file, int line)
147 {
148 if (CL_lib_error_code == 0)
149 CL_lib_error_code=ERR_get_next_error_library();
150 ERR_PUT_error(CL_lib_error_code,function,reason,file,line);
151 }
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h
deleted file mode 100644
index f548a3b668..0000000000
--- a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h
+++ /dev/null
@@ -1,99 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_CL_ERR_H
56#define HEADER_CL_ERR_H
57
58#ifdef __cplusplus
59extern "C" {
60#endif
61
62/* BEGIN ERROR CODES */
63/* The following lines are auto generated by the script mkerr.pl. Any changes
64 * made after this point may be overwritten when the script is next run.
65 */
66static void ERR_load_CL_strings(void);
67static void ERR_unload_CL_strings(void);
68static void ERR_CL_error(int function, int reason, char *file, int line);
69#define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
70
71/* Error codes for the CL functions. */
72
73/* Function codes. */
74#define CL_F_CLUSTER_LABS_CTRL 100
75#define CL_F_CLUSTER_LABS_DSA_SIGN 101
76#define CL_F_CLUSTER_LABS_DSA_VERIFY 102
77#define CL_F_CLUSTER_LABS_FINISH 103
78#define CL_F_CLUSTER_LABS_INIT 104
79#define CL_F_CLUSTER_LABS_MOD_EXP 105
80#define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106
81#define CL_F_CLUSTER_LABS_RAND_BYTES 107
82#define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108
83#define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109
84#define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110
85#define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111
86#define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112
87
88/* Reason codes. */
89#define CL_R_ALREADY_LOADED 100
90#define CL_R_COMMAND_NOT_IMPLEMENTED 101
91#define CL_R_DSO_FAILURE 102
92#define CL_R_FUNCTION_NOT_BINDED 103
93#define CL_R_INIT_FAILED 104
94#define CL_R_NOT_LOADED 105
95
96#ifdef __cplusplus
97}
98#endif
99#endif
diff --git a/src/lib/libssl/src/demos/engines/ibmca/Makefile b/src/lib/libssl/src/demos/engines/ibmca/Makefile
deleted file mode 100644
index 72f3546359..0000000000
--- a/src/lib/libssl/src/demos/engines/ibmca/Makefile
+++ /dev/null
@@ -1,114 +0,0 @@
1LIBNAME= libibmca
2SRC= hw_ibmca.c
3OBJ= hw_ibmca.o
4HEADER= hw_ibmca.h
5
6CC= gcc
7PIC= -fPIC
8CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
9AR= ar r
10RANLIB= ranlib
11
12LIB= $(LIBNAME).a
13SHLIB= $(LIBNAME).so
14
15all:
16 @echo 'Please choose a system to build on:'
17 @echo ''
18 @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
19 @echo 'solaris: Solaris'
20 @echo 'irix: IRIX'
21 @echo 'hpux32: 32-bit HP/UX'
22 @echo 'hpux64: 64-bit HP/UX'
23 @echo 'aix: AIX'
24 @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
25 @echo ''
26
27FORCE.update:
28update: FORCE.update
29 perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
30 -nostatic -staticloader -write hw_ibmca.c
31
32gnu: $(SHLIB).gnu
33tru64: $(SHLIB).tru64
34solaris: $(SHLIB).solaris
35irix: $(SHLIB).irix
36hpux32: $(SHLIB).hpux32
37hpux64: $(SHLIB).hpux64
38aix: $(SHLIB).aix
39
40$(LIB): $(OBJ)
41 $(AR) $(LIB) $(OBJ)
42 - $(RANLIB) $(LIB)
43
44LINK_SO= \
45 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
46 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
47 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
48
49$(SHLIB).gnu: $(LIB)
50 ALLSYMSFLAGS='--whole-archive' \
51 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
52 SHAREDCMD='$(CC)'; \
53 $(LINK_SO)
54 touch $(SHLIB).gnu
55$(SHLIB).tru64: $(LIB)
56 ALLSYMSFLAGS='-all' \
57 SHAREDFLAGS='-shared' \
58 SHAREDCMD='$(CC)'; \
59 $(LINK_SO)
60 touch $(SHLIB).tru64
61$(SHLIB).solaris: $(LIB)
62 ALLSYMSFLAGS='-z allextract' \
63 SHAREDFLAGS='-G -h $(SHLIB)' \
64 SHAREDCMD='$(CC)'; \
65 $(LINK_SO)
66 touch $(SHLIB).solaris
67$(SHLIB).irix: $(LIB)
68 ALLSYMSFLAGS='-all' \
69 SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
70 SHAREDCMD='$(CC)'; \
71 $(LINK_SO)
72 touch $(SHLIB).irix
73$(SHLIB).hpux32: $(LIB)
74 ALLSYMSFLAGS='-Fl' \
75 SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
76 SHAREDCMD='/usr/ccs/bin/ld'; \
77 $(LINK_SO)
78 touch $(SHLIB).hpux32
79$(SHLIB).hpux64: $(LIB)
80 ALLSYMSFLAGS='+forceload' \
81 SHAREDFLAGS='-b -z +h $(SHLIB)' \
82 SHAREDCMD='/usr/ccs/bin/ld'; \
83 $(LINK_SO)
84 touch $(SHLIB).hpux64
85$(SHLIB).aix: $(LIB)
86 ALLSYMSFLAGS='-bnogc' \
87 SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
88 SHAREDCMD='$(CC)'; \
89 $(LINK_SO)
90 touch $(SHLIB).aix
91
92depend:
93 sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
94 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
95 gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
96 perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
97 rm -f Makefile.tmp Makefile
98 mv Makefile.new Makefile
99
100# DO NOT DELETE THIS LINE -- make depend depends on it.
101
102rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
103rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
104rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
105rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
106rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
107rsaref.o: ../../../include/openssl/opensslconf.h
108rsaref.o: ../../../include/openssl/opensslv.h
109rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
110rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
111rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
112rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
113rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
114rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c
deleted file mode 100644
index 0c2c39b8a7..0000000000
--- a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c
+++ /dev/null
@@ -1,920 +0,0 @@
1/* crypto/engine/hw_ibmca.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59/* (C) COPYRIGHT International Business Machines Corp. 2001 */
60
61#include <stdio.h>
62#include <openssl/crypto.h>
63#include <openssl/dso.h>
64#include <openssl/engine.h>
65
66#ifndef OPENSSL_NO_HW
67#ifndef OPENSSL_NO_HW_IBMCA
68
69#ifdef FLAT_INC
70#include "ica_openssl_api.h"
71#else
72#include "vendor_defns/ica_openssl_api.h"
73#endif
74
75#define IBMCA_LIB_NAME "ibmca engine"
76#include "hw_ibmca_err.c"
77
78static int ibmca_destroy(ENGINE *e);
79static int ibmca_init(ENGINE *e);
80static int ibmca_finish(ENGINE *e);
81static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
82
83static const char *IBMCA_F1 = "icaOpenAdapter";
84static const char *IBMCA_F2 = "icaCloseAdapter";
85static const char *IBMCA_F3 = "icaRsaModExpo";
86static const char *IBMCA_F4 = "icaRandomNumberGenerate";
87static const char *IBMCA_F5 = "icaRsaCrt";
88
89ICA_ADAPTER_HANDLE handle=0;
90
91/* BIGNUM stuff */
92static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
93 const BIGNUM *m, BN_CTX *ctx);
94
95static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
96 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
97 const BIGNUM *iqmp, BN_CTX *ctx);
98
99#ifndef OPENSSL_NO_RSA
100/* RSA stuff */
101static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
102#endif
103
104/* This function is aliased to mod_exp (with the mont stuff dropped). */
105static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
106 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
107
108#ifndef OPENSSL_NO_DSA
109/* DSA stuff */
110static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
111 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
112 BN_CTX *ctx, BN_MONT_CTX *in_mont);
113static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
114 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
115 BN_MONT_CTX *m_ctx);
116#endif
117
118#ifndef OPENSSL_NO_DH
119/* DH stuff */
120/* This function is alised to mod_exp (with the DH and mont dropped). */
121static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r,
122 const BIGNUM *a, const BIGNUM *p,
123 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
124#endif
125
126/* RAND stuff */
127static int ibmca_rand_bytes(unsigned char *buf, int num);
128static int ibmca_rand_status(void);
129
130
131/* WJH - check for more commands, like in nuron */
132
133/* The definitions for control commands specific to this engine */
134#define IBMCA_CMD_SO_PATH ENGINE_CMD_BASE
135static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {
136 {IBMCA_CMD_SO_PATH,
137 "SO_PATH",
138 "Specifies the path to the 'atasi' shared library",
139 ENGINE_CMD_FLAG_STRING},
140 {0, NULL, NULL, 0}
141 };
142
143#ifndef OPENSSL_NO_RSA
144/* Our internal RSA_METHOD that we provide pointers to */
145static RSA_METHOD ibmca_rsa =
146 {
147 "Ibmca RSA method",
148 NULL,
149 NULL,
150 NULL,
151 NULL,
152 ibmca_rsa_mod_exp,
153 ibmca_mod_exp_mont,
154 NULL,
155 NULL,
156 0,
157 NULL,
158 NULL,
159 NULL
160 };
161#endif
162
163#ifndef OPENSSL_NO_DSA
164/* Our internal DSA_METHOD that we provide pointers to */
165static DSA_METHOD ibmca_dsa =
166 {
167 "Ibmca DSA method",
168 NULL, /* dsa_do_sign */
169 NULL, /* dsa_sign_setup */
170 NULL, /* dsa_do_verify */
171 ibmca_dsa_mod_exp, /* dsa_mod_exp */
172 ibmca_mod_exp_dsa, /* bn_mod_exp */
173 NULL, /* init */
174 NULL, /* finish */
175 0, /* flags */
176 NULL /* app_data */
177 };
178#endif
179
180#ifndef OPENSSL_NO_DH
181/* Our internal DH_METHOD that we provide pointers to */
182static DH_METHOD ibmca_dh =
183 {
184 "Ibmca DH method",
185 NULL,
186 NULL,
187 ibmca_mod_exp_dh,
188 NULL,
189 NULL,
190 0,
191 NULL
192 };
193#endif
194
195static RAND_METHOD ibmca_rand =
196 {
197 /* "IBMCA RAND method", */
198 NULL,
199 ibmca_rand_bytes,
200 NULL,
201 NULL,
202 ibmca_rand_bytes,
203 ibmca_rand_status,
204 };
205
206/* Constants used when creating the ENGINE */
207static const char *engine_ibmca_id = "ibmca";
208static const char *engine_ibmca_name = "Ibmca hardware engine support";
209
210/* This internal function is used by ENGINE_ibmca() and possibly by the
211 * "dynamic" ENGINE support too */
212static int bind_helper(ENGINE *e)
213 {
214#ifndef OPENSSL_NO_RSA
215 const RSA_METHOD *meth1;
216#endif
217#ifndef OPENSSL_NO_DSA
218 const DSA_METHOD *meth2;
219#endif
220#ifndef OPENSSL_NO_DH
221 const DH_METHOD *meth3;
222#endif
223 if(!ENGINE_set_id(e, engine_ibmca_id) ||
224 !ENGINE_set_name(e, engine_ibmca_name) ||
225#ifndef OPENSSL_NO_RSA
226 !ENGINE_set_RSA(e, &ibmca_rsa) ||
227#endif
228#ifndef OPENSSL_NO_DSA
229 !ENGINE_set_DSA(e, &ibmca_dsa) ||
230#endif
231#ifndef OPENSSL_NO_DH
232 !ENGINE_set_DH(e, &ibmca_dh) ||
233#endif
234 !ENGINE_set_RAND(e, &ibmca_rand) ||
235 !ENGINE_set_destroy_function(e, ibmca_destroy) ||
236 !ENGINE_set_init_function(e, ibmca_init) ||
237 !ENGINE_set_finish_function(e, ibmca_finish) ||
238 !ENGINE_set_ctrl_function(e, ibmca_ctrl) ||
239 !ENGINE_set_cmd_defns(e, ibmca_cmd_defns))
240 return 0;
241
242#ifndef OPENSSL_NO_RSA
243 /* We know that the "PKCS1_SSLeay()" functions hook properly
244 * to the ibmca-specific mod_exp and mod_exp_crt so we use
245 * those functions. NB: We don't use ENGINE_openssl() or
246 * anything "more generic" because something like the RSAref
247 * code may not hook properly, and if you own one of these
248 * cards then you have the right to do RSA operations on it
249 * anyway! */
250 meth1 = RSA_PKCS1_SSLeay();
251 ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
252 ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
253 ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
254 ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
255#endif
256
257#ifndef OPENSSL_NO_DSA
258 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
259 * bits. */
260 meth2 = DSA_OpenSSL();
261 ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;
262 ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
263 ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;
264#endif
265
266#ifndef OPENSSL_NO_DH
267 /* Much the same for Diffie-Hellman */
268 meth3 = DH_OpenSSL();
269 ibmca_dh.generate_key = meth3->generate_key;
270 ibmca_dh.compute_key = meth3->compute_key;
271#endif
272
273 /* Ensure the ibmca error handling is set up */
274 ERR_load_IBMCA_strings();
275 return 1;
276 }
277
278static ENGINE *engine_ibmca(void)
279 {
280 ENGINE *ret = ENGINE_new();
281 if(!ret)
282 return NULL;
283 if(!bind_helper(ret))
284 {
285 ENGINE_free(ret);
286 return NULL;
287 }
288 return ret;
289 }
290
291#ifdef ENGINE_DYNAMIC_SUPPORT
292static
293#endif
294void ENGINE_load_ibmca(void)
295 {
296 /* Copied from eng_[openssl|dyn].c */
297 ENGINE *toadd = engine_ibmca();
298 if(!toadd) return;
299 ENGINE_add(toadd);
300 ENGINE_free(toadd);
301 ERR_clear_error();
302 }
303
304/* Destructor (complements the "ENGINE_ibmca()" constructor) */
305static int ibmca_destroy(ENGINE *e)
306 {
307 /* Unload the ibmca error strings so any error state including our
308 * functs or reasons won't lead to a segfault (they simply get displayed
309 * without corresponding string data because none will be found). */
310 ERR_unload_IBMCA_strings();
311 return 1;
312 }
313
314
315/* This is a process-global DSO handle used for loading and unloading
316 * the Ibmca library. NB: This is only set (or unset) during an
317 * init() or finish() call (reference counts permitting) and they're
318 * operating with global locks, so this should be thread-safe
319 * implicitly. */
320
321static DSO *ibmca_dso = NULL;
322
323/* These are the function pointers that are (un)set when the library has
324 * successfully (un)loaded. */
325
326static unsigned int (ICA_CALL *p_icaOpenAdapter)();
327static unsigned int (ICA_CALL *p_icaCloseAdapter)();
328static unsigned int (ICA_CALL *p_icaRsaModExpo)();
329static unsigned int (ICA_CALL *p_icaRandomNumberGenerate)();
330static unsigned int (ICA_CALL *p_icaRsaCrt)();
331
332/* utility function to obtain a context */
333static int get_context(ICA_ADAPTER_HANDLE *p_handle)
334 {
335 unsigned int status=0;
336
337 status = p_icaOpenAdapter(0, p_handle);
338 if(status != 0)
339 return 0;
340 return 1;
341 }
342
343/* similarly to release one. */
344static void release_context(ICA_ADAPTER_HANDLE handle)
345 {
346 p_icaCloseAdapter(handle);
347 }
348
349/* (de)initialisation functions. */
350static int ibmca_init(ENGINE *e)
351 {
352
353 void (*p1)();
354 void (*p2)();
355 void (*p3)();
356 void (*p4)();
357 void (*p5)();
358
359 if(ibmca_dso != NULL)
360 {
361 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_ALREADY_LOADED);
362 goto err;
363 }
364 /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
365 * changed unfortunately because the Ibmca drivers don't have
366 * standard library names that can be platform-translated well. */
367 /* TODO: Work out how to actually map to the names the Ibmca
368 * drivers really use - for now a symbollic link needs to be
369 * created on the host system from libatasi.so to atasi.so on
370 * unix variants. */
371
372 /* WJH XXX check name translation */
373
374 ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,
375 /* DSO_FLAG_NAME_TRANSLATION */ 0);
376 if(ibmca_dso == NULL)
377 {
378 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);
379 goto err;
380 }
381
382 if(!(p1 = DSO_bind_func(
383 ibmca_dso, IBMCA_F1)) ||
384 !(p2 = DSO_bind_func(
385 ibmca_dso, IBMCA_F2)) ||
386 !(p3 = DSO_bind_func(
387 ibmca_dso, IBMCA_F3)) ||
388 !(p4 = DSO_bind_func(
389 ibmca_dso, IBMCA_F4)) ||
390 !(p5 = DSO_bind_func(
391 ibmca_dso, IBMCA_F5)))
392 {
393 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);
394 goto err;
395 }
396
397 /* Copy the pointers */
398
399 p_icaOpenAdapter = (unsigned int (ICA_CALL *)())p1;
400 p_icaCloseAdapter = (unsigned int (ICA_CALL *)())p2;
401 p_icaRsaModExpo = (unsigned int (ICA_CALL *)())p3;
402 p_icaRandomNumberGenerate = (unsigned int (ICA_CALL *)())p4;
403 p_icaRsaCrt = (unsigned int (ICA_CALL *)())p5;
404
405 if(!get_context(&handle))
406 {
407 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_UNIT_FAILURE);
408 goto err;
409 }
410
411 return 1;
412 err:
413 if(ibmca_dso)
414 DSO_free(ibmca_dso);
415
416 p_icaOpenAdapter = NULL;
417 p_icaCloseAdapter = NULL;
418 p_icaRsaModExpo = NULL;
419 p_icaRandomNumberGenerate = NULL;
420
421 return 0;
422 }
423
424static int ibmca_finish(ENGINE *e)
425 {
426 if(ibmca_dso == NULL)
427 {
428 IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_NOT_LOADED);
429 return 0;
430 }
431 release_context(handle);
432 if(!DSO_free(ibmca_dso))
433 {
434 IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_DSO_FAILURE);
435 return 0;
436 }
437 ibmca_dso = NULL;
438
439 return 1;
440 }
441
442static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
443 {
444 int initialised = ((ibmca_dso == NULL) ? 0 : 1);
445 switch(cmd)
446 {
447 case IBMCA_CMD_SO_PATH:
448 if(p == NULL)
449 {
450 IBMCAerr(IBMCA_F_IBMCA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
451 return 0;
452 }
453 if(initialised)
454 {
455 IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_ALREADY_LOADED);
456 return 0;
457 }
458 IBMCA_LIBNAME = (const char *)p;
459 return 1;
460 default:
461 break;
462 }
463 IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
464 return 0;
465 }
466
467
468static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
469 const BIGNUM *m, BN_CTX *ctx)
470 {
471 /* I need somewhere to store temporary serialised values for
472 * use with the Ibmca API calls. A neat cheat - I'll use
473 * BIGNUMs from the BN_CTX but access their arrays directly as
474 * byte arrays <grin>. This way I don't have to clean anything
475 * up. */
476
477 BIGNUM *argument=NULL;
478 BIGNUM *result=NULL;
479 BIGNUM *key=NULL;
480 int to_return;
481 int inLen, outLen, tmpLen;
482
483
484 ICA_KEY_RSA_MODEXPO *publKey=NULL;
485 unsigned int rc;
486
487 to_return = 0; /* expect failure */
488
489 if(!ibmca_dso)
490 {
491 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_NOT_LOADED);
492 goto err;
493 }
494 /* Prepare the params */
495 BN_CTX_start(ctx);
496 argument = BN_CTX_get(ctx);
497 result = BN_CTX_get(ctx);
498 key = BN_CTX_get(ctx);
499
500 if( !argument || !result || !key)
501 {
502 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_CTX_FULL);
503 goto err;
504 }
505
506
507 if(!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||
508 !bn_wexpand(key, sizeof(*publKey)/BN_BYTES))
509
510 {
511 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_EXPAND_FAIL);
512 goto err;
513 }
514
515 publKey = (ICA_KEY_RSA_MODEXPO *)key->d;
516
517 if (publKey == NULL)
518 {
519 goto err;
520 }
521 memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));
522
523 publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
524 publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
525 publKey->expOffset = (char *) publKey->keyRecord - (char *) publKey;
526
527 /* A quirk of the card: the exponent length has to be the same
528 as the modulus (key) length */
529
530 outLen = BN_num_bytes(m);
531
532/* check for modulus length SAB*/
533 if (outLen > 256 ) {
534 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_MEXP_LENGTH_TO_LARGE);
535 goto err;
536 }
537/* check for modulus length SAB*/
538
539
540 publKey->expLength = publKey->nLength = outLen;
541/* SAB Check for underflow condition
542 the size of the exponent is less than the size of the parameter
543 then we have a big problem and will underflow the keyRecord
544 buffer. Bad stuff could happen then
545*/
546if (outLen < BN_num_bytes(p)){
547 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_UNDERFLOW_KEYRECORD);
548 goto err;
549}
550/* SAB End check for underflow */
551
552
553 BN_bn2bin(p, &publKey->keyRecord[publKey->expLength -
554 BN_num_bytes(p)]);
555 BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);
556
557
558
559 publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);
560 publKey->nOffset = CORRECT_ENDIANNESS(publKey->expOffset +
561 publKey->expLength);
562
563 publKey->expOffset = CORRECT_ENDIANNESS((char *) publKey->keyRecord -
564 (char *) publKey);
565
566 tmpLen = outLen;
567 publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);
568
569 /* Prepare the argument */
570
571 memset(argument->d, 0, outLen);
572 BN_bn2bin(a, (unsigned char *)argument->d + outLen -
573 BN_num_bytes(a));
574
575 inLen = outLen;
576
577 /* Perform the operation */
578
579 if( (rc = p_icaRsaModExpo(handle, inLen,(unsigned char *)argument->d,
580 publKey, &outLen, (unsigned char *)result->d))
581 !=0 )
582
583 {
584 printf("rc = %d\n", rc);
585 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_REQUEST_FAILED);
586 goto err;
587 }
588
589
590 /* Convert the response */
591 BN_bin2bn((unsigned char *)result->d, outLen, r);
592 to_return = 1;
593 err:
594 BN_CTX_end(ctx);
595 return to_return;
596 }
597
598#ifndef OPENSSL_NO_RSA
599static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
600 {
601 BN_CTX *ctx;
602 int to_return = 0;
603
604 if((ctx = BN_CTX_new()) == NULL)
605 goto err;
606 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
607 {
608 if(!rsa->d || !rsa->n)
609 {
610 IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,
611 IBMCA_R_MISSING_KEY_COMPONENTS);
612 goto err;
613 }
614 to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);
615 }
616 else
617 {
618 to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
619 rsa->dmq1, rsa->iqmp, ctx);
620 }
621 err:
622 if(ctx)
623 BN_CTX_free(ctx);
624 return to_return;
625 }
626#endif
627
628/* Ein kleines chinesisches "Restessen" */
629static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
630 const BIGNUM *q, const BIGNUM *dmp1,
631 const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
632 {
633
634 BIGNUM *argument = NULL;
635 BIGNUM *result = NULL;
636 BIGNUM *key = NULL;
637
638 int to_return = 0; /* expect failure */
639
640 char *pkey=NULL;
641 ICA_KEY_RSA_CRT *privKey=NULL;
642 int inLen, outLen;
643
644 int rc;
645 unsigned int offset, pSize, qSize;
646/* SAB New variables */
647 unsigned int keyRecordSize;
648 unsigned int pbytes = BN_num_bytes(p);
649 unsigned int qbytes = BN_num_bytes(q);
650 unsigned int dmp1bytes = BN_num_bytes(dmp1);
651 unsigned int dmq1bytes = BN_num_bytes(dmq1);
652 unsigned int iqmpbytes = BN_num_bytes(iqmp);
653
654 /* Prepare the params */
655
656 BN_CTX_start(ctx);
657 argument = BN_CTX_get(ctx);
658 result = BN_CTX_get(ctx);
659 key = BN_CTX_get(ctx);
660
661 if(!argument || !result || !key)
662 {
663 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_CTX_FULL);
664 goto err;
665 }
666
667 if(!bn_wexpand(argument, p->top + q->top) ||
668 !bn_wexpand(result, p->top + q->top) ||
669 !bn_wexpand(key, sizeof(*privKey)/BN_BYTES ))
670 {
671 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_EXPAND_FAIL);
672 goto err;
673 }
674
675
676 privKey = (ICA_KEY_RSA_CRT *)key->d;
677/* SAB Add check for total size in bytes of the parms does not exceed
678 the buffer space we have
679 do this first
680*/
681 keyRecordSize = pbytes+qbytes+dmp1bytes+dmq1bytes+iqmpbytes;
682 if ( keyRecordSize > sizeof(privKey->keyRecord )) {
683 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
684 goto err;
685 }
686
687 if ( (qbytes + dmq1bytes) > 256 ){
688 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
689 goto err;
690 }
691
692 if ( pbytes + dmp1bytes > 256 ) {
693 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
694 goto err;
695 }
696
697/* end SAB additions */
698
699 memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));
700 privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
701 privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
702 privKey->modulusBitLength =
703 CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);
704
705 /*
706 * p,dp & qInv are 1 QWORD Larger
707 */
708 privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p)+8);
709 privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));
710 privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1)+8);
711 privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));
712 privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp)+8);
713
714 offset = (char *) privKey->keyRecord
715 - (char *) privKey;
716
717 qSize = BN_num_bytes(q);
718 pSize = qSize + 8; /* 1 QWORD larger */
719
720
721/* SAB probably aittle redundant, but we'll verify that each of the
722 components which make up a key record sent ot the card does not exceed
723 the space that is allocated for it. this handles the case where even if
724 the total length does not exceed keyrecord zied, if the operands are funny sized
725they could cause potential side affects on either the card or the result */
726
727 if ( (pbytes > pSize) || (dmp1bytes > pSize) ||
728 (iqmpbytes > pSize) || ( qbytes >qSize) ||
729 (dmq1bytes > qSize) ) {
730 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
731 goto err;
732
733 }
734
735
736 privKey->dpOffset = CORRECT_ENDIANNESS(offset);
737
738 offset += pSize;
739 privKey->dqOffset = CORRECT_ENDIANNESS(offset);
740
741 offset += qSize;
742 privKey->pOffset = CORRECT_ENDIANNESS(offset);
743
744 offset += pSize;
745 privKey->qOffset = CORRECT_ENDIANNESS(offset);
746
747 offset += qSize;
748 privKey->qInvOffset = CORRECT_ENDIANNESS(offset);
749
750 pkey = (char *) privKey->keyRecord;
751
752
753/* SAB first check that we don;t under flow the buffer */
754 if ( pSize < pbytes ) {
755 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
756 goto err;
757 }
758
759 /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */
760 pkey += pSize - BN_num_bytes(dmp1);
761 BN_bn2bin(dmp1, pkey);
762 pkey += BN_num_bytes(dmp1); /* move the pointer */
763
764 BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */
765
766 pkey += qSize; /* move pointer */
767 pkey += pSize - BN_num_bytes(p); /* set up for zero padding of next field */
768
769 BN_bn2bin(p, pkey);
770 pkey += BN_num_bytes(p); /* increment pointer by number of bytes moved */
771
772 BN_bn2bin(q, pkey);
773 pkey += qSize ; /* move the pointer */
774 pkey += pSize - BN_num_bytes(iqmp); /* Adjust for padding */
775 BN_bn2bin(iqmp, pkey);
776
777 /* Prepare the argument and response */
778
779 outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2; /* Correct endianess is used
780 because the fields were converted above */
781
782 if (outLen > 256) {
783 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OUTLEN_TO_LARGE);
784 goto err;
785 }
786
787 /* SAB check for underflow here on the argeument */
788 if ( outLen < BN_num_bytes(a)) {
789 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_UNDERFLOW_CONDITION);
790 goto err;
791 }
792
793 BN_bn2bin(a, (unsigned char *)argument->d + outLen -
794 BN_num_bytes(a));
795 inLen = outLen;
796
797 memset(result->d, 0, outLen);
798
799 /* Perform the operation */
800
801 if ( (rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,
802 privKey, &outLen, (unsigned char *)result->d)) != 0)
803 {
804 printf("rc = %d\n", rc);
805 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_REQUEST_FAILED);
806 goto err;
807 }
808
809 /* Convert the response */
810
811 BN_bin2bn((unsigned char *)result->d, outLen, r);
812 to_return = 1;
813
814 err:
815 BN_CTX_end(ctx);
816 return to_return;
817
818 }
819
820#ifndef OPENSSL_NO_DSA
821/* This code was liberated and adapted from the commented-out code in
822 * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration
823 * (it doesn't have a CRT form for RSA), this function means that an
824 * Ibmca system running with a DSA server certificate can handshake
825 * around 5 or 6 times faster/more than an equivalent system running with
826 * RSA. Just check out the "signs" statistics from the RSA and DSA parts
827 * of "openssl speed -engine ibmca dsa1024 rsa1024". */
828static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
829 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
830 BN_CTX *ctx, BN_MONT_CTX *in_mont)
831 {
832 BIGNUM t;
833 int to_return = 0;
834
835 BN_init(&t);
836 /* let rr = a1 ^ p1 mod m */
837 if (!ibmca_mod_exp(rr,a1,p1,m,ctx)) goto end;
838 /* let t = a2 ^ p2 mod m */
839 if (!ibmca_mod_exp(&t,a2,p2,m,ctx)) goto end;
840 /* let rr = rr * t mod m */
841 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
842 to_return = 1;
843 end:
844 BN_free(&t);
845 return to_return;
846 }
847
848
849static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
850 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
851 BN_MONT_CTX *m_ctx)
852 {
853 return ibmca_mod_exp(r, a, p, m, ctx);
854 }
855#endif
856
857/* This function is aliased to mod_exp (with the mont stuff dropped). */
858static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
859 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
860 {
861 return ibmca_mod_exp(r, a, p, m, ctx);
862 }
863
864#ifndef OPENSSL_NO_DH
865/* This function is aliased to mod_exp (with the dh and mont dropped). */
866static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r,
867 const BIGNUM *a, const BIGNUM *p,
868 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
869 {
870 return ibmca_mod_exp(r, a, p, m, ctx);
871 }
872#endif
873
874/* Random bytes are good */
875static int ibmca_rand_bytes(unsigned char *buf, int num)
876 {
877 int to_return = 0; /* assume failure */
878 unsigned int ret;
879
880
881 if(handle == 0)
882 {
883 IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_NOT_INITIALISED);
884 goto err;
885 }
886
887 ret = p_icaRandomNumberGenerate(handle, num, buf);
888 if (ret < 0)
889 {
890 IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_REQUEST_FAILED);
891 goto err;
892 }
893 to_return = 1;
894 err:
895 return to_return;
896 }
897
898static int ibmca_rand_status(void)
899 {
900 return 1;
901 }
902
903/* This stuff is needed if this ENGINE is being compiled into a self-contained
904 * shared-library. */
905#ifdef ENGINE_DYNAMIC_SUPPORT
906static int bind_fn(ENGINE *e, const char *id)
907 {
908 if(id && (strcmp(id, engine_ibmca_id) != 0)) /* WJH XXX */
909 return 0;
910 if(!bind_helper(e))
911 return 0;
912 return 1;
913 }
914IMPLEMENT_DYNAMIC_CHECK_FN()
915IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
916#endif /* ENGINE_DYNAMIC_SUPPORT */
917
918
919#endif /* !OPENSSL_NO_HW_IBMCA */
920#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec
deleted file mode 100644
index f68646d237..0000000000
--- a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec
+++ /dev/null
@@ -1,8 +0,0 @@
1# configuration file for util/mkerr.pl
2#
3# use like this:
4#
5# perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
6# -nostatic -staticloader -write *.c
7
8L IBMCA hw_ibmca_err.h hw_ibmca_err.c
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c
deleted file mode 100644
index c4053f6d30..0000000000
--- a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c
+++ /dev/null
@@ -1,154 +0,0 @@
1/* hw_ibmca_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_ibmca_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA IBMCA_str_functs[]=
68 {
69{ERR_PACK(0,IBMCA_F_IBMCA_CTRL,0), "IBMCA_CTRL"},
70{ERR_PACK(0,IBMCA_F_IBMCA_FINISH,0), "IBMCA_FINISH"},
71{ERR_PACK(0,IBMCA_F_IBMCA_INIT,0), "IBMCA_INIT"},
72{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP,0), "IBMCA_MOD_EXP"},
73{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP_CRT,0), "IBMCA_MOD_EXP_CRT"},
74{ERR_PACK(0,IBMCA_F_IBMCA_RAND_BYTES,0), "IBMCA_RAND_BYTES"},
75{ERR_PACK(0,IBMCA_F_IBMCA_RSA_MOD_EXP,0), "IBMCA_RSA_MOD_EXP"},
76{0,NULL}
77 };
78
79static ERR_STRING_DATA IBMCA_str_reasons[]=
80 {
81{IBMCA_R_ALREADY_LOADED ,"already loaded"},
82{IBMCA_R_BN_CTX_FULL ,"bn ctx full"},
83{IBMCA_R_BN_EXPAND_FAIL ,"bn expand fail"},
84{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
85{IBMCA_R_DSO_FAILURE ,"dso failure"},
86{IBMCA_R_MEXP_LENGTH_TO_LARGE ,"mexp length to large"},
87{IBMCA_R_MISSING_KEY_COMPONENTS ,"missing key components"},
88{IBMCA_R_NOT_INITIALISED ,"not initialised"},
89{IBMCA_R_NOT_LOADED ,"not loaded"},
90{IBMCA_R_OPERANDS_TO_LARGE ,"operands to large"},
91{IBMCA_R_OUTLEN_TO_LARGE ,"outlen to large"},
92{IBMCA_R_REQUEST_FAILED ,"request failed"},
93{IBMCA_R_UNDERFLOW_CONDITION ,"underflow condition"},
94{IBMCA_R_UNDERFLOW_KEYRECORD ,"underflow keyrecord"},
95{IBMCA_R_UNIT_FAILURE ,"unit failure"},
96{0,NULL}
97 };
98
99#endif
100
101#ifdef IBMCA_LIB_NAME
102static ERR_STRING_DATA IBMCA_lib_name[]=
103 {
104{0 ,IBMCA_LIB_NAME},
105{0,NULL}
106 };
107#endif
108
109
110static int IBMCA_lib_error_code=0;
111static int IBMCA_error_init=1;
112
113static void ERR_load_IBMCA_strings(void)
114 {
115 if (IBMCA_lib_error_code == 0)
116 IBMCA_lib_error_code=ERR_get_next_error_library();
117
118 if (IBMCA_error_init)
119 {
120 IBMCA_error_init=0;
121#ifndef OPENSSL_NO_ERR
122 ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_functs);
123 ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
124#endif
125
126#ifdef IBMCA_LIB_NAME
127 IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code,0,0);
128 ERR_load_strings(0,IBMCA_lib_name);
129#endif
130 }
131 }
132
133static void ERR_unload_IBMCA_strings(void)
134 {
135 if (IBMCA_error_init == 0)
136 {
137#ifndef OPENSSL_NO_ERR
138 ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_functs);
139 ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
140#endif
141
142#ifdef IBMCA_LIB_NAME
143 ERR_unload_strings(0,IBMCA_lib_name);
144#endif
145 IBMCA_error_init=1;
146 }
147 }
148
149static void ERR_IBMCA_error(int function, int reason, char *file, int line)
150 {
151 if (IBMCA_lib_error_code == 0)
152 IBMCA_lib_error_code=ERR_get_next_error_library();
153 ERR_PUT_error(IBMCA_lib_error_code,function,reason,file,line);
154 }
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h
deleted file mode 100644
index 2070f95799..0000000000
--- a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h
+++ /dev/null
@@ -1,102 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_IBMCA_ERR_H
56#define HEADER_IBMCA_ERR_H
57
58#ifdef __cplusplus
59extern "C" {
60#endif
61
62/* BEGIN ERROR CODES */
63/* The following lines are auto generated by the script mkerr.pl. Any changes
64 * made after this point may be overwritten when the script is next run.
65 */
66static void ERR_load_IBMCA_strings(void);
67static void ERR_unload_IBMCA_strings(void);
68static void ERR_IBMCA_error(int function, int reason, char *file, int line);
69#define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
70
71/* Error codes for the IBMCA functions. */
72
73/* Function codes. */
74#define IBMCA_F_IBMCA_CTRL 100
75#define IBMCA_F_IBMCA_FINISH 101
76#define IBMCA_F_IBMCA_INIT 102
77#define IBMCA_F_IBMCA_MOD_EXP 103
78#define IBMCA_F_IBMCA_MOD_EXP_CRT 104
79#define IBMCA_F_IBMCA_RAND_BYTES 105
80#define IBMCA_F_IBMCA_RSA_MOD_EXP 106
81
82/* Reason codes. */
83#define IBMCA_R_ALREADY_LOADED 100
84#define IBMCA_R_BN_CTX_FULL 101
85#define IBMCA_R_BN_EXPAND_FAIL 102
86#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
87#define IBMCA_R_DSO_FAILURE 104
88#define IBMCA_R_MEXP_LENGTH_TO_LARGE 105
89#define IBMCA_R_MISSING_KEY_COMPONENTS 106
90#define IBMCA_R_NOT_INITIALISED 107
91#define IBMCA_R_NOT_LOADED 108
92#define IBMCA_R_OPERANDS_TO_LARGE 109
93#define IBMCA_R_OUTLEN_TO_LARGE 110
94#define IBMCA_R_REQUEST_FAILED 111
95#define IBMCA_R_UNDERFLOW_CONDITION 112
96#define IBMCA_R_UNDERFLOW_KEYRECORD 113
97#define IBMCA_R_UNIT_FAILURE 114
98
99#ifdef __cplusplus
100}
101#endif
102#endif
diff --git a/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h b/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h
deleted file mode 100644
index c77e0fd5c0..0000000000
--- a/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h
+++ /dev/null
@@ -1,189 +0,0 @@
1
2#ifndef __ICA_OPENSSL_API_H__
3#define __ICA_OPENSSL_API_H__
4
5/**
6 ** abstract data types for API
7 **/
8
9#define ICA_ADAPTER_HANDLE int
10
11#if defined(linux) || defined (_AIX)
12#define ICA_CALL
13#endif
14
15#if defined(WIN32) || defined(_WIN32)
16#define ICA_CALL __stdcall
17#endif
18
19/*------------------------------------------------*
20 | RSA defines and typedefs |
21 *------------------------------------------------*/
22 /*
23 * All data elements of the RSA key are in big-endian format
24 * Modulus-Exponent form of key
25 *
26 */
27 #define MAX_EXP_SIZE 256
28 #define MAX_MODULUS_SIZE 256
29 #define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
30
31 #define MAX_OPERAND_SIZE MAX_EXP_SIZE
32
33 typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
34 /*
35 * All data elements of the RSA key are in big-endian format
36 * Chinese Remainder Thereom(CRT) form of key
37 * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
38 *
39 */
40 #define MAX_BP_SIZE 136
41 #define MAX_BQ_SIZE 128
42 #define MAX_NP_SIZE 136
43 #define MAX_NQ_SIZE 128
44 #define MAX_QINV_SIZE 136
45 #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
46
47#define RSA_GEN_OPERAND_MAX 256 /* bytes */
48
49typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
50/*------------------------------------------------*
51 | RSA key token types |
52 *------------------------------------------------*/
53
54#define RSA_PUBLIC_MODULUS_EXPONENT 3
55#define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
56
57#define KEYTYPE_MODEXPO 1
58#define KEYTYPE_PKCSCRT 2
59
60
61/*------------------------------------------------*
62 | RSA Key Token format |
63 *------------------------------------------------*/
64
65/*
66 * NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
67 * (lengths, offsets, exponents, modulus, etc.) are
68 * stored in big-endian format
69 */
70
71typedef struct _ICA_KEY_RSA_MODEXPO
72{ unsigned int keyType; /* RSA key type. */
73 unsigned int keyLength; /* Total length of the token. */
74 unsigned int modulusBitLength; /* Modulus n bit length. */
75 /* -- Start of the data length.*/
76 unsigned int nLength; /* Modulus n = p * q */
77 unsigned int expLength; /* exponent (public or private)*/
78 /* e = 1/d * mod(p-1)(q-1) */
79 /* -- Start of the data offsets*/
80 unsigned int nOffset; /* Modulus n . */
81 unsigned int expOffset; /* exponent (public or private)*/
82 unsigned char reserved[112]; /* reserved area */
83 /* -- Start of the variable -- */
84 /* -- length token data. -- */
85 ICA_KEY_RSA_MODEXPO_REC keyRecord;
86} ICA_KEY_RSA_MODEXPO;
87#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
88
89/*
90 * NOTE: All the fields in the ICA_KEY_RSA_CRT structure
91 * (lengths, offsets, exponents, modulus, etc.) are
92 * stored in big-endian format
93 */
94
95typedef struct _ICA_KEY_RSA_CRT
96{ unsigned int keyType; /* RSA key type. */
97 unsigned int keyLength; /* Total length of the token. */
98 unsigned int modulusBitLength; /* Modulus n bit length. */
99 /* -- Start of the data length.*/
100#if _AIX
101 unsigned int nLength; /* Modulus n = p * q */
102#endif
103 unsigned int pLength; /* Prime number p . */
104 unsigned int qLength; /* Prime number q . */
105 unsigned int dpLength; /* dp = d * mod(p-1) . */
106 unsigned int dqLength; /* dq = d * mod(q-1) . */
107 unsigned int qInvLength; /* PKCS: qInv = Ap/q */
108 /* -- Start of the data offsets*/
109#if _AIX
110 unsigned int nOffset; /* Modulus n . */
111#endif
112 unsigned int pOffset; /* Prime number p . */
113 unsigned int qOffset; /* Prime number q . */
114 unsigned int dpOffset; /* dp . */
115 unsigned int dqOffset; /* dq . */
116 unsigned int qInvOffset; /* qInv for PKCS */
117#if _AIX
118 unsigned char reserved[80]; /* reserved area */
119#else
120 unsigned char reserved[88]; /* reserved area */
121#endif
122 /* -- Start of the variable -- */
123 /* -- length token data. -- */
124 ICA_KEY_RSA_CRT_REC keyRecord;
125} ICA_KEY_RSA_CRT;
126#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
127
128unsigned int
129icaOpenAdapter( unsigned int adapterId,
130 ICA_ADAPTER_HANDLE *pAdapterHandle );
131
132unsigned int
133icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );
134
135unsigned int
136icaRsaModExpo( ICA_ADAPTER_HANDLE hAdapterHandle,
137 unsigned int inputDataLength,
138 unsigned char *pInputData,
139 ICA_KEY_RSA_MODEXPO *pKeyModExpo,
140 unsigned int *pOutputDataLength,
141 unsigned char *pOutputData );
142
143unsigned int
144icaRsaCrt( ICA_ADAPTER_HANDLE hAdapterHandle,
145 unsigned int inputDataLength,
146 unsigned char *pInputData,
147 ICA_KEY_RSA_CRT *pKeyCrt,
148 unsigned int *pOutputDataLength,
149 unsigned char *pOutputData );
150
151unsigned int
152icaRandomNumberGenerate( ICA_ADAPTER_HANDLE hAdapterHandle,
153 unsigned int outputDataLength,
154 unsigned char *pOutputData );
155
156/* Specific macros and definitions to not have IFDEF;s all over the
157 main code */
158
159#if (_AIX)
160static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
161#elif (WIN32)
162static const char *IBMCA_LIBNAME = "cryptica";
163#else
164static const char *IBMCA_LIBNAME = "ica";
165#endif
166
167#if (WIN32)
168/*
169 The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
170 offsets must be in big-endian format.
171
172*/
173#define CORRECT_ENDIANNESS(b) ( \
174 (((unsigned long) (b) & 0x000000ff) << 24) | \
175 (((unsigned long) (b) & 0x0000ff00) << 8) | \
176 (((unsigned long) (b) & 0x00ff0000) >> 8) | \
177 (((unsigned long) (b) & 0xff000000) >> 24) \
178 )
179#define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
180#define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
181#else
182#define CORRECT_ENDIANNESS(b) (b)
183#define CRT_KEY_TYPE KEYTYPE_PKCSCRT
184#define ME_KEY_TYPE KEYTYPE_MODEXPO
185#endif
186
187
188
189#endif /* __ICA_OPENSSL_API_H__ */
diff --git a/src/lib/libssl/src/demos/engines/rsaref/Makefile b/src/lib/libssl/src/demos/engines/rsaref/Makefile
deleted file mode 100644
index 63b8c79d27..0000000000
--- a/src/lib/libssl/src/demos/engines/rsaref/Makefile
+++ /dev/null
@@ -1,135 +0,0 @@
1LIBNAME= librsaref
2SRC= rsaref.c
3OBJ= rsaref.o
4HEADER= rsaref.h
5
6CC= gcc
7PIC= -fPIC
8CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT
9AR= ar r
10RANLIB= ranlib
11
12LIB= $(LIBNAME).a
13SHLIB= $(LIBNAME).so
14
15all:
16 @echo 'Please choose a system to build on:'
17 @echo ''
18 @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
19 @echo 'solaris: Solaris'
20 @echo 'irix: IRIX'
21 @echo 'hpux32: 32-bit HP/UX'
22 @echo 'hpux64: 64-bit HP/UX'
23 @echo 'aix: AIX'
24 @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
25 @echo ''
26
27FORCE.install:
28install: FORCE.install
29 cd install; \
30 make -f unix/makefile CFLAGS='-I. -DPROTOTYPES=1 -O -c' RSAREFLIB=librsaref.a librsaref.a
31
32FORCE.update:
33update: FORCE.update
34 perl ../../../util/mkerr.pl -conf rsaref.ec \
35 -nostatic -staticloader -write rsaref.c
36
37darwin: install $(SHLIB).darwin
38cygwin: install $(SHLIB).cygwin
39gnu: install $(SHLIB).gnu
40alpha-osf1: install $(SHLIB).alpha-osf1
41tru64: install $(SHLIB).tru64
42solaris: install $(SHLIB).solaris
43irix: install $(SHLIB).irix
44hpux32: install $(SHLIB).hpux32
45hpux64: install $(SHLIB).hpux64
46aix: install $(SHLIB).aix
47reliantunix: install $(SHLIB).reliantunix
48
49$(LIB): $(OBJ)
50 $(AR) $(LIB) $(OBJ)
51 - $(RANLIB) $(LIB)
52
53LINK_SO= \
54 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \
55 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
56 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
57
58$(SHLIB).darwin: $(LIB) install/librsaref.a
59 ALLSYMSFLAGS='-all_load' \
60 SHAREDFLAGS='-dynamiclib -install_name $(SHLIB)' \
61 SHAREDCMD='$(CC)'; \
62 $(LINK_SO)
63 touch $(SHLIB).darwin
64$(SHLIB).cygwin: $(LIB) install/librsaref.a
65 ALLSYMSFLAGS='--whole-archive' \
66 SHAREDFLAGS='-shared -Wl,-Bsymbolic -Wl,--out-implib,$(LIBNAME).dll.a' \
67 SHAREDCMD='$(CC)'; \
68 $(LINK_SO)
69 touch $(SHLIB).cygwin
70$(SHLIB).gnu: $(LIB) install/librsaref.a
71 ALLSYMSFLAGS='--whole-archive' \
72 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
73 SHAREDCMD='$(CC)'; \
74 $(LINK_SO)
75 touch $(SHLIB).gnu
76$(SHLIB).tru64: $(LIB) install/librsaref.a
77 ALLSYMSFLAGS='-all' \
78 SHAREDFLAGS='-shared' \
79 SHAREDCMD='$(CC)'; \
80 $(LINK_SO)
81 touch $(SHLIB).tru64
82$(SHLIB).solaris: $(LIB) install/librsaref.a
83 ALLSYMSFLAGS='-z allextract' \
84 SHAREDFLAGS='-G -h $(SHLIB)' \
85 SHAREDCMD='$(CC)'; \
86 $(LINK_SO)
87 touch $(SHLIB).solaris
88$(SHLIB).irix: $(LIB) install/librsaref.a
89 ALLSYMSFLAGS='-all' \
90 SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
91 SHAREDCMD='$(CC)'; \
92 $(LINK_SO)
93 touch $(SHLIB).irix
94$(SHLIB).hpux32: $(LIB) install/librsaref.a
95 ALLSYMSFLAGS='-Fl' \
96 SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
97 SHAREDCMD='/usr/ccs/bin/ld'; \
98 $(LINK_SO)
99 touch $(SHLIB).hpux32
100$(SHLIB).hpux64: $(LIB) install/librsaref.a
101 ALLSYMSFLAGS='+forceload' \
102 SHAREDFLAGS='-b -z +h $(SHLIB)' \
103 SHAREDCMD='/usr/ccs/bin/ld'; \
104 $(LINK_SO)
105 touch $(SHLIB).hpux64
106$(SHLIB).aix: $(LIB) install/librsaref.a
107 ALLSYMSFLAGS='-bnogc' \
108 SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
109 SHAREDCMD='$(CC)'; \
110 $(LINK_SO)
111 touch $(SHLIB).aix
112
113depend:
114 sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
115 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
116 gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
117 perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
118 rm -f Makefile.tmp Makefile
119 mv Makefile.new Makefile
120
121# DO NOT DELETE THIS LINE -- make depend depends on it.
122
123rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
124rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
125rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
126rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
127rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
128rsaref.o: ../../../include/openssl/opensslconf.h
129rsaref.o: ../../../include/openssl/opensslv.h
130rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
131rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
132rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
133rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
134rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
135rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/rsaref/README b/src/lib/libssl/src/demos/engines/rsaref/README
deleted file mode 100644
index 00b1f7473b..0000000000
--- a/src/lib/libssl/src/demos/engines/rsaref/README
+++ /dev/null
@@ -1,22 +0,0 @@
1librsaref.so is a demonstration dynamic engine that does RSA
2operations using the old RSAref 2.0 implementation.
3
4To make proper use of this engine, you must download RSAref 2.0
5(search the web for rsaref.tar.Z for example) and unpack it in this
6directory, so you'll end up having the subdirectories "install" and
7"source" among others.
8
9To build, do the following:
10
11 make
12
13This will list a number of available targets to choose from. Most of
14them are architecture-specific. The exception is "gnu" which is to be
15used on systems where GNU ld and gcc have been installed in such a way
16that gcc uses GNU ld to link together programs and shared libraries.
17
18The make file assumes you use gcc. To change that, just reassign CC:
19
20 make CC=cc
21
22The result is librsaref.so, which you can copy to any place you wish.
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
deleted file mode 100644
index f97974fc49..0000000000
--- a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
+++ /dev/null
@@ -1,685 +0,0 @@
1/* Demo of how to construct your own engine and using it. The basis of this
2 engine is RSAref, an old reference of the RSA algorithm which can still
3 be found a little here and there. */
4
5#include <stdio.h>
6#include <string.h>
7#include "./source/global.h"
8#include "./source/rsaref.h"
9#include "./source/rsa.h"
10#include "./source/des.h"
11#include <openssl/err.h>
12#define OPENSSL_NO_MD2
13#define OPENSSL_NO_MD5
14#include <openssl/evp.h>
15#include <openssl/bn.h>
16#include <openssl/engine.h>
17
18#define RSAREF_LIB_NAME "rsaref engine"
19#include "rsaref_err.c"
20
21/*****************************************************************************
22 *** Function declarations and global variable definitions ***
23 *****************************************************************************/
24
25/*****************************************************************************
26 * Constants used when creating the ENGINE
27 **/
28static const char *engine_rsaref_id = "rsaref";
29static const char *engine_rsaref_name = "RSAref engine support";
30
31/*****************************************************************************
32 * Functions to handle the engine
33 **/
34static int rsaref_destroy(ENGINE *e);
35static int rsaref_init(ENGINE *e);
36static int rsaref_finish(ENGINE *e);
37#if 0
38static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
39#endif
40
41/*****************************************************************************
42 * Engine commands
43 **/
44static const ENGINE_CMD_DEFN rsaref_cmd_defns[] = {
45 {0, NULL, NULL, 0}
46 };
47
48/*****************************************************************************
49 * RSA functions
50 **/
51static int rsaref_private_decrypt(int len, const unsigned char *from,
52 unsigned char *to, RSA *rsa, int padding);
53static int rsaref_private_encrypt(int len, const unsigned char *from,
54 unsigned char *to, RSA *rsa, int padding);
55static int rsaref_public_encrypt(int len, const unsigned char *from,
56 unsigned char *to, RSA *rsa, int padding);
57static int rsaref_public_decrypt(int len, const unsigned char *from,
58 unsigned char *to, RSA *rsa, int padding);
59static int bnref_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m,
60 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
61static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
62
63/*****************************************************************************
64 * Our RSA method
65 **/
66static RSA_METHOD rsaref_rsa =
67{
68 "RSAref PKCS#1 RSA",
69 rsaref_public_encrypt,
70 rsaref_public_decrypt,
71 rsaref_private_encrypt,
72 rsaref_private_decrypt,
73 rsaref_mod_exp,
74 bnref_mod_exp,
75 NULL,
76 NULL,
77 0,
78 NULL,
79 NULL,
80 NULL
81};
82
83/*****************************************************************************
84 * Symetric cipher and digest function registrars
85 **/
86static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
87 const int **nids, int nid);
88static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
89 const int **nids, int nid);
90
91static int rsaref_cipher_nids[] =
92 { NID_des_cbc, NID_des_ede3_cbc, NID_desx_cbc, 0 };
93static int rsaref_digest_nids[] =
94 { NID_md2, NID_md5, 0 };
95
96/*****************************************************************************
97 * DES functions
98 **/
99static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
100 const unsigned char *iv, int enc);
101static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
102 const unsigned char *in, unsigned int inl);
103static int cipher_des_cbc_clean(EVP_CIPHER_CTX *);
104static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
105 const unsigned char *iv, int enc);
106static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
107 const unsigned char *in, unsigned int inl);
108static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);
109static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
110 const unsigned char *iv, int enc);
111static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
112 const unsigned char *in, unsigned int inl);
113static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);
114
115/*****************************************************************************
116 * Our DES ciphers
117 **/
118static const EVP_CIPHER cipher_des_cbc =
119 {
120 NID_des_cbc,
121 8, 8, 8,
122 0 | EVP_CIPH_CBC_MODE,
123 cipher_des_cbc_init,
124 cipher_des_cbc_code,
125 cipher_des_cbc_clean,
126 sizeof(DES_CBC_CTX),
127 NULL,
128 NULL,
129 NULL,
130 NULL
131 };
132
133static const EVP_CIPHER cipher_des_ede3_cbc =
134 {
135 NID_des_ede3_cbc,
136 8, 24, 8,
137 0 | EVP_CIPH_CBC_MODE,
138 cipher_des_ede3_cbc_init,
139 cipher_des_ede3_cbc_code,
140 cipher_des_ede3_cbc_clean,
141 sizeof(DES3_CBC_CTX),
142 NULL,
143 NULL,
144 NULL,
145 NULL
146 };
147
148static const EVP_CIPHER cipher_desx_cbc =
149 {
150 NID_desx_cbc,
151 8, 24, 8,
152 0 | EVP_CIPH_CBC_MODE,
153 cipher_desx_cbc_init,
154 cipher_desx_cbc_code,
155 cipher_desx_cbc_clean,
156 sizeof(DESX_CBC_CTX),
157 NULL,
158 NULL,
159 NULL,
160 NULL
161 };
162
163/*****************************************************************************
164 * MD functions
165 **/
166static int digest_md2_init(EVP_MD_CTX *ctx);
167static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
168 unsigned long count);
169static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md);
170static int digest_md5_init(EVP_MD_CTX *ctx);
171static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
172 unsigned long count);
173static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md);
174
175/*****************************************************************************
176 * Our MD digests
177 **/
178static const EVP_MD digest_md2 =
179 {
180 NID_md2,
181 NID_md2WithRSAEncryption,
182 16,
183 0,
184 digest_md2_init,
185 digest_md2_update,
186 digest_md2_final,
187 NULL,
188 NULL,
189 EVP_PKEY_RSA_method,
190 16,
191 sizeof(MD2_CTX)
192 };
193
194static const EVP_MD digest_md5 =
195 {
196 NID_md5,
197 NID_md5WithRSAEncryption,
198 16,
199 0,
200 digest_md5_init,
201 digest_md5_update,
202 digest_md5_final,
203 NULL,
204 NULL,
205 EVP_PKEY_RSA_method,
206 64,
207 sizeof(MD5_CTX)
208 };
209
210/*****************************************************************************
211 *** Function definitions ***
212 *****************************************************************************/
213
214/*****************************************************************************
215 * Functions to handle the engine
216 **/
217
218static int bind_rsaref(ENGINE *e)
219 {
220 const RSA_METHOD *meth1;
221 if(!ENGINE_set_id(e, engine_rsaref_id)
222 || !ENGINE_set_name(e, engine_rsaref_name)
223 || !ENGINE_set_RSA(e, &rsaref_rsa)
224 || !ENGINE_set_ciphers(e, rsaref_ciphers)
225 || !ENGINE_set_digests(e, rsaref_digests)
226 || !ENGINE_set_destroy_function(e, rsaref_destroy)
227 || !ENGINE_set_init_function(e, rsaref_init)
228 || !ENGINE_set_finish_function(e, rsaref_finish)
229 /* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
230 /* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */)
231 return 0;
232
233 /* Ensure the rsaref error handling is set up */
234 ERR_load_RSAREF_strings();
235 return 1;
236 }
237
238#ifdef ENGINE_DYNAMIC_SUPPORT
239static int bind_helper(ENGINE *e, const char *id)
240 {
241 if(id && (strcmp(id, engine_rsaref_id) != 0))
242 return 0;
243 if(!bind_rsaref(e))
244 return 0;
245 return 1;
246 }
247IMPLEMENT_DYNAMIC_CHECK_FN()
248IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
249#else
250static ENGINE *engine_rsaref(void)
251 {
252 ENGINE *ret = ENGINE_new();
253 if(!ret)
254 return NULL;
255 if(!bind_rsaref(ret))
256 {
257 ENGINE_free(ret);
258 return NULL;
259 }
260 return ret;
261 }
262
263void ENGINE_load_rsaref(void)
264 {
265 /* Copied from eng_[openssl|dyn].c */
266 ENGINE *toadd = engine_rsaref();
267 if(!toadd) return;
268 ENGINE_add(toadd);
269 ENGINE_free(toadd);
270 ERR_clear_error();
271 }
272#endif
273
274/* Initiator which is only present to make sure this engine looks available */
275static int rsaref_init(ENGINE *e)
276 {
277 return 1;
278 }
279
280/* Finisher which is only present to make sure this engine looks available */
281static int rsaref_finish(ENGINE *e)
282 {
283 return 1;
284 }
285
286/* Destructor (complements the "ENGINE_ncipher()" constructor) */
287static int rsaref_destroy(ENGINE *e)
288 {
289 ERR_unload_RSAREF_strings();
290 return 1;
291 }
292
293/*****************************************************************************
294 * RSA functions
295 **/
296
297static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
298 {
299 RSAREFerr(RSAREF_F_RSAREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
300 return(0);
301 }
302
303static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
304 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
305 {
306 RSAREFerr(RSAREF_F_BNREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
307 return(0);
308 }
309
310/* unsigned char *to: [max] */
311static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)
312 {
313 int i;
314
315 i=BN_num_bytes(from);
316 if (i > max)
317 {
318 RSAREFerr(RSAREF_F_RSAREF_BN2BIN,RSAREF_R_LEN);
319 return(0);
320 }
321
322 memset(to,0,(unsigned int)max);
323 if (!BN_bn2bin(from,&(to[max-i])))
324 return(0);
325 return(1);
326 }
327
328#ifdef undef
329/* unsigned char *from: [max] */
330static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)
331 {
332 int i;
333 BIGNUM *ret;
334
335 for (i=0; i<max; i++)
336 if (from[i]) break;
337
338 ret=BN_bin2bn(&(from[i]),max-i,to);
339 return(ret);
340 }
341
342static int RSAref_Public_ref2eay(RSArefPublicKey *from, RSA *to)
343 {
344 to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN);
345 to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN);
346 if ((to->n == NULL) || (to->e == NULL)) return(0);
347 return(1);
348 }
349#endif
350
351static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY *to)
352 {
353 to->bits=BN_num_bits(from->n);
354 if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
355 if (!RSAref_bn2bin(from->e,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
356 return(1);
357 }
358
359#ifdef undef
360static int RSAref_Private_ref2eay(RSArefPrivateKey *from, RSA *to)
361 {
362 if ((to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN)) == NULL)
363 return(0);
364 if ((to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN)) == NULL)
365 return(0);
366 if ((to->d=RSAref_bin2bn(from->d,NULL,RSAref_MAX_LEN)) == NULL)
367 return(0);
368 if ((to->p=RSAref_bin2bn(from->prime[0],NULL,RSAref_MAX_PLEN)) == NULL)
369 return(0);
370 if ((to->q=RSAref_bin2bn(from->prime[1],NULL,RSAref_MAX_PLEN)) == NULL)
371 return(0);
372 if ((to->dmp1=RSAref_bin2bn(from->pexp[0],NULL,RSAref_MAX_PLEN))
373 == NULL)
374 return(0);
375 if ((to->dmq1=RSAref_bin2bn(from->pexp[1],NULL,RSAref_MAX_PLEN))
376 == NULL)
377 return(0);
378 if ((to->iqmp=RSAref_bin2bn(from->coef,NULL,RSAref_MAX_PLEN)) == NULL)
379 return(0);
380 return(1);
381 }
382#endif
383
384static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY *to)
385 {
386 to->bits=BN_num_bits(from->n);
387 if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
388 if (!RSAref_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN)) return(0);
389 if (!RSAref_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
390 if (!RSAref_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN)) return(0);
391 if (!RSAref_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN)) return(0);
392 if (!RSAref_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN)) return(0);
393 if (!RSAref_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN)) return(0);
394 if (!RSAref_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) return(0);
395 return(1);
396 }
397
398static int rsaref_private_decrypt(int len, const unsigned char *from, unsigned char *to,
399 RSA *rsa, int padding)
400 {
401 int i,outlen= -1;
402 R_RSA_PRIVATE_KEY RSAkey;
403
404 if (!RSAref_Private_eay2ref(rsa,&RSAkey))
405 goto err;
406 if ((i=RSAPrivateDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
407 {
408 RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i);
409 outlen= -1;
410 }
411err:
412 memset(&RSAkey,0,sizeof(RSAkey));
413 return(outlen);
414 }
415
416static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned char *to,
417 RSA *rsa, int padding)
418 {
419 int i,outlen= -1;
420 R_RSA_PRIVATE_KEY RSAkey;
421
422 if (padding != RSA_PKCS1_PADDING)
423 {
424 RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
425 goto err;
426 }
427 if (!RSAref_Private_eay2ref(rsa,&RSAkey))
428 goto err;
429 if ((i=RSAPrivateEncrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
430 {
431 RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i);
432 outlen= -1;
433 }
434err:
435 memset(&RSAkey,0,sizeof(RSAkey));
436 return(outlen);
437 }
438
439static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned char *to,
440 RSA *rsa, int padding)
441 {
442 int i,outlen= -1;
443 R_RSA_PUBLIC_KEY RSAkey;
444
445 if (!RSAref_Public_eay2ref(rsa,&RSAkey))
446 goto err;
447 if ((i=RSAPublicDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
448 {
449 RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i);
450 outlen= -1;
451 }
452err:
453 memset(&RSAkey,0,sizeof(RSAkey));
454 return(outlen);
455 }
456
457static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned char *to,
458 RSA *rsa, int padding)
459 {
460 int outlen= -1;
461 int i;
462 R_RSA_PUBLIC_KEY RSAkey;
463 R_RANDOM_STRUCT rnd;
464 unsigned char buf[16];
465
466 if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING)
467 {
468 RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
469 goto err;
470 }
471
472 R_RandomInit(&rnd);
473 R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);
474 while (i > 0)
475 {
476 if (RAND_bytes(buf,16) <= 0)
477 goto err;
478 R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));
479 i-=16;
480 }
481
482 if (!RSAref_Public_eay2ref(rsa,&RSAkey))
483 goto err;
484 if ((i=RSAPublicEncrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0)
485 {
486 RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i);
487 outlen= -1;
488 goto err;
489 }
490err:
491 memset(&RSAkey,0,sizeof(RSAkey));
492 R_RandomFinal(&rnd);
493 memset(&rnd,0,sizeof(rnd));
494 return(outlen);
495 }
496
497/*****************************************************************************
498 * Symetric cipher and digest function registrars
499 **/
500static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
501 const int **nids, int nid)
502 {
503 int ok = 1;
504 if(!cipher)
505 {
506 /* We are returning a list of supported nids */
507 *nids = rsaref_cipher_nids;
508 return (sizeof(rsaref_cipher_nids)-1)/sizeof(rsaref_cipher_nids[0]);
509 }
510 /* We are being asked for a specific cipher */
511 switch (nid)
512 {
513 case NID_des_cbc:
514 *cipher = &cipher_des_cbc; break;
515 case NID_des_ede3_cbc:
516 *cipher = &cipher_des_ede3_cbc; break;
517 case NID_desx_cbc:
518 *cipher = &cipher_desx_cbc; break;
519 default:
520 ok = 0;
521 *cipher = NULL;
522 break;
523 }
524 return ok;
525 }
526static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
527 const int **nids, int nid)
528 {
529 int ok = 1;
530 if(!digest)
531 {
532 /* We are returning a list of supported nids */
533 *nids = rsaref_digest_nids;
534 return (sizeof(rsaref_digest_nids)-1)/sizeof(rsaref_digest_nids[0]);
535 }
536 /* We are being asked for a specific digest */
537 switch (nid)
538 {
539 case NID_md2:
540 *digest = &digest_md2; break;
541 case NID_md5:
542 *digest = &digest_md5; break;
543 default:
544 ok = 0;
545 *digest = NULL;
546 break;
547 }
548 return ok;
549 }
550
551/*****************************************************************************
552 * DES functions
553 **/
554#undef data
555#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)
556static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
557 const unsigned char *iv, int enc)
558 {
559 DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
560 return 1;
561 }
562static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
563 const unsigned char *in, unsigned int inl)
564 {
565 int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
566 switch (ret)
567 {
568 case RE_LEN:
569 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
570 break;
571 case 0:
572 break;
573 default:
574 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
575 }
576 return !ret;
577 }
578static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
579 {
580 memset(data(ctx), 0, ctx->cipher->ctx_size);
581 return 1;
582 }
583
584#undef data
585#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)
586static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
587 const unsigned char *iv, int enc)
588 {
589 DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
590 enc);
591 return 1;
592 }
593static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
594 const unsigned char *in, unsigned int inl)
595 {
596 int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
597 switch (ret)
598 {
599 case RE_LEN:
600 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
601 break;
602 case 0:
603 break;
604 default:
605 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
606 }
607 return !ret;
608 }
609static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
610 {
611 memset(data(ctx), 0, ctx->cipher->ctx_size);
612 return 1;
613 }
614
615#undef data
616#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)
617static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
618 const unsigned char *iv, int enc)
619 {
620 DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
621 enc);
622 return 1;
623 }
624static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
625 const unsigned char *in, unsigned int inl)
626 {
627 int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
628 switch (ret)
629 {
630 case RE_LEN:
631 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
632 break;
633 case 0:
634 break;
635 default:
636 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
637 }
638 return !ret;
639 }
640static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)
641 {
642 memset(data(ctx), 0, ctx->cipher->ctx_size);
643 return 1;
644 }
645
646/*****************************************************************************
647 * MD functions
648 **/
649#undef data
650#define data(ctx) ((MD2_CTX *)(ctx)->md_data)
651static int digest_md2_init(EVP_MD_CTX *ctx)
652 {
653 MD2Init(data(ctx));
654 return 1;
655 }
656static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
657 unsigned long count)
658 {
659 MD2Update(data(ctx), (unsigned char *)data, (unsigned int)count);
660 return 1;
661 }
662static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md)
663 {
664 MD2Final(md, data(ctx));
665 return 1;
666 }
667
668#undef data
669#define data(ctx) ((MD5_CTX *)(ctx)->md_data)
670static int digest_md5_init(EVP_MD_CTX *ctx)
671 {
672 MD5Init(data(ctx));
673 return 1;
674 }
675static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
676 unsigned long count)
677 {
678 MD5Update(data(ctx), (unsigned char *)data, (unsigned int)count);
679 return 1;
680 }
681static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
682 {
683 MD5Final(md, data(ctx));
684 return 1;
685 }
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref.ec b/src/lib/libssl/src/demos/engines/rsaref/rsaref.ec
deleted file mode 100644
index c690ae3883..0000000000
--- a/src/lib/libssl/src/demos/engines/rsaref/rsaref.ec
+++ /dev/null
@@ -1,8 +0,0 @@
1# configuration file for util/mkerr.pl
2#
3# use like this:
4#
5# perl ../../../util/mkerr.pl -conf rsaref.ec \
6# -nostatic -staticloader -write *.c
7
8L RSAREF rsaref_err.h rsaref_err.c
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.c b/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.c
deleted file mode 100644
index ceaf05706d..0000000000
--- a/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.c
+++ /dev/null
@@ -1,161 +0,0 @@
1/* rsaref_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "rsaref_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA RSAREF_str_functs[]=
68 {
69{ERR_PACK(0,RSAREF_F_BNREF_MOD_EXP,0), "BNREF_MOD_EXP"},
70{ERR_PACK(0,RSAREF_F_CIPHER_DES_CBC_CODE,0), "CIPHER_DES_CBC_CODE"},
71{ERR_PACK(0,RSAREF_F_RSAREF_BN2BIN,0), "RSAREF_BN2BIN"},
72{ERR_PACK(0,RSAREF_F_RSAREF_MOD_EXP,0), "RSAREF_MOD_EXP"},
73{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_DECRYPT,0), "RSAREF_PRIVATE_DECRYPT"},
74{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_ENCRYPT,0), "RSAREF_PRIVATE_ENCRYPT"},
75{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_DECRYPT,0), "RSAREF_PUBLIC_DECRYPT"},
76{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_ENCRYPT,0), "RSAREF_PUBLIC_ENCRYPT"},
77{ERR_PACK(0,RSAREF_F_RSA_BN2BIN,0), "RSA_BN2BIN"},
78{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_DECRYPT,0), "RSA_PRIVATE_DECRYPT"},
79{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_ENCRYPT,0), "RSA_PRIVATE_ENCRYPT"},
80{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_DECRYPT,0), "RSA_PUBLIC_DECRYPT"},
81{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_ENCRYPT,0), "RSA_PUBLIC_ENCRYPT"},
82{0,NULL}
83 };
84
85static ERR_STRING_DATA RSAREF_str_reasons[]=
86 {
87{RSAREF_R_CONTENT_ENCODING ,"content encoding"},
88{RSAREF_R_DATA ,"data"},
89{RSAREF_R_DIGEST_ALGORITHM ,"digest algorithm"},
90{RSAREF_R_ENCODING ,"encoding"},
91{RSAREF_R_ENCRYPTION_ALGORITHM ,"encryption algorithm"},
92{RSAREF_R_KEY ,"key"},
93{RSAREF_R_KEY_ENCODING ,"key encoding"},
94{RSAREF_R_LEN ,"len"},
95{RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED ,"length not block aligned"},
96{RSAREF_R_MODULUS_LEN ,"modulus len"},
97{RSAREF_R_NEED_RANDOM ,"need random"},
98{RSAREF_R_PRIVATE_KEY ,"private key"},
99{RSAREF_R_PUBLIC_KEY ,"public key"},
100{RSAREF_R_SIGNATURE ,"signature"},
101{RSAREF_R_SIGNATURE_ENCODING ,"signature encoding"},
102{RSAREF_R_UNKNOWN_FAULT ,"unknown fault"},
103{0,NULL}
104 };
105
106#endif
107
108#ifdef RSAREF_LIB_NAME
109static ERR_STRING_DATA RSAREF_lib_name[]=
110 {
111{0 ,RSAREF_LIB_NAME},
112{0,NULL}
113 };
114#endif
115
116
117static int RSAREF_lib_error_code=0;
118static int RSAREF_error_init=1;
119
120static void ERR_load_RSAREF_strings(void)
121 {
122 if (RSAREF_lib_error_code == 0)
123 RSAREF_lib_error_code=ERR_get_next_error_library();
124
125 if (RSAREF_error_init)
126 {
127 RSAREF_error_init=0;
128#ifndef OPENSSL_NO_ERR
129 ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_functs);
130 ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
131#endif
132
133#ifdef RSAREF_LIB_NAME
134 RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code,0,0);
135 ERR_load_strings(0,RSAREF_lib_name);
136#endif
137 }
138 }
139
140static void ERR_unload_RSAREF_strings(void)
141 {
142 if (RSAREF_error_init == 0)
143 {
144#ifndef OPENSSL_NO_ERR
145 ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_functs);
146 ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
147#endif
148
149#ifdef RSAREF_LIB_NAME
150 ERR_unload_strings(0,RSAREF_lib_name);
151#endif
152 RSAREF_error_init=1;
153 }
154 }
155
156static void ERR_RSAREF_error(int function, int reason, char *file, int line)
157 {
158 if (RSAREF_lib_error_code == 0)
159 RSAREF_lib_error_code=ERR_get_next_error_library();
160 ERR_PUT_error(RSAREF_lib_error_code,function,reason,file,line);
161 }
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.h b/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.h
deleted file mode 100644
index 19759709b7..0000000000
--- a/src/lib/libssl/src/demos/engines/rsaref/rsaref_err.h
+++ /dev/null
@@ -1,109 +0,0 @@
1/* rsaref_err.h */
2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#ifndef HEADER_RSAREF_ERR_H
57#define HEADER_RSAREF_ERR_H
58
59#ifdef __cplusplus
60extern "C" {
61#endif
62
63/* BEGIN ERROR CODES */
64/* The following lines are auto generated by the script mkerr.pl. Any changes
65 * made after this point may be overwritten when the script is next run.
66 */
67static void ERR_load_RSAREF_strings(void);
68static void ERR_unload_RSAREF_strings(void);
69static void ERR_RSAREF_error(int function, int reason, char *file, int line);
70#define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
71/* Error codes for the RSAREF functions. */
72
73/* Function codes. */
74#define RSAREF_F_BNREF_MOD_EXP 100
75#define RSAREF_F_CIPHER_DES_CBC_CODE 112
76#define RSAREF_F_RSAREF_BN2BIN 101
77#define RSAREF_F_RSAREF_MOD_EXP 102
78#define RSAREF_F_RSAREF_PRIVATE_DECRYPT 103
79#define RSAREF_F_RSAREF_PRIVATE_ENCRYPT 104
80#define RSAREF_F_RSAREF_PUBLIC_DECRYPT 105
81#define RSAREF_F_RSAREF_PUBLIC_ENCRYPT 106
82#define RSAREF_F_RSA_BN2BIN 107
83#define RSAREF_F_RSA_PRIVATE_DECRYPT 108
84#define RSAREF_F_RSA_PRIVATE_ENCRYPT 109
85#define RSAREF_F_RSA_PUBLIC_DECRYPT 110
86#define RSAREF_F_RSA_PUBLIC_ENCRYPT 111
87
88/* Reason codes. */
89#define RSAREF_R_CONTENT_ENCODING 100
90#define RSAREF_R_DATA 101
91#define RSAREF_R_DIGEST_ALGORITHM 102
92#define RSAREF_R_ENCODING 103
93#define RSAREF_R_ENCRYPTION_ALGORITHM 104
94#define RSAREF_R_KEY 105
95#define RSAREF_R_KEY_ENCODING 106
96#define RSAREF_R_LEN 107
97#define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED 114
98#define RSAREF_R_MODULUS_LEN 108
99#define RSAREF_R_NEED_RANDOM 109
100#define RSAREF_R_PRIVATE_KEY 110
101#define RSAREF_R_PUBLIC_KEY 111
102#define RSAREF_R_SIGNATURE 112
103#define RSAREF_R_SIGNATURE_ENCODING 113
104#define RSAREF_R_UNKNOWN_FAULT 115
105
106#ifdef __cplusplus
107}
108#endif
109#endif
diff --git a/src/lib/libssl/src/demos/engines/zencod/Makefile b/src/lib/libssl/src/demos/engines/zencod/Makefile
deleted file mode 100644
index 5b6a339ab2..0000000000
--- a/src/lib/libssl/src/demos/engines/zencod/Makefile
+++ /dev/null
@@ -1,114 +0,0 @@
1LIBNAME= libzencod
2SRC= hw_zencod.c
3OBJ= hw_zencod.o
4HEADER= hw_zencod.h
5
6CC= gcc
7PIC= -fPIC
8CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
9AR= ar r
10RANLIB= ranlib
11
12LIB= $(LIBNAME).a
13SHLIB= $(LIBNAME).so
14
15all:
16 @echo 'Please choose a system to build on:'
17 @echo ''
18 @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
19 @echo 'solaris: Solaris'
20 @echo 'irix: IRIX'
21 @echo 'hpux32: 32-bit HP/UX'
22 @echo 'hpux64: 64-bit HP/UX'
23 @echo 'aix: AIX'
24 @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
25 @echo ''
26
27FORCE.update:
28update: FORCE.update
29 perl ../../../util/mkerr.pl -conf hw_zencod.ec \
30 -nostatic -staticloader -write hw_zencod.c
31
32gnu: $(SHLIB).gnu
33tru64: $(SHLIB).tru64
34solaris: $(SHLIB).solaris
35irix: $(SHLIB).irix
36hpux32: $(SHLIB).hpux32
37hpux64: $(SHLIB).hpux64
38aix: $(SHLIB).aix
39
40$(LIB): $(OBJ)
41 $(AR) $(LIB) $(OBJ)
42 - $(RANLIB) $(LIB)
43
44LINK_SO= \
45 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
46 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
47 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
48
49$(SHLIB).gnu: $(LIB)
50 ALLSYMSFLAGS='--whole-archive' \
51 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
52 SHAREDCMD='$(CC)'; \
53 $(LINK_SO)
54 touch $(SHLIB).gnu
55$(SHLIB).tru64: $(LIB)
56 ALLSYMSFLAGS='-all' \
57 SHAREDFLAGS='-shared' \
58 SHAREDCMD='$(CC)'; \
59 $(LINK_SO)
60 touch $(SHLIB).tru64
61$(SHLIB).solaris: $(LIB)
62 ALLSYMSFLAGS='-z allextract' \
63 SHAREDFLAGS='-G -h $(SHLIB)' \
64 SHAREDCMD='$(CC)'; \
65 $(LINK_SO)
66 touch $(SHLIB).solaris
67$(SHLIB).irix: $(LIB)
68 ALLSYMSFLAGS='-all' \
69 SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
70 SHAREDCMD='$(CC)'; \
71 $(LINK_SO)
72 touch $(SHLIB).irix
73$(SHLIB).hpux32: $(LIB)
74 ALLSYMSFLAGS='-Fl' \
75 SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
76 SHAREDCMD='/usr/ccs/bin/ld'; \
77 $(LINK_SO)
78 touch $(SHLIB).hpux32
79$(SHLIB).hpux64: $(LIB)
80 ALLSYMSFLAGS='+forceload' \
81 SHAREDFLAGS='-b -z +h $(SHLIB)' \
82 SHAREDCMD='/usr/ccs/bin/ld'; \
83 $(LINK_SO)
84 touch $(SHLIB).hpux64
85$(SHLIB).aix: $(LIB)
86 ALLSYMSFLAGS='-bnogc' \
87 SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
88 SHAREDCMD='$(CC)'; \
89 $(LINK_SO)
90 touch $(SHLIB).aix
91
92depend:
93 sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
94 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
95 gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
96 perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
97 rm -f Makefile.tmp Makefile
98 mv Makefile.new Makefile
99
100# DO NOT DELETE THIS LINE -- make depend depends on it.
101
102rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
103rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
104rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
105rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
106rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
107rsaref.o: ../../../include/openssl/opensslconf.h
108rsaref.o: ../../../include/openssl/opensslv.h
109rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
110rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
111rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
112rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
113rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
114rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c
deleted file mode 100644
index 4234b93cbe..0000000000
--- a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c
+++ /dev/null
@@ -1,1739 +0,0 @@
1/* crypto/engine/hw_zencod.c */
2 /* Written by Fred Donnat (frederic.donnat@zencod.com) for "zencod"
3 * engine integration in order to redirect crypto computing on a crypto
4 * hardware accelerator zenssl32 ;-)
5 *
6 * Date : 25 jun 2002
7 * Revision : 17 Ju7 2002
8 * Version : zencod_engine-0.9.7
9 */
10
11/* ====================================================================
12 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 *
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 *
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in
23 * the documentation and/or other materials provided with the
24 * distribution.
25 *
26 * 3. All advertising materials mentioning features or use of this
27 * software must display the following acknowledgment:
28 * "This product includes software developed by the OpenSSL Project
29 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
30 *
31 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
32 * endorse or promote products derived from this software without
33 * prior written permission. For written permission, please contact
34 * licensing@OpenSSL.org.
35 *
36 * 5. Products derived from this software may not be called "OpenSSL"
37 * nor may "OpenSSL" appear in their names without prior written
38 * permission of the OpenSSL Project.
39 *
40 * 6. Redistributions of any form whatsoever must retain the following
41 * acknowledgment:
42 * "This product includes software developed by the OpenSSL Project
43 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
46 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
48 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
49 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
50 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
51 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
52 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
54 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
55 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
56 * OF THE POSSIBILITY OF SUCH DAMAGE.
57 * ====================================================================
58 *
59 * This product includes cryptographic software written by Eric Young
60 * (eay@cryptsoft.com). This product includes software written by Tim
61 * Hudson (tjh@cryptsoft.com).
62 *
63 */
64
65
66/* ENGINE general include */
67#include <stdio.h>
68#include <openssl/crypto.h>
69#include <openssl/dso.h>
70#include <openssl/engine.h>
71
72#ifndef OPENSSL_NO_HW
73#ifndef OPENSSL_NO_HW_ZENCOD
74
75#ifdef FLAT_INC
76# include "hw_zencod.h"
77#else
78# include "vendor_defns/hw_zencod.h"
79#endif
80
81#define ZENCOD_LIB_NAME "zencod engine"
82#include "hw_zencod_err.c"
83
84#define FAIL_TO_SOFTWARE -15
85
86#define ZEN_LIBRARY "zenbridge"
87
88#if 0
89# define PERROR(s) perror(s)
90# define CHEESE() fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
91#else
92# define PERROR(s)
93# define CHEESE()
94#endif
95
96
97/* Sorry ;) */
98#ifndef WIN32
99static inline void esrever ( unsigned char *d, int l )
100{
101 for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
102}
103
104static inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
105{
106 for(d+=l;l--;)*--d=*s++;
107}
108#else
109static __inline void esrever ( unsigned char *d, int l )
110{
111 for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
112}
113
114static __inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
115{
116 for(d+=l;l--;)*--d=*s++;
117}
118#endif
119
120
121#define BIGNUM2ZEN(n, bn) (ptr_zencod_init_number((n), \
122 (unsigned long) ((bn)->top * BN_BITS2), \
123 (unsigned char *) ((bn)->d)))
124
125#define ZEN_BITS(n, bytes) (ptr_zencod_bytes2bits((unsigned char *) (n), (unsigned long) (bytes)))
126#define ZEN_BYTES(bits) (ptr_zencod_bits2bytes((unsigned long) (bits)))
127
128
129/* Function for ENGINE detection and control */
130static int zencod_destroy ( ENGINE *e ) ;
131static int zencod_init ( ENGINE *e ) ;
132static int zencod_finish ( ENGINE *e ) ;
133static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () ) ;
134
135/* BIGNUM stuff */
136static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx ) ;
137
138/* RSA stuff */
139#ifndef OPENSSL_NO_RSA
140static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *I, RSA *rsa ) ;
141static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
142 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx ) ;
143#endif
144
145/* DSA stuff */
146#ifndef OPENSSL_NO_DSA
147static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
148 BN_MONT_CTX *m_ctx ) ;
149
150static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa ) ;
151static int DSA_zencod_do_verify ( const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
152 DSA *dsa ) ;
153#endif
154
155/* DH stuff */
156#ifndef OPENSSL_NO_DH
157static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
158 BN_MONT_CTX *m_ctx ) ;
159static int DH_zencod_generate_key ( DH *dh ) ;
160static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh ) ;
161#endif
162
163/* Rand stuff */
164static void RAND_zencod_seed ( const void *buf, int num ) ;
165static int RAND_zencod_rand_bytes ( unsigned char *buf, int num ) ;
166static int RAND_zencod_rand_status ( void ) ;
167
168/* Digest Stuff */
169static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid ) ;
170
171/* Cipher Stuff */
172static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid ) ;
173
174
175#define ZENCOD_CMD_SO_PATH ENGINE_CMD_BASE
176static const ENGINE_CMD_DEFN zencod_cmd_defns [ ] =
177{
178 { ZENCOD_CMD_SO_PATH,
179 "SO_PATH",
180 "Specifies the path to the 'zenbridge' shared library",
181 ENGINE_CMD_FLAG_STRING},
182 { 0, NULL, NULL, 0 }
183} ;
184
185
186#ifndef OPENSSL_NO_RSA
187/* Our internal RSA_METHOD specific to zencod ENGINE providing pointers to our function */
188static RSA_METHOD zencod_rsa =
189{
190 "ZENCOD RSA method",
191 NULL,
192 NULL,
193 NULL,
194 NULL,
195 RSA_zencod_rsa_mod_exp,
196 RSA_zencod_bn_mod_exp,
197 NULL,
198 NULL,
199 0,
200 NULL,
201 NULL,
202 NULL
203} ;
204#endif
205
206#ifndef OPENSSL_NO_DSA
207/* Our internal DSA_METHOD specific to zencod ENGINE providing pointers to our function */
208static DSA_METHOD zencod_dsa =
209{
210 "ZENCOD DSA method",
211 DSA_zencod_do_sign,
212 NULL,
213 DSA_zencod_do_verify,
214 NULL,
215 DSA_zencod_bn_mod_exp,
216 NULL,
217 NULL,
218 0,
219 NULL
220} ;
221#endif
222
223#ifndef OPENSSL_NO_DH
224/* Our internal DH_METHOD specific to zencod ENGINE providing pointers to our function */
225static DH_METHOD zencod_dh =
226{
227 "ZENCOD DH method",
228 DH_zencod_generate_key,
229 DH_zencod_compute_key,
230 DH_zencod_bn_mod_exp,
231 NULL,
232 NULL,
233 0,
234 NULL
235} ;
236#endif
237
238/* Our internal RAND_meth specific to zencod ZNGINE providing pointers to our function */
239static RAND_METHOD zencod_rand =
240{
241 RAND_zencod_seed,
242 RAND_zencod_rand_bytes,
243 NULL,
244 NULL,
245 RAND_zencod_rand_bytes,
246 RAND_zencod_rand_status
247} ;
248
249
250/* Constants used when creating the ENGINE */
251static const char *engine_zencod_id = "zencod";
252static const char *engine_zencod_name = "ZENCOD hardware engine support";
253
254
255/* This internal function is used by ENGINE_zencod () and possibly by the
256 * "dynamic" ENGINE support too ;-)
257 */
258static int bind_helper ( ENGINE *e )
259{
260
261#ifndef OPENSSL_NO_RSA
262 const RSA_METHOD *meth_rsa ;
263#endif
264#ifndef OPENSSL_NO_DSA
265 const DSA_METHOD *meth_dsa ;
266#endif
267#ifndef OPENSSL_NO_DH
268 const DH_METHOD *meth_dh ;
269#endif
270
271 const RAND_METHOD *meth_rand ;
272
273
274 if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
275 !ENGINE_set_name ( e, engine_zencod_name ) ||
276#ifndef OPENSSL_NO_RSA
277 !ENGINE_set_RSA ( e, &zencod_rsa ) ||
278#endif
279#ifndef OPENSSL_NO_DSA
280 !ENGINE_set_DSA ( e, &zencod_dsa ) ||
281#endif
282#ifndef OPENSSL_NO_DH
283 !ENGINE_set_DH ( e, &zencod_dh ) ||
284#endif
285 !ENGINE_set_RAND ( e, &zencod_rand ) ||
286
287 !ENGINE_set_destroy_function ( e, zencod_destroy ) ||
288 !ENGINE_set_init_function ( e, zencod_init ) ||
289 !ENGINE_set_finish_function ( e, zencod_finish ) ||
290 !ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
291 !ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
292 !ENGINE_set_digests ( e, engine_digests ) ||
293 !ENGINE_set_ciphers ( e, engine_ciphers ) ) {
294 return 0 ;
295 }
296
297#ifndef OPENSSL_NO_RSA
298 /* We know that the "PKCS1_SSLeay()" functions hook properly
299 * to the Zencod-specific mod_exp and mod_exp_crt so we use
300 * those functions. NB: We don't use ENGINE_openssl() or
301 * anything "more generic" because something like the RSAref
302 * code may not hook properly, and if you own one of these
303 * cards then you have the right to do RSA operations on it
304 * anyway!
305 */
306 meth_rsa = RSA_PKCS1_SSLeay () ;
307
308 zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
309 zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
310 zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
311 zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
312 /* meth_rsa->rsa_mod_exp */
313 /* meth_rsa->bn_mod_exp */
314 zencod_rsa.init = meth_rsa->init ;
315 zencod_rsa.finish = meth_rsa->finish ;
316#endif
317
318#ifndef OPENSSL_NO_DSA
319 /* We use OpenSSL meth to supply what we don't provide ;-*)
320 */
321 meth_dsa = DSA_OpenSSL () ;
322
323 /* meth_dsa->dsa_do_sign */
324 zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
325 /* meth_dsa->dsa_do_verify */
326 zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
327 /* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
328 zencod_dsa.init = meth_dsa->init ;
329 zencod_dsa.finish = meth_dsa->finish ;
330#endif
331
332#ifndef OPENSSL_NO_DH
333 /* We use OpenSSL meth to supply what we don't provide ;-*)
334 */
335 meth_dh = DH_OpenSSL () ;
336
337 /* zencod_dh.generate_key = meth_dh->generate_key ; */
338 /* zencod_dh.compute_key = meth_dh->compute_key ; */
339 /* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
340 zencod_dh.init = meth_dh->init ;
341 zencod_dh.finish = meth_dh->finish ;
342
343#endif
344
345 /* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
346 */
347 meth_rand = RAND_SSLeay () ;
348
349 /* meth_rand->seed ; */
350 /* zencod_rand.seed = meth_rand->seed ; */
351 /* meth_rand->bytes ; */
352 /* zencod_rand.bytes = meth_rand->bytes ; */
353 zencod_rand.cleanup = meth_rand->cleanup ;
354 zencod_rand.add = meth_rand->add ;
355 /* meth_rand->pseudorand ; */
356 /* zencod_rand.pseudorand = meth_rand->pseudorand ; */
357 /* zencod_rand.status = meth_rand->status ; */
358 /* meth_rand->status ; */
359
360 /* Ensure the zencod error handling is set up */
361 ERR_load_ZENCOD_strings () ;
362 return 1 ;
363}
364
365
366/* As this is only ever called once, there's no need for locking
367 * (indeed - the lock will already be held by our caller!!!)
368 */
369static ENGINE *ENGINE_zencod ( void )
370{
371
372 ENGINE *eng = ENGINE_new () ;
373
374 if ( !eng ) {
375 return NULL ;
376 }
377 if ( !bind_helper ( eng ) ) {
378 ENGINE_free ( eng ) ;
379 return NULL ;
380 }
381
382 return eng ;
383}
384
385
386#ifdef ENGINE_DYNAMIC_SUPPORT
387static
388#endif
389void ENGINE_load_zencod ( void )
390{
391 /* Copied from eng_[openssl|dyn].c */
392 ENGINE *toadd = ENGINE_zencod ( ) ;
393 if ( !toadd ) return ;
394 ENGINE_add ( toadd ) ;
395 ENGINE_free ( toadd ) ;
396 ERR_clear_error ( ) ;
397}
398
399
400/* This is a process-global DSO handle used for loading and unloading
401 * the ZENBRIDGE library.
402 * NB: This is only set (or unset) during an * init () or finish () call
403 * (reference counts permitting) and they're * operating with global locks,
404 * so this should be thread-safe * implicitly.
405 */
406static DSO *zencod_dso = NULL ;
407
408static t_zencod_test *ptr_zencod_test = NULL ;
409static t_zencod_bytes2bits *ptr_zencod_bytes2bits = NULL ;
410static t_zencod_bits2bytes *ptr_zencod_bits2bytes = NULL ;
411static t_zencod_new_number *ptr_zencod_new_number = NULL ;
412static t_zencod_init_number *ptr_zencod_init_number = NULL ;
413
414static t_zencod_rsa_mod_exp *ptr_zencod_rsa_mod_exp = NULL ;
415static t_zencod_rsa_mod_exp_crt *ptr_zencod_rsa_mod_exp_crt = NULL ;
416static t_zencod_dsa_do_sign *ptr_zencod_dsa_do_sign = NULL ;
417static t_zencod_dsa_do_verify *ptr_zencod_dsa_do_verify = NULL ;
418static t_zencod_dh_generate_key *ptr_zencod_dh_generate_key = NULL ;
419static t_zencod_dh_compute_key *ptr_zencod_dh_compute_key = NULL ;
420static t_zencod_rand_bytes *ptr_zencod_rand_bytes = NULL ;
421static t_zencod_math_mod_exp *ptr_zencod_math_mod_exp = NULL ;
422
423static t_zencod_md5_init *ptr_zencod_md5_init = NULL ;
424static t_zencod_md5_update *ptr_zencod_md5_update = NULL ;
425static t_zencod_md5_do_final *ptr_zencod_md5_do_final = NULL ;
426static t_zencod_sha1_init *ptr_zencod_sha1_init = NULL ;
427static t_zencod_sha1_update *ptr_zencod_sha1_update = NULL ;
428static t_zencod_sha1_do_final *ptr_zencod_sha1_do_final = NULL ;
429
430static t_zencod_xdes_cipher *ptr_zencod_xdes_cipher = NULL ;
431static t_zencod_rc4_cipher *ptr_zencod_rc4_cipher = NULL ;
432
433/* These are the static string constants for the DSO file name and the function
434 * symbol names to bind to.
435 */
436static const char *ZENCOD_LIBNAME = ZEN_LIBRARY ;
437
438static const char *ZENCOD_Fct_0 = "test_device" ;
439static const char *ZENCOD_Fct_1 = "zenbridge_bytes2bits" ;
440static const char *ZENCOD_Fct_2 = "zenbridge_bits2bytes" ;
441static const char *ZENCOD_Fct_3 = "zenbridge_new_number" ;
442static const char *ZENCOD_Fct_4 = "zenbridge_init_number" ;
443
444static const char *ZENCOD_Fct_exp_1 = "zenbridge_rsa_mod_exp" ;
445static const char *ZENCOD_Fct_exp_2 = "zenbridge_rsa_mod_exp_crt" ;
446static const char *ZENCOD_Fct_dsa_1 = "zenbridge_dsa_do_sign" ;
447static const char *ZENCOD_Fct_dsa_2 = "zenbridge_dsa_do_verify" ;
448static const char *ZENCOD_Fct_dh_1 = "zenbridge_dh_generate_key" ;
449static const char *ZENCOD_Fct_dh_2 = "zenbridge_dh_compute_key" ;
450static const char *ZENCOD_Fct_rand_1 = "zenbridge_rand_bytes" ;
451static const char *ZENCOD_Fct_math_1 = "zenbridge_math_mod_exp" ;
452
453static const char *ZENCOD_Fct_md5_1 = "zenbridge_md5_init" ;
454static const char *ZENCOD_Fct_md5_2 = "zenbridge_md5_update" ;
455static const char *ZENCOD_Fct_md5_3 = "zenbridge_md5_do_final" ;
456static const char *ZENCOD_Fct_sha1_1 = "zenbridge_sha1_init" ;
457static const char *ZENCOD_Fct_sha1_2 = "zenbridge_sha1_update" ;
458static const char *ZENCOD_Fct_sha1_3 = "zenbridge_sha1_do_final" ;
459
460static const char *ZENCOD_Fct_xdes_1 = "zenbridge_xdes_cipher" ;
461static const char *ZENCOD_Fct_rc4_1 = "zenbridge_rc4_cipher" ;
462
463/* Destructor (complements the "ENGINE_zencod ()" constructor)
464 */
465static int zencod_destroy (ENGINE *e )
466{
467
468 ERR_unload_ZENCOD_strings () ;
469
470 return 1 ;
471}
472
473
474/* (de)initialisation functions. Control Function
475 */
476static int zencod_init ( ENGINE *e )
477{
478
479 t_zencod_test *ptr_0 ;
480 t_zencod_bytes2bits *ptr_1 ;
481 t_zencod_bits2bytes *ptr_2 ;
482 t_zencod_new_number *ptr_3 ;
483 t_zencod_init_number *ptr_4 ;
484 t_zencod_rsa_mod_exp *ptr_exp_1 ;
485 t_zencod_rsa_mod_exp_crt *ptr_exp_2 ;
486 t_zencod_dsa_do_sign *ptr_dsa_1 ;
487 t_zencod_dsa_do_verify *ptr_dsa_2 ;
488 t_zencod_dh_generate_key *ptr_dh_1 ;
489 t_zencod_dh_compute_key *ptr_dh_2 ;
490 t_zencod_rand_bytes *ptr_rand_1 ;
491 t_zencod_math_mod_exp *ptr_math_1 ;
492 t_zencod_md5_init *ptr_md5_1 ;
493 t_zencod_md5_update *ptr_md5_2 ;
494 t_zencod_md5_do_final *ptr_md5_3 ;
495 t_zencod_sha1_init *ptr_sha1_1 ;
496 t_zencod_sha1_update *ptr_sha1_2 ;
497 t_zencod_sha1_do_final *ptr_sha1_3 ;
498 t_zencod_xdes_cipher *ptr_xdes_1 ;
499 t_zencod_rc4_cipher *ptr_rc4_1 ;
500
501 CHEESE () ;
502
503 /*
504 * We Should add some tests for non NULL parameters or bad value !!
505 * Stuff to be done ...
506 */
507
508 if ( zencod_dso != NULL ) {
509 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_ALREADY_LOADED ) ;
510 goto err ;
511 }
512 /* Trying to load the Library "cryptozen"
513 */
514 zencod_dso = DSO_load ( NULL, ZENCOD_LIBNAME, NULL, 0 ) ;
515 if ( zencod_dso == NULL ) {
516 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
517 goto err ;
518 }
519
520 /* Trying to load Function from the Library
521 */
522 if ( ! ( ptr_1 = (t_zencod_bytes2bits*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_1 ) ) ||
523 ! ( ptr_2 = (t_zencod_bits2bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_2 ) ) ||
524 ! ( ptr_3 = (t_zencod_new_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_3 ) ) ||
525 ! ( ptr_4 = (t_zencod_init_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_4 ) ) ||
526 ! ( ptr_exp_1 = (t_zencod_rsa_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_1 ) ) ||
527 ! ( ptr_exp_2 = (t_zencod_rsa_mod_exp_crt*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_2 ) ) ||
528 ! ( ptr_dsa_1 = (t_zencod_dsa_do_sign*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_1 ) ) ||
529 ! ( ptr_dsa_2 = (t_zencod_dsa_do_verify*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_2 ) ) ||
530 ! ( ptr_dh_1 = (t_zencod_dh_generate_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_1 ) ) ||
531 ! ( ptr_dh_2 = (t_zencod_dh_compute_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_2 ) ) ||
532 ! ( ptr_rand_1 = (t_zencod_rand_bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rand_1 ) ) ||
533 ! ( ptr_math_1 = (t_zencod_math_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_math_1 ) ) ||
534 ! ( ptr_0 = (t_zencod_test *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_0 ) ) ||
535 ! ( ptr_md5_1 = (t_zencod_md5_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_1 ) ) ||
536 ! ( ptr_md5_2 = (t_zencod_md5_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_2 ) ) ||
537 ! ( ptr_md5_3 = (t_zencod_md5_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_3 ) ) ||
538 ! ( ptr_sha1_1 = (t_zencod_sha1_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_1 ) ) ||
539 ! ( ptr_sha1_2 = (t_zencod_sha1_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_2 ) ) ||
540 ! ( ptr_sha1_3 = (t_zencod_sha1_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_3 ) ) ||
541 ! ( ptr_xdes_1 = (t_zencod_xdes_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_xdes_1 ) ) ||
542 ! ( ptr_rc4_1 = (t_zencod_rc4_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rc4_1 ) ) ) {
543
544 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
545 goto err ;
546 }
547
548 /* The function from "cryptozen" Library have been correctly loaded so copy them
549 */
550 ptr_zencod_test = ptr_0 ;
551 ptr_zencod_bytes2bits = ptr_1 ;
552 ptr_zencod_bits2bytes = ptr_2 ;
553 ptr_zencod_new_number = ptr_3 ;
554 ptr_zencod_init_number = ptr_4 ;
555 ptr_zencod_rsa_mod_exp = ptr_exp_1 ;
556 ptr_zencod_rsa_mod_exp_crt = ptr_exp_2 ;
557 ptr_zencod_dsa_do_sign = ptr_dsa_1 ;
558 ptr_zencod_dsa_do_verify = ptr_dsa_2 ;
559 ptr_zencod_dh_generate_key = ptr_dh_1 ;
560 ptr_zencod_dh_compute_key = ptr_dh_2 ;
561 ptr_zencod_rand_bytes = ptr_rand_1 ;
562 ptr_zencod_math_mod_exp = ptr_math_1 ;
563 ptr_zencod_test = ptr_0 ;
564 ptr_zencod_md5_init = ptr_md5_1 ;
565 ptr_zencod_md5_update = ptr_md5_2 ;
566 ptr_zencod_md5_do_final = ptr_md5_3 ;
567 ptr_zencod_sha1_init = ptr_sha1_1 ;
568 ptr_zencod_sha1_update = ptr_sha1_2 ;
569 ptr_zencod_sha1_do_final = ptr_sha1_3 ;
570 ptr_zencod_xdes_cipher = ptr_xdes_1 ;
571 ptr_zencod_rc4_cipher = ptr_rc4_1 ;
572
573 /* We should peform a test to see if there is actually any unit runnig on the system ...
574 * Even if the cryptozen library is loaded the module coul not be loaded on the system ...
575 * For now we may just open and close the device !!
576 */
577
578 if ( ptr_zencod_test () != 0 ) {
579 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_UNIT_FAILURE ) ;
580 goto err ;
581 }
582
583 return 1 ;
584err :
585 if ( zencod_dso ) {
586 DSO_free ( zencod_dso ) ;
587 }
588 zencod_dso = NULL ;
589 ptr_zencod_bytes2bits = NULL ;
590 ptr_zencod_bits2bytes = NULL ;
591 ptr_zencod_new_number = NULL ;
592 ptr_zencod_init_number = NULL ;
593 ptr_zencod_rsa_mod_exp = NULL ;
594 ptr_zencod_rsa_mod_exp_crt = NULL ;
595 ptr_zencod_dsa_do_sign = NULL ;
596 ptr_zencod_dsa_do_verify = NULL ;
597 ptr_zencod_dh_generate_key = NULL ;
598 ptr_zencod_dh_compute_key = NULL ;
599 ptr_zencod_rand_bytes = NULL ;
600 ptr_zencod_math_mod_exp = NULL ;
601 ptr_zencod_test = NULL ;
602 ptr_zencod_md5_init = NULL ;
603 ptr_zencod_md5_update = NULL ;
604 ptr_zencod_md5_do_final = NULL ;
605 ptr_zencod_sha1_init = NULL ;
606 ptr_zencod_sha1_update = NULL ;
607 ptr_zencod_sha1_do_final = NULL ;
608 ptr_zencod_xdes_cipher = NULL ;
609 ptr_zencod_rc4_cipher = NULL ;
610
611 return 0 ;
612}
613
614
615static int zencod_finish ( ENGINE *e )
616{
617
618 CHEESE () ;
619
620 /*
621 * We Should add some tests for non NULL parameters or bad value !!
622 * Stuff to be done ...
623 */
624 if ( zencod_dso == NULL ) {
625 ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_NOT_LOADED ) ;
626 return 0 ;
627 }
628 if ( !DSO_free ( zencod_dso ) ) {
629 ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_DSO_FAILURE ) ;
630 return 0 ;
631 }
632
633 zencod_dso = NULL ;
634
635 ptr_zencod_bytes2bits = NULL ;
636 ptr_zencod_bits2bytes = NULL ;
637 ptr_zencod_new_number = NULL ;
638 ptr_zencod_init_number = NULL ;
639 ptr_zencod_rsa_mod_exp = NULL ;
640 ptr_zencod_rsa_mod_exp_crt = NULL ;
641 ptr_zencod_dsa_do_sign = NULL ;
642 ptr_zencod_dsa_do_verify = NULL ;
643 ptr_zencod_dh_generate_key = NULL ;
644 ptr_zencod_dh_compute_key = NULL ;
645 ptr_zencod_rand_bytes = NULL ;
646 ptr_zencod_math_mod_exp = NULL ;
647 ptr_zencod_test = NULL ;
648 ptr_zencod_md5_init = NULL ;
649 ptr_zencod_md5_update = NULL ;
650 ptr_zencod_md5_do_final = NULL ;
651 ptr_zencod_sha1_init = NULL ;
652 ptr_zencod_sha1_update = NULL ;
653 ptr_zencod_sha1_do_final = NULL ;
654 ptr_zencod_xdes_cipher = NULL ;
655 ptr_zencod_rc4_cipher = NULL ;
656
657 return 1 ;
658}
659
660
661static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () )
662{
663
664 int initialised = ( ( zencod_dso == NULL ) ? 0 : 1 ) ;
665
666 CHEESE () ;
667
668 /*
669 * We Should add some tests for non NULL parameters or bad value !!
670 * Stuff to be done ...
671 */
672 switch ( cmd ) {
673 case ZENCOD_CMD_SO_PATH :
674 if ( p == NULL ) {
675 ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ERR_R_PASSED_NULL_PARAMETER ) ;
676 return 0 ;
677 }
678 if ( initialised ) {
679 ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_ALREADY_LOADED ) ;
680 return 0 ;
681 }
682 ZENCOD_LIBNAME = (const char *) p ;
683 return 1 ;
684 default :
685 break ;
686 }
687
688 ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ) ;
689
690 return 0 ;
691}
692
693
694/* BIGNUM stuff Functions
695 */
696static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx )
697{
698 zen_nb_t y, x, e, n;
699 int ret;
700
701 CHEESE () ;
702
703 if ( !zencod_dso ) {
704 ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_NOT_LOADED);
705 return 0;
706 }
707
708 if ( !bn_wexpand(r, m->top + 1) ) {
709 ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
710 return 0;
711 }
712
713 memset(r->d, 0, BN_num_bytes(m));
714
715 ptr_zencod_init_number ( &y, (r->dmax - 1) * sizeof (BN_ULONG) * 8, (unsigned char *) r->d ) ;
716 BIGNUM2ZEN ( &x, a ) ;
717 BIGNUM2ZEN ( &e, p ) ;
718 BIGNUM2ZEN ( &n, m ) ;
719
720 /* Must invert x and e parameter due to BN mod exp prototype ... */
721 ret = ptr_zencod_math_mod_exp ( &y, &e, &x, &n ) ;
722
723 if ( ret ) {
724 PERROR("zenbridge_math_mod_exp");
725 ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
726 return 0;
727 }
728
729 r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
730
731 return 1;
732}
733
734
735/* RSA stuff Functions
736 */
737#ifndef OPENSSL_NO_RSA
738static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *i, RSA *rsa )
739{
740
741 CHEESE () ;
742
743 if ( !zencod_dso ) {
744 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED);
745 return 0;
746 }
747
748 if ( !rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp ) {
749 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BAD_KEY_COMPONENTS);
750 return 0;
751 }
752
753 /* Do in software if argument is too large for hardware */
754 if ( RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT ) {
755 const RSA_METHOD *meth;
756
757 meth = RSA_PKCS1_SSLeay();
758 return meth->rsa_mod_exp(r0, i, rsa);
759 } else {
760 zen_nb_t y, x, p, q, dmp1, dmq1, iqmp;
761
762 if ( !bn_expand(r0, RSA_size(rsa) * 8) ) {
763 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BN_EXPAND_FAIL);
764 return 0;
765 }
766 r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2;
767
768 BIGNUM2ZEN ( &x, i ) ;
769 BIGNUM2ZEN ( &y, r0 ) ;
770 BIGNUM2ZEN ( &p, rsa->p ) ;
771 BIGNUM2ZEN ( &q, rsa->q ) ;
772 BIGNUM2ZEN ( &dmp1, rsa->dmp1 ) ;
773 BIGNUM2ZEN ( &dmq1, rsa->dmq1 ) ;
774 BIGNUM2ZEN ( &iqmp, rsa->iqmp ) ;
775
776 if ( ptr_zencod_rsa_mod_exp_crt ( &y, &x, &p, &q, &dmp1, &dmq1, &iqmp ) < 0 ) {
777 PERROR("zenbridge_rsa_mod_exp_crt");
778 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_REQUEST_FAILED);
779 return 0;
780 }
781
782 return 1;
783 }
784}
785
786
787/* This function is aliased to RSA_mod_exp (with the mont stuff dropped).
788 */
789static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
790 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx )
791{
792
793 CHEESE () ;
794
795 if ( !zencod_dso ) {
796 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED);
797 return 0;
798 }
799
800 /* Do in software if argument is too large for hardware */
801 if ( BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA ) {
802 const RSA_METHOD *meth;
803
804 meth = RSA_PKCS1_SSLeay();
805 return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx);
806 } else {
807 zen_nb_t y, x, e, n;
808
809 if ( !bn_expand(r, BN_num_bits(m)) ) {
810 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
811 return 0;
812 }
813 r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
814
815 BIGNUM2ZEN ( &x, a ) ;
816 BIGNUM2ZEN ( &y, r ) ;
817 BIGNUM2ZEN ( &e, p ) ;
818 BIGNUM2ZEN ( &n, m ) ;
819
820 if ( ptr_zencod_rsa_mod_exp ( &y, &x, &n, &e ) < 0 ) {
821 PERROR("zenbridge_rsa_mod_exp");
822 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
823 return 0;
824 }
825
826 return 1;
827 }
828}
829#endif /* !OPENSSL_NO_RSA */
830
831
832#ifndef OPENSSL_NO_DSA
833/* DSA stuff Functions
834 */
835static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa )
836{
837 zen_nb_t p, q, g, x, y, r, s, data;
838 DSA_SIG *sig;
839 BIGNUM *bn_r = NULL;
840 BIGNUM *bn_s = NULL;
841 char msg[20];
842
843 CHEESE();
844
845 if ( !zencod_dso ) {
846 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);
847 goto FAILED;
848 }
849
850 if ( dlen > 160 ) {
851 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
852 goto FAILED;
853 }
854
855 /* Do in software if argument is too large for hardware */
856 if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
857 BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
858 const DSA_METHOD *meth;
859 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
860 meth = DSA_OpenSSL();
861 return meth->dsa_do_sign(dgst, dlen, dsa);
862 }
863
864 if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) {
865 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
866 goto FAILED;
867 }
868
869 if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) {
870 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);
871 goto FAILED;
872 }
873
874 bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
875 BIGNUM2ZEN ( &p, dsa->p ) ;
876 BIGNUM2ZEN ( &q, dsa->q ) ;
877 BIGNUM2ZEN ( &g, dsa->g ) ;
878 BIGNUM2ZEN ( &x, dsa->priv_key ) ;
879 BIGNUM2ZEN ( &y, dsa->pub_key ) ;
880 BIGNUM2ZEN ( &r, bn_r ) ;
881 BIGNUM2ZEN ( &s, bn_s ) ;
882 q.len = x.len = 160;
883
884 ypcmem(msg, dgst, 20);
885 ptr_zencod_init_number ( &data, 160, msg ) ;
886
887 if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {
888 PERROR("zenbridge_dsa_do_sign");
889 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
890 goto FAILED;
891 }
892
893 if ( !( sig = DSA_SIG_new () ) ) {
894 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
895 goto FAILED;
896 }
897 sig->r = bn_r;
898 sig->s = bn_s;
899 return sig;
900
901 FAILED:
902 if (bn_r)
903 BN_free(bn_r);
904 if (bn_s)
905 BN_free(bn_s);
906 return NULL;
907}
908
909
910static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )
911{
912 zen_nb_t data, p, q, g, y, r, s, v;
913 char msg[20];
914 char v_data[20];
915 int ret;
916
917 CHEESE();
918
919 if ( !zencod_dso ) {
920 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
921 return 0;
922 }
923
924 if ( dlen > 160 ) {
925 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
926 return 0;
927 }
928
929 /* Do in software if argument is too large for hardware */
930 if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
931 BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
932 const DSA_METHOD *meth;
933 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
934 meth = DSA_OpenSSL();
935 return meth->dsa_do_verify(dgst, dlen, sig, dsa);
936 }
937
938 BIGNUM2ZEN ( &p, dsa->p ) ;
939 BIGNUM2ZEN ( &q, dsa->q ) ;
940 BIGNUM2ZEN ( &g, dsa->g ) ;
941 BIGNUM2ZEN ( &y, dsa->pub_key ) ;
942 BIGNUM2ZEN ( &r, sig->r ) ;
943 BIGNUM2ZEN ( &s, sig->s ) ;
944 ptr_zencod_init_number ( &v, 160, v_data ) ;
945 ypcmem(msg, dgst, 20);
946 ptr_zencod_init_number ( &data, 160, msg ) ;
947
948 if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {
949 PERROR("zenbridge_dsa_do_verify");
950 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
951 return 0;
952 }
953
954 return ( ( ret == 0 ) ? 1 : ret ) ;
955}
956
957
958static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
959 BN_CTX *ctx, BN_MONT_CTX *m_ctx )
960{
961 CHEESE () ;
962
963 return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
964}
965#endif /* !OPENSSL_NO_DSA */
966
967
968#ifndef OPENSSl_NO_DH
969/* DH stuff Functions
970 */
971static int DH_zencod_generate_key ( DH *dh )
972{
973 BIGNUM *bn_prv = NULL;
974 BIGNUM *bn_pub = NULL;
975 zen_nb_t y, x, g, p;
976 int generate_x;
977
978 CHEESE();
979
980 if ( !zencod_dso ) {
981 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED);
982 return 0;
983 }
984
985 /* Private key */
986 if ( dh->priv_key ) {
987 bn_prv = dh->priv_key;
988 generate_x = 0;
989 } else {
990 if (!(bn_prv = BN_new())) {
991 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
992 goto FAILED;
993 }
994 generate_x = 1;
995 }
996
997 /* Public key */
998 if ( dh->pub_key )
999 bn_pub = dh->pub_key;
1000 else
1001 if ( !( bn_pub = BN_new () ) ) {
1002 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
1003 goto FAILED;
1004 }
1005
1006 /* Expand */
1007 if ( !bn_wexpand ( bn_prv, dh->p->dmax ) ||
1008 !bn_wexpand ( bn_pub, dh->p->dmax ) ) {
1009 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
1010 goto FAILED;
1011 }
1012 bn_prv->top = dh->p->top;
1013 bn_pub->top = dh->p->top;
1014
1015 /* Convert all keys */
1016 BIGNUM2ZEN ( &p, dh->p ) ;
1017 BIGNUM2ZEN ( &g, dh->g ) ;
1018 BIGNUM2ZEN ( &y, bn_pub ) ;
1019 BIGNUM2ZEN ( &x, bn_prv ) ;
1020 x.len = DH_size(dh) * 8;
1021
1022 /* Adjust the lengths of P and G */
1023 p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
1024 g.len = ptr_zencod_bytes2bits ( g.data, ZEN_BYTES ( g.len ) ) ;
1025
1026 /* Send the request to the driver */
1027 if ( ptr_zencod_dh_generate_key ( &y, &x, &g, &p, generate_x ) < 0 ) {
1028 perror("zenbridge_dh_generate_key");
1029 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED);
1030 goto FAILED;
1031 }
1032
1033 dh->priv_key = bn_prv;
1034 dh->pub_key = bn_pub;
1035
1036 return 1;
1037
1038 FAILED:
1039 if (!dh->priv_key && bn_prv)
1040 BN_free(bn_prv);
1041 if (!dh->pub_key && bn_pub)
1042 BN_free(bn_pub);
1043
1044 return 0;
1045}
1046
1047
1048static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh )
1049{
1050 zen_nb_t y, x, p, k;
1051
1052 CHEESE();
1053
1054 if ( !zencod_dso ) {
1055 ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED);
1056 return 0;
1057 }
1058
1059 if ( !dh->priv_key ) {
1060 ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS);
1061 return 0;
1062 }
1063
1064 /* Convert all keys */
1065 BIGNUM2ZEN ( &y, pub_key ) ;
1066 BIGNUM2ZEN ( &x, dh->priv_key ) ;
1067 BIGNUM2ZEN ( &p, dh->p ) ;
1068 ptr_zencod_init_number ( &k, p.len, key ) ;
1069
1070 /* Adjust the lengths */
1071 p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
1072 y.len = ptr_zencod_bytes2bits ( y.data, ZEN_BYTES ( y.len ) ) ;
1073 x.len = ptr_zencod_bytes2bits ( x.data, ZEN_BYTES ( x.len ) ) ;
1074
1075 /* Call the hardware */
1076 if ( ptr_zencod_dh_compute_key ( &k, &y, &x, &p ) < 0 ) {
1077 ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED);
1078 return 0;
1079 }
1080
1081 /* The key must be written MSB -> LSB */
1082 k.len = ptr_zencod_bytes2bits ( k.data, ZEN_BYTES ( k.len ) ) ;
1083 esrever ( key, ZEN_BYTES ( k.len ) ) ;
1084
1085 return ZEN_BYTES ( k.len ) ;
1086}
1087
1088
1089static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
1090 BN_MONT_CTX *m_ctx )
1091{
1092 CHEESE () ;
1093
1094 return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
1095}
1096#endif /* !OPENSSL_NO_DH */
1097
1098
1099/* RAND stuff Functions
1100 */
1101static void RAND_zencod_seed ( const void *buf, int num )
1102{
1103 /* Nothing to do cause our crypto accelerator provide a true random generator */
1104}
1105
1106
1107static int RAND_zencod_rand_bytes ( unsigned char *buf, int num )
1108{
1109 zen_nb_t r;
1110
1111 CHEESE();
1112
1113 if ( !zencod_dso ) {
1114 ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED);
1115 return 0;
1116 }
1117
1118 ptr_zencod_init_number ( &r, num * 8, buf ) ;
1119
1120 if ( ptr_zencod_rand_bytes ( &r, ZENBRIDGE_RNG_DIRECT ) < 0 ) {
1121 PERROR("zenbridge_rand_bytes");
1122 ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED);
1123 return 0;
1124 }
1125
1126 return 1;
1127}
1128
1129
1130static int RAND_zencod_rand_status ( void )
1131{
1132 CHEESE () ;
1133
1134 return 1;
1135}
1136
1137
1138/* This stuff is needed if this ENGINE is being compiled into a self-contained
1139 * shared-library.
1140 */
1141#ifdef ENGINE_DYNAMIC_SUPPORT
1142static int bind_fn ( ENGINE *e, const char *id )
1143{
1144
1145 if ( id && ( strcmp ( id, engine_zencod_id ) != 0 ) ) {
1146 return 0 ;
1147 }
1148 if ( !bind_helper ( e ) ) {
1149 return 0 ;
1150 }
1151
1152 return 1 ;
1153}
1154
1155IMPLEMENT_DYNAMIC_CHECK_FN ()
1156IMPLEMENT_DYNAMIC_BIND_FN ( bind_fn )
1157#endif /* ENGINE_DYNAMIC_SUPPORT */
1158
1159
1160
1161
1162/*
1163 * Adding "Digest" and "Cipher" tools ...
1164 * This is in development ... ;-)
1165 * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth),
1166 * and evp, sha md5 definitions etc ...
1167 */
1168/* First add some include ... */
1169#include <openssl/evp.h>
1170#include <openssl/sha.h>
1171#include <openssl/md5.h>
1172#include <openssl/rc4.h>
1173#include <openssl/des.h>
1174
1175
1176/* Some variables declaration ... */
1177/* DONS:
1178 * Disable symetric computation except DES and 3DES, but let part of the code
1179 */
1180/* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */
1181static int engine_digest_nids [ ] = { } ;
1182static int engine_digest_nids_num = 0 ;
1183/* static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc, NID_des_ede3_cbc } ; */
1184static int engine_cipher_nids [ ] = { NID_des_cbc, NID_des_ede3_cbc } ;
1185static int engine_cipher_nids_num = 2 ;
1186
1187
1188/* Function prototype ... */
1189/* SHA stuff */
1190static int engine_sha1_init ( EVP_MD_CTX *ctx ) ;
1191static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
1192static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
1193
1194/* MD5 stuff */
1195static int engine_md5_init ( EVP_MD_CTX *ctx ) ;
1196static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
1197static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
1198
1199static int engine_md_cleanup ( EVP_MD_CTX *ctx ) ;
1200static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) ;
1201
1202
1203/* RC4 Stuff */
1204static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
1205static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
1206
1207/* DES Stuff */
1208static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
1209static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
1210
1211/* 3DES Stuff */
1212static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
1213static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out,const unsigned char *in, unsigned int inl ) ;
1214
1215static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) ; /* cleanup ctx */
1216
1217
1218/* The one for SHA ... */
1219static const EVP_MD engine_sha1_md =
1220{
1221 NID_sha1,
1222 NID_sha1WithRSAEncryption,
1223 SHA_DIGEST_LENGTH,
1224 EVP_MD_FLAG_ONESHOT,
1225 /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
1226 * XXX: set according to device info ... */
1227 engine_sha1_init,
1228 engine_sha1_update,
1229 engine_sha1_final,
1230 engine_md_copy, /* dev_crypto_sha_copy */
1231 engine_md_cleanup, /* dev_crypto_sha_cleanup */
1232 EVP_PKEY_RSA_method,
1233 SHA_CBLOCK,
1234 /* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */
1235 sizeof ( ZEN_MD_DATA )
1236 /* sizeof ( MD_CTX_DATA ) The message digest data structure ... */
1237} ;
1238
1239/* The one for MD5 ... */
1240static const EVP_MD engine_md5_md =
1241{
1242 NID_md5,
1243 NID_md5WithRSAEncryption,
1244 MD5_DIGEST_LENGTH,
1245 EVP_MD_FLAG_ONESHOT,
1246 /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
1247 * XXX: set according to device info ... */
1248 engine_md5_init,
1249 engine_md5_update,
1250 engine_md5_final,
1251 engine_md_copy, /* dev_crypto_md5_copy */
1252 engine_md_cleanup, /* dev_crypto_md5_cleanup */
1253 EVP_PKEY_RSA_method,
1254 MD5_CBLOCK,
1255 /* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */
1256 sizeof ( ZEN_MD_DATA )
1257 /* sizeof ( MD_CTX_DATA ) The message digest data structure ... */
1258} ;
1259
1260
1261/* The one for RC4 ... */
1262#define EVP_RC4_KEY_SIZE 16
1263
1264/* Try something static ... */
1265typedef struct
1266{
1267 unsigned int len ;
1268 unsigned int first ;
1269 unsigned char rc4_state [ 260 ] ;
1270} NEW_ZEN_RC4_KEY ;
1271
1272#define rc4_data(ctx) ( (EVP_RC4_KEY *) ( ctx )->cipher_data )
1273
1274static const EVP_CIPHER engine_rc4 =
1275{
1276 NID_rc4,
1277 1,
1278 16, /* EVP_RC4_KEY_SIZE should be 128 bits */
1279 0, /* FIXME: key should be up to 256 bytes */
1280 EVP_CIPH_VARIABLE_LENGTH,
1281 engine_rc4_init_key,
1282 engine_rc4_cipher,
1283 engine_cipher_cleanup,
1284 sizeof ( NEW_ZEN_RC4_KEY ),
1285 NULL,
1286 NULL,
1287 NULL
1288} ;
1289
1290/* The one for RC4_40 ... */
1291static const EVP_CIPHER engine_rc4_40 =
1292{
1293 NID_rc4_40,
1294 1,
1295 5, /* 40 bits */
1296 0,
1297 EVP_CIPH_VARIABLE_LENGTH,
1298 engine_rc4_init_key,
1299 engine_rc4_cipher,
1300 engine_cipher_cleanup,
1301 sizeof ( NEW_ZEN_RC4_KEY ),
1302 NULL,
1303 NULL,
1304 NULL
1305} ;
1306
1307/* The one for DES ... */
1308
1309/* Try something static ... */
1310typedef struct
1311{
1312 unsigned char des_key [ 24 ] ;
1313 unsigned char des_iv [ 8 ] ;
1314} ZEN_DES_KEY ;
1315
1316static const EVP_CIPHER engine_des_cbc =
1317 {
1318 NID_des_cbc,
1319 8, 8, 8,
1320 0 | EVP_CIPH_CBC_MODE,
1321 engine_des_init_key,
1322 engine_des_cbc_cipher,
1323 engine_cipher_cleanup,
1324 sizeof(ZEN_DES_KEY),
1325 EVP_CIPHER_set_asn1_iv,
1326 EVP_CIPHER_get_asn1_iv,
1327 NULL,
1328 NULL
1329 };
1330
1331/* The one for 3DES ... */
1332
1333/* Try something static ... */
1334typedef struct
1335{
1336 unsigned char des3_key [ 24 ] ;
1337 unsigned char des3_iv [ 8 ] ;
1338} ZEN_3DES_KEY ;
1339
1340#define des_data(ctx) ( (DES_EDE_KEY *) ( ctx )->cipher_data )
1341
1342static const EVP_CIPHER engine_des_ede3_cbc =
1343 {
1344 NID_des_ede3_cbc,
1345 8, 8, 8,
1346 0 | EVP_CIPH_CBC_MODE,
1347 engine_des_ede3_init_key,
1348 engine_des_ede3_cbc_cipher,
1349 engine_cipher_cleanup,
1350 sizeof(ZEN_3DES_KEY),
1351 EVP_CIPHER_set_asn1_iv,
1352 EVP_CIPHER_get_asn1_iv,
1353 NULL,
1354 NULL
1355 };
1356
1357
1358/* General function cloned on hw_openbsd_dev_crypto one ... */
1359static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid )
1360{
1361
1362#ifdef DEBUG_ZENCOD_MD
1363 fprintf ( stderr, "\t=>Function : static int engine_digests () called !\n" ) ;
1364#endif
1365
1366 if ( !digest ) {
1367 /* We are returning a list of supported nids */
1368 *nids = engine_digest_nids ;
1369 return engine_digest_nids_num ;
1370 }
1371 /* We are being asked for a specific digest */
1372 if ( nid == NID_md5 ) {
1373 *digest = &engine_md5_md ;
1374 }
1375 else if ( nid == NID_sha1 ) {
1376 *digest = &engine_sha1_md ;
1377 }
1378 else {
1379 *digest = NULL ;
1380 return 0 ;
1381 }
1382 return 1 ;
1383}
1384
1385
1386/* SHA stuff Functions
1387 */
1388static int engine_sha1_init ( EVP_MD_CTX *ctx )
1389{
1390
1391 int to_return = 0 ;
1392
1393 /* Test with zenbridge library ... */
1394 to_return = ptr_zencod_sha1_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
1395 to_return = !to_return ;
1396
1397 return to_return ;
1398}
1399
1400
1401static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
1402{
1403
1404 zen_nb_t input ;
1405 int to_return = 0 ;
1406
1407 /* Convert parameters ... */
1408 input.len = count ;
1409 input.data = (unsigned char *) data ;
1410
1411 /* Test with zenbridge library ... */
1412 to_return = ptr_zencod_sha1_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
1413 to_return = !to_return ;
1414
1415 return to_return ;
1416}
1417
1418
1419static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md )
1420{
1421
1422 zen_nb_t output ;
1423 int to_return = 0 ;
1424
1425 /* Convert parameters ... */
1426 output.len = SHA_DIGEST_LENGTH ;
1427 output.data = md ;
1428
1429 /* Test with zenbridge library ... */
1430 to_return = ptr_zencod_sha1_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
1431 to_return = !to_return ;
1432
1433 return to_return ;
1434}
1435
1436
1437
1438/* MD5 stuff Functions
1439 */
1440static int engine_md5_init ( EVP_MD_CTX *ctx )
1441{
1442
1443 int to_return = 0 ;
1444
1445 /* Test with zenbridge library ... */
1446 to_return = ptr_zencod_md5_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
1447 to_return = !to_return ;
1448
1449 return to_return ;
1450}
1451
1452
1453static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
1454{
1455
1456 zen_nb_t input ;
1457 int to_return = 0 ;
1458
1459 /* Convert parameters ... */
1460 input.len = count ;
1461 input.data = (unsigned char *) data ;
1462
1463 /* Test with zenbridge library ... */
1464 to_return = ptr_zencod_md5_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
1465 to_return = !to_return ;
1466
1467 return to_return ;
1468}
1469
1470
1471static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md )
1472{
1473
1474 zen_nb_t output ;
1475 int to_return = 0 ;
1476
1477 /* Convert parameters ... */
1478 output.len = MD5_DIGEST_LENGTH ;
1479 output.data = md ;
1480
1481 /* Test with zenbridge library ... */
1482 to_return = ptr_zencod_md5_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
1483 to_return = !to_return ;
1484
1485 return to_return ;
1486}
1487
1488
1489static int engine_md_cleanup ( EVP_MD_CTX *ctx )
1490{
1491
1492 ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *) ctx->md_data ;
1493
1494 if ( zen_md_data->HashBuffer != NULL ) {
1495 OPENSSL_free ( zen_md_data->HashBuffer ) ;
1496 zen_md_data->HashBufferSize = 0 ;
1497 ctx->md_data = NULL ;
1498 }
1499
1500 return 1 ;
1501}
1502
1503
1504static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from )
1505{
1506 const ZEN_MD_DATA *from_md = (ZEN_MD_DATA *) from->md_data ;
1507 ZEN_MD_DATA *to_md = (ZEN_MD_DATA *) to->md_data ;
1508
1509 to_md->HashBuffer = OPENSSL_malloc ( from_md->HashBufferSize ) ;
1510 memcpy ( to_md->HashBuffer, from_md->HashBuffer, from_md->HashBufferSize ) ;
1511
1512 return 1;
1513}
1514
1515
1516/* General function cloned on hw_openbsd_dev_crypto one ... */
1517static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid )
1518{
1519
1520 if ( !cipher ) {
1521 /* We are returning a list of supported nids */
1522 *nids = engine_cipher_nids ;
1523 return engine_cipher_nids_num ;
1524 }
1525 /* We are being asked for a specific cipher */
1526 if ( nid == NID_rc4 ) {
1527 *cipher = &engine_rc4 ;
1528 }
1529 else if ( nid == NID_rc4_40 ) {
1530 *cipher = &engine_rc4_40 ;
1531 }
1532 else if ( nid == NID_des_cbc ) {
1533 *cipher = &engine_des_cbc ;
1534 }
1535 else if ( nid == NID_des_ede3_cbc ) {
1536 *cipher = &engine_des_ede3_cbc ;
1537 }
1538 else {
1539 *cipher = NULL ;
1540 return 0 ;
1541 }
1542
1543 return 1 ;
1544}
1545
1546
1547static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
1548{
1549 int to_return = 0 ;
1550 int i = 0 ;
1551 int nb = 0 ;
1552 NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
1553
1554 tmp_rc4_key = (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ;
1555 tmp_rc4_key->first = 0 ;
1556 tmp_rc4_key->len = ctx->key_len ;
1557 tmp_rc4_key->rc4_state [ 0 ] = 0x00 ;
1558 tmp_rc4_key->rc4_state [ 2 ] = 0x00 ;
1559 nb = 256 / ctx->key_len ;
1560 for ( i = 0; i < nb ; i++ ) {
1561 memcpy ( &( tmp_rc4_key->rc4_state [ 4 + i*ctx->key_len ] ), key, ctx->key_len ) ;
1562 }
1563
1564 to_return = 1 ;
1565
1566 return to_return ;
1567}
1568
1569
1570static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int in_len )
1571{
1572
1573 zen_nb_t output, input ;
1574 zen_nb_t rc4key ;
1575 int to_return = 0 ;
1576 NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
1577
1578 /* Convert parameters ... */
1579 input.len = in_len ;
1580 input.data = (unsigned char *) in ;
1581 output.len = in_len ;
1582 output.data = (unsigned char *) out ;
1583
1584 tmp_rc4_key = ( (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ) ;
1585 rc4key.len = 260 ;
1586 rc4key.data = &( tmp_rc4_key->rc4_state [ 0 ] ) ;
1587
1588 /* Test with zenbridge library ... */
1589 to_return = ptr_zencod_rc4_cipher ( &output, &input, (const zen_nb_t *) &rc4key, &( tmp_rc4_key->rc4_state [0] ), &( tmp_rc4_key->rc4_state [3] ), !tmp_rc4_key->first ) ;
1590 to_return = !to_return ;
1591
1592 /* Update encryption state ... */
1593 tmp_rc4_key->first = 1 ;
1594 tmp_rc4_key = NULL ;
1595
1596 return to_return ;
1597}
1598
1599
1600static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
1601{
1602
1603 ZEN_DES_KEY *tmp_des_key = NULL ;
1604 int to_return = 0 ;
1605
1606 tmp_des_key = (ZEN_DES_KEY *) ( ctx->cipher_data ) ;
1607 memcpy ( &( tmp_des_key->des_key [ 0 ] ), key, 8 ) ;
1608 memcpy ( &( tmp_des_key->des_key [ 8 ] ), key, 8 ) ;
1609 memcpy ( &( tmp_des_key->des_key [ 16 ] ), key, 8 ) ;
1610 memcpy ( &( tmp_des_key->des_iv [ 0 ] ), iv, 8 ) ;
1611
1612 to_return = 1 ;
1613
1614 return to_return ;
1615}
1616
1617
1618static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl )
1619{
1620
1621 zen_nb_t output, input ;
1622 zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
1623 int to_return = 0 ;
1624
1625 /* Convert parameters ... */
1626 input.len = inl ;
1627 input.data = (unsigned char *) in ;
1628 output.len = inl ;
1629 output.data = out ;
1630
1631 /* Set key parameters ... */
1632 deskey_1.len = 8 ;
1633 deskey_2.len = 8 ;
1634 deskey_3.len = 8 ;
1635 deskey_1.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key ;
1636 deskey_2.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 8 ] ;
1637 deskey_3.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 16 ] ;
1638
1639 /* Key correct iv ... */
1640 memcpy ( ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv, ctx->iv, 8 ) ;
1641 iv.len = 8 ;
1642 iv.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv ;
1643
1644 if ( ctx->encrypt == 0 ) {
1645 memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
1646 }
1647
1648 /* Test with zenbridge library ... */
1649 to_return = ptr_zencod_xdes_cipher ( &output, &input,
1650 (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
1651 to_return = !to_return ;
1652
1653 /* But we need to set up the rigth iv ...
1654 * Test ENCRYPT or DECRYPT mode to set iv ... */
1655 if ( ctx->encrypt == 1 ) {
1656 memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
1657 }
1658
1659 return to_return ;
1660}
1661
1662
1663static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
1664{
1665
1666 ZEN_3DES_KEY *tmp_3des_key = NULL ;
1667 int to_return = 0 ;
1668
1669 tmp_3des_key = (ZEN_3DES_KEY *) ( ctx->cipher_data ) ;
1670 memcpy ( &( tmp_3des_key->des3_key [ 0 ] ), key, 24 ) ;
1671 memcpy ( &( tmp_3des_key->des3_iv [ 0 ] ), iv, 8 ) ;
1672
1673 to_return = 1;
1674
1675 return to_return ;
1676}
1677
1678
1679static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
1680 unsigned int in_len )
1681{
1682
1683 zen_nb_t output, input ;
1684 zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
1685 int to_return = 0 ;
1686
1687 /* Convert parameters ... */
1688 input.len = in_len ;
1689 input.data = (unsigned char *) in ;
1690 output.len = in_len ;
1691 output.data = out ;
1692
1693 /* Set key ... */
1694 deskey_1.len = 8 ;
1695 deskey_2.len = 8 ;
1696 deskey_3.len = 8 ;
1697 deskey_1.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key ;
1698 deskey_2.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 8 ] ;
1699 deskey_3.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 16 ] ;
1700
1701 /* Key correct iv ... */
1702 memcpy ( ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv, ctx->iv, 8 ) ;
1703 iv.len = 8 ;
1704 iv.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv ;
1705
1706 if ( ctx->encrypt == 0 ) {
1707 memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
1708 }
1709
1710 /* Test with zenbridge library ... */
1711 to_return = ptr_zencod_xdes_cipher ( &output, &input,
1712 (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
1713 to_return = !to_return ;
1714
1715 if ( ctx->encrypt == 1 ) {
1716 memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
1717 }
1718
1719 return to_return ;
1720}
1721
1722
1723static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx )
1724{
1725
1726 /* Set the key pointer ... */
1727 if ( ctx->cipher->nid == NID_rc4 || ctx->cipher->nid == NID_rc4_40 ) {
1728 }
1729 else if ( ctx->cipher->nid == NID_des_cbc ) {
1730 }
1731 else if ( ctx->cipher->nid == NID_des_ede3_cbc ) {
1732 }
1733
1734 return 1 ;
1735}
1736
1737
1738#endif /* !OPENSSL_NO_HW_ZENCOD */
1739#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec
deleted file mode 100644
index 1552c79be6..0000000000
--- a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec
+++ /dev/null
@@ -1,8 +0,0 @@
1# configuration file for util/mkerr.pl
2#
3# use like this:
4#
5# perl ../../../util/mkerr.pl -conf hw_zencod.ec \
6# -nostatic -staticloader -write *.c
7
8L ZENCOD hw_zencod_err.h hw_zencod_err.c
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h
deleted file mode 100644
index 415c9a6be8..0000000000
--- a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h
+++ /dev/null
@@ -1,160 +0,0 @@
1/* File : /crypto/engine/vendor_defns/hw_zencod.h */
2/* ====================================================================
3 * Written by Donnat Frederic (frederic.donnat@zencod.com) from ZENCOD
4 * for "zencod" ENGINE integration in OpenSSL project.
5 */
6
7
8 #ifndef _HW_ZENCOD_H_
9#define _HW_ZENCOD_H_
10
11#include <stdio.h>
12
13#ifdef __cplusplus
14extern "C" {
15#endif /* __cplusplus */
16
17#define ZENBRIDGE_MAX_KEYSIZE_RSA 2048
18#define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024
19#define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024
20#define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024
21
22/* Library version computation */
23#define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff)
24#define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff)
25#define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff)
26#define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z))
27
28/*
29 * Memory type
30 */
31typedef struct zencod_number_s {
32 unsigned long len;
33 unsigned char *data;
34} zen_nb_t;
35
36#define KEY zen_nb_t
37
38
39/*
40 * Misc
41 */
42typedef int t_zencod_lib_version (void);
43typedef int t_zencod_hw_version (void);
44typedef int t_zencod_test (void);
45typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);
46
47
48/*
49 * Key management tools
50 */
51typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);
52typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);
53typedef unsigned long t_zencod_bytes2bits (unsigned char *n, unsigned long bytes);
54typedef unsigned long t_zencod_bits2bytes (unsigned long bits);
55
56
57/*
58 * RSA API
59 */
60/* Compute modular exponential : y = x**e | n */
61typedef int t_zencod_rsa_mod_exp (KEY *y, KEY *x, KEY *n, KEY *e);
62/* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp | p, y = y2 + (qinv * (y1 - y2) | p) * q */
63typedef int t_zencod_rsa_mod_exp_crt (KEY *y, KEY *x, KEY *p, KEY *q,
64 KEY *edp, KEY *edq, KEY *qinv);
65
66
67/*
68 * DSA API
69 */
70typedef int t_zencod_dsa_do_sign (unsigned int hash, KEY *data, KEY *random,
71 KEY *p, KEY *q, KEY *g, KEY *x, KEY *r, KEY *s);
72typedef int t_zencod_dsa_do_verify (unsigned int hash, KEY *data,
73 KEY *p, KEY *q, KEY *g, KEY *y,
74 KEY *r, KEY *s, KEY *v);
75
76
77/*
78 * DH API
79 */
80 /* Key generation : compute public value y = g**x | n */
81typedef int t_zencod_dh_generate_key (KEY *y, KEY *x, KEY *g, KEY *n, int gen_x);
82typedef int t_zencod_dh_compute_key (KEY *k, KEY *y, KEY *x, KEY *n);
83
84
85/*
86 * RNG API
87 */
88#define ZENBRIDGE_RNG_DIRECT 0
89#define ZENBRIDGE_RNG_SHA1 1
90typedef int t_zencod_rand_bytes (KEY *rand, unsigned int flags);
91
92
93/*
94 * Math API
95 */
96typedef int t_zencod_math_mod_exp (KEY *r, KEY *a, KEY *e, KEY *n);
97
98
99
100
101/*
102 * Symetric API
103 */
104/* Define a data structure for digests operations */
105typedef struct ZEN_data_st
106{
107 unsigned int HashBufferSize ;
108 unsigned char *HashBuffer ;
109} ZEN_MD_DATA ;
110
111/*
112 * Functions for Digest (MD5, SHA1) stuff
113 */
114/* output : output data buffer */
115/* input : input data buffer */
116/* algo : hash algorithm, MD5 or SHA1 */
117/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
118 * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
119 */
120/* For now separate this stuff that mad it easier to test */
121typedef int t_zencod_md5_init ( ZEN_MD_DATA *data ) ;
122typedef int t_zencod_md5_update ( ZEN_MD_DATA *data, const KEY *input ) ;
123typedef int t_zencod_md5_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
124
125typedef int t_zencod_sha1_init ( ZEN_MD_DATA *data ) ;
126typedef int t_zencod_sha1_update ( ZEN_MD_DATA *data, const KEY *input ) ;
127typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
128
129
130/*
131 * Functions for Cipher (RC4, DES, 3DES) stuff
132 */
133/* output : output data buffer */
134/* input : input data buffer */
135/* key : rc4 key data */
136/* index_1 : value of index x from RC4 key structure */
137/* index_2 : value of index y from RC4 key structure */
138/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
139typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
140 unsigned char *index_1, unsigned char *index_2, int mode ) ;
141
142/* output : output data buffer */
143/* input : input data buffer */
144/* key_1 : des first key data */
145/* key_2 : des second key data */
146/* key_3 : des third key data */
147/* iv : initial vector */
148/* mode : xdes mode (encrypt or decrypt) */
149/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
150typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
151 const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;
152
153
154#undef KEY
155
156#ifdef __cplusplus
157}
158#endif /* __cplusplus */
159
160#endif /* !_HW_ZENCOD_H_ */
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c
deleted file mode 100644
index 8ed0fffc9c..0000000000
--- a/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c
+++ /dev/null
@@ -1,151 +0,0 @@
1/* hw_zencod_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_zencod_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA ZENCOD_str_functs[]=
68 {
69{ERR_PACK(0,ZENCOD_F_ZENCOD_BN_MOD_EXP,0), "ZENCOD_BN_MOD_EXP"},
70{ERR_PACK(0,ZENCOD_F_ZENCOD_CTRL,0), "ZENCOD_CTRL"},
71{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_COMPUTE,0), "ZENCOD_DH_COMPUTE"},
72{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_GENERATE,0), "ZENCOD_DH_GENERATE"},
73{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_SIGN,0), "ZENCOD_DSA_DO_SIGN"},
74{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_VERIFY,0), "ZENCOD_DSA_DO_VERIFY"},
75{ERR_PACK(0,ZENCOD_F_ZENCOD_FINISH,0), "ZENCOD_FINISH"},
76{ERR_PACK(0,ZENCOD_F_ZENCOD_INIT,0), "ZENCOD_INIT"},
77{ERR_PACK(0,ZENCOD_F_ZENCOD_RAND,0), "ZENCOD_RAND"},
78{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP,0), "ZENCOD_RSA_MOD_EXP"},
79{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,0), "ZENCOD_RSA_MOD_EXP_CRT"},
80{0,NULL}
81 };
82
83static ERR_STRING_DATA ZENCOD_str_reasons[]=
84 {
85{ZENCOD_R_ALREADY_LOADED ,"already loaded"},
86{ZENCOD_R_BAD_KEY_COMPONENTS ,"bad key components"},
87{ZENCOD_R_BN_EXPAND_FAIL ,"bn expand fail"},
88{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
89{ZENCOD_R_DSO_FAILURE ,"dso failure"},
90{ZENCOD_R_NOT_LOADED ,"not loaded"},
91{ZENCOD_R_REQUEST_FAILED ,"request failed"},
92{ZENCOD_R_UNIT_FAILURE ,"unit failure"},
93{0,NULL}
94 };
95
96#endif
97
98#ifdef ZENCOD_LIB_NAME
99static ERR_STRING_DATA ZENCOD_lib_name[]=
100 {
101{0 ,ZENCOD_LIB_NAME},
102{0,NULL}
103 };
104#endif
105
106
107static int ZENCOD_lib_error_code=0;
108static int ZENCOD_error_init=1;
109
110static void ERR_load_ZENCOD_strings(void)
111 {
112 if (ZENCOD_lib_error_code == 0)
113 ZENCOD_lib_error_code=ERR_get_next_error_library();
114
115 if (ZENCOD_error_init)
116 {
117 ZENCOD_error_init=0;
118#ifndef OPENSSL_NO_ERR
119 ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
120 ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
121#endif
122
123#ifdef ZENCOD_LIB_NAME
124 ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code,0,0);
125 ERR_load_strings(0,ZENCOD_lib_name);
126#endif
127 }
128 }
129
130static void ERR_unload_ZENCOD_strings(void)
131 {
132 if (ZENCOD_error_init == 0)
133 {
134#ifndef OPENSSL_NO_ERR
135 ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
136 ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
137#endif
138
139#ifdef ZENCOD_LIB_NAME
140 ERR_unload_strings(0,ZENCOD_lib_name);
141#endif
142 ZENCOD_error_init=1;
143 }
144 }
145
146static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
147 {
148 if (ZENCOD_lib_error_code == 0)
149 ZENCOD_lib_error_code=ERR_get_next_error_library();
150 ERR_PUT_error(ZENCOD_lib_error_code,function,reason,file,line);
151 }
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h
deleted file mode 100644
index 60e923fd88..0000000000
--- a/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h
+++ /dev/null
@@ -1,99 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_ZENCOD_ERR_H
56#define HEADER_ZENCOD_ERR_H
57
58#ifdef __cplusplus
59extern "C" {
60#endif
61
62/* BEGIN ERROR CODES */
63/* The following lines are auto generated by the script mkerr.pl. Any changes
64 * made after this point may be overwritten when the script is next run.
65 */
66static void ERR_load_ZENCOD_strings(void);
67static void ERR_unload_ZENCOD_strings(void);
68static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
69#define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
70
71/* Error codes for the ZENCOD functions. */
72
73/* Function codes. */
74#define ZENCOD_F_ZENCOD_BN_MOD_EXP 100
75#define ZENCOD_F_ZENCOD_CTRL 101
76#define ZENCOD_F_ZENCOD_DH_COMPUTE 102
77#define ZENCOD_F_ZENCOD_DH_GENERATE 103
78#define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104
79#define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105
80#define ZENCOD_F_ZENCOD_FINISH 106
81#define ZENCOD_F_ZENCOD_INIT 107
82#define ZENCOD_F_ZENCOD_RAND 108
83#define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109
84#define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110
85
86/* Reason codes. */
87#define ZENCOD_R_ALREADY_LOADED 100
88#define ZENCOD_R_BAD_KEY_COMPONENTS 101
89#define ZENCOD_R_BN_EXPAND_FAIL 102
90#define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
91#define ZENCOD_R_DSO_FAILURE 104
92#define ZENCOD_R_NOT_LOADED 105
93#define ZENCOD_R_REQUEST_FAILED 106
94#define ZENCOD_R_UNIT_FAILURE 107
95
96#ifdef __cplusplus
97}
98#endif
99#endif
diff --git a/src/lib/libssl/src/demos/maurice/Makefile b/src/lib/libssl/src/demos/maurice/Makefile
deleted file mode 100644
index f9bf62276e..0000000000
--- a/src/lib/libssl/src/demos/maurice/Makefile
+++ /dev/null
@@ -1,59 +0,0 @@
1CC=cc
2CFLAGS= -g -I../../include -Wall
3LIBS= -L../.. -lcrypto
4EXAMPLES=example1 example2 example3 example4
5
6all: $(EXAMPLES)
7
8example1: example1.o loadkeys.o
9 $(CC) -o example1 example1.o loadkeys.o $(LIBS)
10
11example2: example2.o loadkeys.o
12 $(CC) -o example2 example2.o loadkeys.o $(LIBS)
13
14example3: example3.o
15 $(CC) -o example3 example3.o $(LIBS)
16
17example4: example4.o
18 $(CC) -o example4 example4.o $(LIBS)
19
20clean:
21 rm -f $(EXAMPLES) *.o
22
23test: all
24 @echo
25 @echo Example 1 Demonstrates the sealing and opening APIs
26 @echo Doing the encrypt side...
27 ./example1 <README >t.t
28 @echo Doing the decrypt side...
29 ./example1 -d <t.t >t.2
30 diff t.2 README
31 rm -f t.t t.2
32 @echo example1 is OK
33
34 @echo
35 @echo Example2 Demonstrates rsa encryption and decryption
36 @echo and it should just print \"This the clear text\"
37 ./example2
38
39 @echo
40 @echo Example3 Demonstrates the use of symmetric block ciphers
41 @echo in this case it uses EVP_des_ede3_cbc
42 @echo i.e. triple DES in Cipher Block Chaining mode
43 @echo Doing the encrypt side...
44 ./example3 ThisIsThePassword <README >t.t
45 @echo Doing the decrypt side...
46 ./example3 -d ThisIsThePassword <t.t >t.2
47 diff t.2 README
48 rm -f t.t t.2
49 @echo example3 is OK
50
51 @echo
52 @echo Example4 Demonstrates base64 encoding and decoding
53 @echo Doing the encrypt side...
54 ./example4 <README >t.t
55 @echo Doing the decrypt side...
56 ./example4 -d <t.t >t.2
57 diff t.2 README
58 rm -f t.t t.2
59 @echo example4 is OK
diff --git a/src/lib/libssl/src/demos/maurice/README b/src/lib/libssl/src/demos/maurice/README
deleted file mode 100644
index 29778d55cb..0000000000
--- a/src/lib/libssl/src/demos/maurice/README
+++ /dev/null
@@ -1,34 +0,0 @@
1From Maurice Gittens <mgittens@gits.nl>
2--
3 Example programs, demonstrating some basic SSLeay crypto library
4 operations, to help you not to make the same mistakes I did.
5
6 The following files are present.
7 - loadkeys.c Demonstrates the loading and of public and
8 private keys.
9 - loadkeys.h The interface for loadkeys.c
10 - example1.c Demonstrates the sealing and opening API's
11 - example2.c Demonstrates rsa encryption and decryption
12 - example3.c Demonstrates the use of symmetric block ciphers
13 - example4.c Demonstrates base64 and decoding
14 - Makefile A makefile you probably will have to adjust for
15 your environment
16 - README this file
17
18
19 The programs were written by Maurice Gittens <mgittens@gits.nl>
20 with the necesary help from Eric Young <eay@cryptsoft.com>
21
22 You may do as you please with these programs, but please don't
23 pretend that you wrote them.
24
25 To be complete: If you use these programs you acknowlegde that
26 you are aware that there is NO warranty of any kind associated
27 with these programs. I don't even claim that the programs work,
28 they are provided AS-IS.
29
30 January 1997
31
32 Maurice
33
34
diff --git a/src/lib/libssl/src/demos/maurice/cert.pem b/src/lib/libssl/src/demos/maurice/cert.pem
deleted file mode 100644
index e31a9ae05f..0000000000
--- a/src/lib/libssl/src/demos/maurice/cert.pem
+++ /dev/null
@@ -1,77 +0,0 @@
1issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/Email=mgittens@gits.nl
2subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/Email=mgittens@gits.nl
3serial :01
4
5Certificate:
6 Data:
7 Version: 0 (0x0)
8 Serial Number: 1 (0x1)
9 Signature Algorithm: md5withRSAEncryption
10 Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/Email=mgittens@gits.nl
11 Validity
12 Not Before: Jan 5 13:21:16 1997 GMT
13 Not After : Jul 24 13:21:16 1997 GMT
14 Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/Email=mgittens@gits.nl
15 Subject Public Key Info:
16 Public Key Algorithm: rsaEncryption
17 Modulus:
18 00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b:
19 82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0:
20 71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3:
21 f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d:
22 62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52:
23 78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd:
24 81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd:
25 1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50:
26 b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26:
27 64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4:
28 d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c:
29 2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9:
30 e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44:
31 e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41:
32 8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16:
33 d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c:
34 d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9:
35 20:f9
36 Exponent: 65537 (0x10001)
37 Signature Algorithm: md5withRSAEncryption
38 93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce:
39 4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f:
40 9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3:
41 87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb:
42 a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d:
43 0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42:
44 b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8:
45 c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2:
46 fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67:
47 4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b:
48 72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa:
49 c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68:
50 60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c:
51 a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be:
52 28:ba:d8:4f
53
54-----BEGIN CERTIFICATE-----
55MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD
56VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl
57bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0
58aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB
59FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx
60NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH
61aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm
62aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG
63SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP
64ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6
65RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB
66ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm
67ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S
68/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB
69R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC
70AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j
71eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2
725dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25
73uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do
74fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M
75A6fxn/gOjbvGundh946+KLrYTw==
76-----END CERTIFICATE-----
77
diff --git a/src/lib/libssl/src/demos/maurice/example1.c b/src/lib/libssl/src/demos/maurice/example1.c
deleted file mode 100644
index 1ef8299900..0000000000
--- a/src/lib/libssl/src/demos/maurice/example1.c
+++ /dev/null
@@ -1,198 +0,0 @@
1/* NOCW */
2/*
3 Please read the README file for condition of use, before
4 using this software.
5
6 Maurice Gittens <mgittens@gits.nl> January 1997
7*/
8
9#include <unistd.h>
10#include <stdio.h>
11#include <netinet/in.h>
12#include <fcntl.h>
13#include <strings.h>
14#include <stdlib.h>
15
16#include <openssl/rsa.h>
17#include <openssl/evp.h>
18#include <openssl/objects.h>
19#include <openssl/x509.h>
20#include <openssl/err.h>
21#include <openssl/pem.h>
22#include <openssl/ssl.h>
23
24#include "loadkeys.h"
25
26#define PUBFILE "cert.pem"
27#define PRIVFILE "privkey.pem"
28
29#define STDIN 0
30#define STDOUT 1
31
32void main_encrypt(void);
33void main_decrypt(void);
34
35static const char *usage = "Usage: example1 [-d]\n";
36
37int main(int argc, char *argv[])
38{
39
40 ERR_load_crypto_strings();
41
42 if ((argc == 1))
43 {
44 main_encrypt();
45 }
46 else if ((argc == 2) && !strcmp(argv[1],"-d"))
47 {
48 main_decrypt();
49 }
50 else
51 {
52 printf("%s",usage);
53 exit(1);
54 }
55
56 return 0;
57}
58
59void main_encrypt(void)
60{
61 unsigned int ebuflen;
62 EVP_CIPHER_CTX ectx;
63 unsigned char iv[EVP_MAX_IV_LENGTH];
64 unsigned char *ekey[1];
65 int readlen;
66 int ekeylen, net_ekeylen;
67 EVP_PKEY *pubKey[1];
68 char buf[512];
69 char ebuf[512];
70
71 memset(iv, '\0', sizeof(iv));
72
73 pubKey[0] = ReadPublicKey(PUBFILE);
74
75 if(!pubKey[0])
76 {
77 fprintf(stderr,"Error: can't load public key");
78 exit(1);
79 }
80
81 ekey[0] = malloc(EVP_PKEY_size(pubKey[0]));
82 if (!ekey[0])
83 {
84 EVP_PKEY_free(pubKey[0]);
85 perror("malloc");
86 exit(1);
87 }
88
89 EVP_SealInit(&ectx,
90 EVP_des_ede3_cbc(),
91 ekey,
92 &ekeylen,
93 iv,
94 pubKey,
95 1);
96
97 net_ekeylen = htonl(ekeylen);
98 write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen));
99 write(STDOUT, ekey[0], ekeylen);
100 write(STDOUT, iv, sizeof(iv));
101
102 while(1)
103 {
104 readlen = read(STDIN, buf, sizeof(buf));
105
106 if (readlen <= 0)
107 {
108 if (readlen < 0)
109 perror("read");
110
111 break;
112 }
113
114 EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
115
116 write(STDOUT, ebuf, ebuflen);
117 }
118
119 EVP_SealFinal(&ectx, ebuf, &ebuflen);
120
121 write(STDOUT, ebuf, ebuflen);
122
123 EVP_PKEY_free(pubKey[0]);
124 free(ekey[0]);
125}
126
127void main_decrypt(void)
128{
129 char buf[520];
130 char ebuf[512];
131 unsigned int buflen;
132 EVP_CIPHER_CTX ectx;
133 unsigned char iv[EVP_MAX_IV_LENGTH];
134 unsigned char *encryptKey;
135 unsigned int ekeylen;
136 EVP_PKEY *privateKey;
137
138 memset(iv, '\0', sizeof(iv));
139
140 privateKey = ReadPrivateKey(PRIVFILE);
141 if (!privateKey)
142 {
143 fprintf(stderr, "Error: can't load private key");
144 exit(1);
145 }
146
147 read(STDIN, &ekeylen, sizeof(ekeylen));
148 ekeylen = ntohl(ekeylen);
149
150 if (ekeylen != EVP_PKEY_size(privateKey))
151 {
152 EVP_PKEY_free(privateKey);
153 fprintf(stderr, "keylength mismatch");
154 exit(1);
155 }
156
157 encryptKey = malloc(sizeof(char) * ekeylen);
158 if (!encryptKey)
159 {
160 EVP_PKEY_free(privateKey);
161 perror("malloc");
162 exit(1);
163 }
164
165 read(STDIN, encryptKey, ekeylen);
166 read(STDIN, iv, sizeof(iv));
167 EVP_OpenInit(&ectx,
168 EVP_des_ede3_cbc(),
169 encryptKey,
170 ekeylen,
171 iv,
172 privateKey);
173
174 while(1)
175 {
176 int readlen = read(STDIN, ebuf, sizeof(ebuf));
177
178 if (readlen <= 0)
179 {
180 if (readlen < 0)
181 perror("read");
182
183 break;
184 }
185
186 EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
187 write(STDOUT, buf, buflen);
188 }
189
190 EVP_OpenFinal(&ectx, buf, &buflen);
191
192 write(STDOUT, buf, buflen);
193
194 EVP_PKEY_free(privateKey);
195 free(encryptKey);
196}
197
198
diff --git a/src/lib/libssl/src/demos/maurice/example2.c b/src/lib/libssl/src/demos/maurice/example2.c
deleted file mode 100644
index 57bce10b5e..0000000000
--- a/src/lib/libssl/src/demos/maurice/example2.c
+++ /dev/null
@@ -1,75 +0,0 @@
1/* NOCW */
2/*
3 Please read the README file for condition of use, before
4 using this software.
5
6 Maurice Gittens <mgittens@gits.nl> January 1997
7*/
8
9#include <stdlib.h>
10#include <stdio.h>
11#include <strings.h>
12
13#include <openssl/rsa.h>
14#include <openssl/evp.h>
15#include <openssl/objects.h>
16#include <openssl/x509.h>
17#include <openssl/err.h>
18#include <openssl/pem.h>
19#include <openssl/ssl.h>
20
21#include "loadkeys.h"
22
23#define PUBFILE "cert.pem"
24#define PRIVFILE "privkey.pem"
25#define STDIN 0
26#define STDOUT 1
27
28int main()
29{
30 char *ct = "This the clear text";
31 char *buf;
32 char *buf2;
33 EVP_PKEY *pubKey;
34 EVP_PKEY *privKey;
35 int len;
36
37 ERR_load_crypto_strings();
38
39 privKey = ReadPrivateKey(PRIVFILE);
40 if (!privKey)
41 {
42 ERR_print_errors_fp (stderr);
43 exit (1);
44 }
45
46 pubKey = ReadPublicKey(PUBFILE);
47 if(!pubKey)
48 {
49 EVP_PKEY_free(privKey);
50 fprintf(stderr,"Error: can't load public key");
51 exit(1);
52 }
53
54 /* No error checking */
55 buf = malloc(EVP_PKEY_size(pubKey));
56 buf2 = malloc(EVP_PKEY_size(pubKey));
57
58 len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING);
59
60 if (len != EVP_PKEY_size(pubKey))
61 {
62 fprintf(stderr,"Error: ciphertext should match length of key\n");
63 exit(1);
64 }
65
66 RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING);
67
68 printf("%s\n", buf2);
69
70 EVP_PKEY_free(privKey);
71 EVP_PKEY_free(pubKey);
72 free(buf);
73 free(buf2);
74 return 0;
75}
diff --git a/src/lib/libssl/src/demos/maurice/example3.c b/src/lib/libssl/src/demos/maurice/example3.c
deleted file mode 100644
index 03d8a20f62..0000000000
--- a/src/lib/libssl/src/demos/maurice/example3.c
+++ /dev/null
@@ -1,87 +0,0 @@
1/* NOCW */
2/*
3 Please read the README file for condition of use, before
4 using this software.
5
6 Maurice Gittens <mgittens@gits.nl> January 1997
7
8*/
9
10#include <stdio.h>
11#include <unistd.h>
12#include <fcntl.h>
13#include <sys/stat.h>
14#include <openssl/evp.h>
15
16#define STDIN 0
17#define STDOUT 1
18#define BUFLEN 512
19#define INIT_VECTOR "12345678"
20#define ENCRYPT 1
21#define DECRYPT 0
22#define ALG EVP_des_ede3_cbc()
23
24static const char *usage = "Usage: example3 [-d] password\n";
25
26void do_cipher(char *,int);
27
28int main(int argc, char *argv[])
29{
30 if ((argc == 2))
31 {
32 do_cipher(argv[1],ENCRYPT);
33 }
34 else if ((argc == 3) && !strcmp(argv[1],"-d"))
35 {
36 do_cipher(argv[2],DECRYPT);
37 }
38 else
39 {
40 fprintf(stderr,"%s", usage);
41 exit(1);
42 }
43
44 return 0;
45}
46
47void do_cipher(char *pw, int operation)
48{
49 char buf[BUFLEN];
50 char ebuf[BUFLEN + 8];
51 unsigned int ebuflen; /* rc; */
52 unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
53 /* unsigned int ekeylen, net_ekeylen; */
54 EVP_CIPHER_CTX ectx;
55
56 memcpy(iv, INIT_VECTOR, sizeof(iv));
57
58 EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
59
60 EVP_CIPHER_CTX_init(&ectx);
61 EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation);
62
63 while(1)
64 {
65 int readlen = read(STDIN, buf, sizeof(buf));
66
67 if (readlen <= 0)
68 {
69 if (!readlen)
70 break;
71 else
72 {
73 perror("read");
74 exit(1);
75 }
76 }
77
78 EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
79
80 write(STDOUT, ebuf, ebuflen);
81 }
82
83 EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen);
84 EVP_CIPHER_CTX_cleanup(&ectx);
85
86 write(STDOUT, ebuf, ebuflen);
87}
diff --git a/src/lib/libssl/src/demos/maurice/example4.c b/src/lib/libssl/src/demos/maurice/example4.c
deleted file mode 100644
index ce629848b7..0000000000
--- a/src/lib/libssl/src/demos/maurice/example4.c
+++ /dev/null
@@ -1,123 +0,0 @@
1/* NOCW */
2/*
3 Please read the README file for condition of use, before
4 using this software.
5
6 Maurice Gittens <mgittens@gits.nl> January 1997
7
8*/
9
10#include <stdio.h>
11#include <unistd.h>
12#include <fcntl.h>
13#include <sys/stat.h>
14#include <openssl/evp.h>
15
16#define STDIN 0
17#define STDOUT 1
18#define BUFLEN 512
19
20static const char *usage = "Usage: example4 [-d]\n";
21
22void do_encode(void);
23void do_decode(void);
24
25int main(int argc, char *argv[])
26{
27 if ((argc == 1))
28 {
29 do_encode();
30 }
31 else if ((argc == 2) && !strcmp(argv[1],"-d"))
32 {
33 do_decode();
34 }
35 else
36 {
37 fprintf(stderr,"%s", usage);
38 exit(1);
39 }
40
41 return 0;
42}
43
44void do_encode()
45{
46 char buf[BUFLEN];
47 char ebuf[BUFLEN+24];
48 unsigned int ebuflen;
49 EVP_ENCODE_CTX ectx;
50
51 EVP_EncodeInit(&ectx);
52
53 while(1)
54 {
55 int readlen = read(STDIN, buf, sizeof(buf));
56
57 if (readlen <= 0)
58 {
59 if (!readlen)
60 break;
61 else
62 {
63 perror("read");
64 exit(1);
65 }
66 }
67
68 EVP_EncodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
69
70 write(STDOUT, ebuf, ebuflen);
71 }
72
73 EVP_EncodeFinal(&ectx, ebuf, &ebuflen);
74
75 write(STDOUT, ebuf, ebuflen);
76}
77
78void do_decode()
79{
80 char buf[BUFLEN];
81 char ebuf[BUFLEN+24];
82 unsigned int ebuflen;
83 EVP_ENCODE_CTX ectx;
84
85 EVP_DecodeInit(&ectx);
86
87 while(1)
88 {
89 int readlen = read(STDIN, buf, sizeof(buf));
90 int rc;
91
92 if (readlen <= 0)
93 {
94 if (!readlen)
95 break;
96 else
97 {
98 perror("read");
99 exit(1);
100 }
101 }
102
103 rc = EVP_DecodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
104 if (rc <= 0)
105 {
106 if (!rc)
107 {
108 write(STDOUT, ebuf, ebuflen);
109 break;
110 }
111
112 fprintf(stderr, "Error: decoding message\n");
113 return;
114 }
115
116 write(STDOUT, ebuf, ebuflen);
117 }
118
119 EVP_DecodeFinal(&ectx, ebuf, &ebuflen);
120
121 write(STDOUT, ebuf, ebuflen);
122}
123
diff --git a/src/lib/libssl/src/demos/maurice/loadkeys.c b/src/lib/libssl/src/demos/maurice/loadkeys.c
deleted file mode 100644
index 82fd22a950..0000000000
--- a/src/lib/libssl/src/demos/maurice/loadkeys.c
+++ /dev/null
@@ -1,72 +0,0 @@
1/* NOCW */
2/*
3 Please read the README file for condition of use, before
4 using this software.
5
6 Maurice Gittens <mgittens@gits.nl> January 1997
7
8*/
9
10#include <unistd.h>
11#include <stdio.h>
12#include <netinet/in.h>
13#include <fcntl.h>
14#include <strings.h>
15#include <stdlib.h>
16
17#include <openssl/rsa.h>
18#include <openssl/evp.h>
19#include <openssl/objects.h>
20#include <openssl/x509.h>
21#include <openssl/err.h>
22#include <openssl/pem.h>
23#include <openssl/ssl.h>
24
25EVP_PKEY * ReadPublicKey(const char *certfile)
26{
27 FILE *fp = fopen (certfile, "r");
28 X509 *x509;
29 EVP_PKEY *pkey;
30
31 if (!fp)
32 return NULL;
33
34 x509 = PEM_read_X509(fp, NULL, 0, NULL);
35
36 if (x509 == NULL)
37 {
38 ERR_print_errors_fp (stderr);
39 return NULL;
40 }
41
42 fclose (fp);
43
44 pkey=X509_extract_key(x509);
45
46 X509_free(x509);
47
48 if (pkey == NULL)
49 ERR_print_errors_fp (stderr);
50
51 return pkey;
52}
53
54EVP_PKEY *ReadPrivateKey(const char *keyfile)
55{
56 FILE *fp = fopen(keyfile, "r");
57 EVP_PKEY *pkey;
58
59 if (!fp)
60 return NULL;
61
62 pkey = PEM_read_PrivateKey(fp, NULL, 0, NULL);
63
64 fclose (fp);
65
66 if (pkey == NULL)
67 ERR_print_errors_fp (stderr);
68
69 return pkey;
70}
71
72
diff --git a/src/lib/libssl/src/demos/maurice/loadkeys.h b/src/lib/libssl/src/demos/maurice/loadkeys.h
deleted file mode 100644
index d8fde86eb7..0000000000
--- a/src/lib/libssl/src/demos/maurice/loadkeys.h
+++ /dev/null
@@ -1,19 +0,0 @@
1/* NOCW */
2/*
3 Please read the README file for condition of use, before
4 using this software.
5
6 Maurice Gittens <mgittens@gits.nl> January 1997
7
8*/
9
10#ifndef LOADKEYS_H_SEEN
11#define LOADKEYS_H_SEEN
12
13#include <openssl/evp.h>
14
15EVP_PKEY * ReadPublicKey(const char *certfile);
16EVP_PKEY *ReadPrivateKey(const char *keyfile);
17
18#endif
19
diff --git a/src/lib/libssl/src/demos/maurice/privkey.pem b/src/lib/libssl/src/demos/maurice/privkey.pem
deleted file mode 100644
index fc3554e930..0000000000
--- a/src/lib/libssl/src/demos/maurice/privkey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIEpAIBAAKCAQEA3YKg/qmNagJ+eNYzdZuCAUsSgOprm4Oe467c89BxfEvqA1e0
3zLpEW7hLSdP2Ocw9Eh/aWCYnvLyrpG1i0ZFaR5+AQMG5+uMe71J4RiZDZR3ya7//
4wIFmFM2BMpHx+FF9DhcfJ/zHUf0cc0HlZkM8Z6MJuV42UFCx6EK9XMYr7Kks/mr+
5QCZknrm/LR370EhbgiqOq6TVe18mhIqaaV7BceKpWUwqdvf99M8/084wcmJlHOnp
67tL8RAAe4IBX6UGz8ETlD3c7Gh9XXpQdw6X6r0GMTDBrKwCEUgxkDKhbFxbRHvjq
7cgFHmrkhlflx7XzSk1QMxZzo5UAoxaDKsakg+QIDAQABAoIBAQC0hnh083PnuJ6g
8Flob+B+stCUhYWtPc6ZzgphaMD+9ABV4oescipWZdooNYiyikBwZgFIvUvFBtTXh
9rLBDgUVlZ81beUb7/EvC2aBh818rsotWW0Sw/ARY4d7wetcL/EWBzUA8E5vR6wlb
10uZGelR9OiyYqp2h2bj1/v5yaVnuHxBeBj5clTHtPMXc+/70iUNBDMZ0ruZTdSwll
11e0DH8pp/5USYewlrKtRIJT7elC8LFMqEz4OpNvfaR2OEY0FatYYmSvQPNwV8/Eor
12XlNzRi9qD0uXbVexaAgQZ3/KZuAzUbOgwJZZXEAOGkZ/J1n08jljPXdU0o7bHhNl
137siHbuEBAoGBAP53IvvJkhnH8Akf6E6sXelZkPKHnwDwfywDAiIhXza9DB1DViRS
14bZUB5gzcxmLGalex5+LcwZmsqFO5NXZ8SQeE9p0YT8yJsX4J1w9JzSvsWJBS2vyW
15Kbt21oG6JAGrWSGMIfxKpuahtWLf4JpGjftti0qIVQ60GKEPc1/xE2PZAoGBAN7Y
16nRPaUaqcIwbnH9kovOKwZ/PWREy1ecr3YXj65VYTnwSJHD0+CJa/DX8eB/G4AoNA
17Y2LPbq0Xu3+7SaUsO45VkaZuJmNwheUQ4tmyd/YdnVZ0AHXx1tvpR7QeO0WjnlNK
18mR+x00fetrff2Ypahs0wtU0Xf3F8ORgVB8jnxBIhAoGAcwf0PpI+g30Im3dbEsWE
19poogpiJ81HXjZ0fs3PTtD9eh9FCOTlkcxHFZR5M980TyqbX4t2tH8WpFpaNh8a/5
20a3bF7PoiiLnuDKXyHC0mnKZ42rU53VkcgGwWSAqXYFHPNwUcD+rHTBbp4kqGQ/eF
21E5XPk9/RY5YyVAyiAUr/kvECgYBvW1Ua75SxqbZDI8mhbZ79tGMt0NtubZz/1KCL
22oOxrGAD1dkJ7Q/1svunSpMIZgvcWeV1wqfFHY72ZNZC2jiTwmkffH9nlBPyTm92Q
23JYOWo/PUmMEGLyRL3gWrtxOtV/as7nEYCndmyZ8KwTxmy5fi/z0J2f0gS5AIPbIX
24LeGnoQKBgQDapjz9K4HWR5AMxyga4eiLIrmADySP846uz3eZIvTJQZ+6TAamvnno
25KbnU21cGq5HBBtxqQvGswLPGW9rZAgykHHJmYBUp0xv4+I4qHfXyD7QNmvq+Vxjj
26V2tgIafEpaf2ZsfM7BZeZz8MzeGcDwyrHtIO1FQiYN5Qz9Hq68XmVA==
27-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/pkcs12/README b/src/lib/libssl/src/demos/pkcs12/README
deleted file mode 100644
index c87434b04f..0000000000
--- a/src/lib/libssl/src/demos/pkcs12/README
+++ /dev/null
@@ -1,3 +0,0 @@
1PKCS#12 demo applications
2
3Written by Steve Henson.
diff --git a/src/lib/libssl/src/demos/pkcs12/pkread.c b/src/lib/libssl/src/demos/pkcs12/pkread.c
deleted file mode 100644
index fa8f509237..0000000000
--- a/src/lib/libssl/src/demos/pkcs12/pkread.c
+++ /dev/null
@@ -1,61 +0,0 @@
1/* pkread.c */
2
3#include <stdio.h>
4#include <stdlib.h>
5#include <openssl/pem.h>
6#include <openssl/err.h>
7#include <openssl/pkcs12.h>
8
9/* Simple PKCS#12 file reader */
10
11int main(int argc, char **argv)
12{
13 FILE *fp;
14 EVP_PKEY *pkey;
15 X509 *cert;
16 STACK_OF(X509) *ca = NULL;
17 PKCS12 *p12;
18 int i;
19 if (argc != 4) {
20 fprintf(stderr, "Usage: pkread p12file password opfile\n");
21 exit (1);
22 }
23 OpenSSL_add_all_algorithms();
24 ERR_load_crypto_strings();
25 if (!(fp = fopen(argv[1], "rb"))) {
26 fprintf(stderr, "Error opening file %s\n", argv[1]);
27 exit(1);
28 }
29 p12 = d2i_PKCS12_fp(fp, NULL);
30 fclose (fp);
31 if (!p12) {
32 fprintf(stderr, "Error reading PKCS#12 file\n");
33 ERR_print_errors_fp(stderr);
34 exit (1);
35 }
36 if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
37 fprintf(stderr, "Error parsing PKCS#12 file\n");
38 ERR_print_errors_fp(stderr);
39 exit (1);
40 }
41 PKCS12_free(p12);
42 if (!(fp = fopen(argv[3], "w"))) {
43 fprintf(stderr, "Error opening file %s\n", argv[1]);
44 exit(1);
45 }
46 if (pkey) {
47 fprintf(fp, "***Private Key***\n");
48 PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
49 }
50 if (cert) {
51 fprintf(fp, "***User Certificate***\n");
52 PEM_write_X509_AUX(fp, cert);
53 }
54 if (ca && sk_X509_num(ca)) {
55 fprintf(fp, "***Other Certificates***\n");
56 for (i = 0; i < sk_X509_num(ca); i++)
57 PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
58 }
59 fclose(fp);
60 return 0;
61}
diff --git a/src/lib/libssl/src/demos/pkcs12/pkwrite.c b/src/lib/libssl/src/demos/pkcs12/pkwrite.c
deleted file mode 100644
index 15f839d1eb..0000000000
--- a/src/lib/libssl/src/demos/pkcs12/pkwrite.c
+++ /dev/null
@@ -1,46 +0,0 @@
1/* pkwrite.c */
2
3#include <stdio.h>
4#include <stdlib.h>
5#include <openssl/pem.h>
6#include <openssl/err.h>
7#include <openssl/pkcs12.h>
8
9/* Simple PKCS#12 file creator */
10
11int main(int argc, char **argv)
12{
13 FILE *fp;
14 EVP_PKEY *pkey;
15 X509 *cert;
16 PKCS12 *p12;
17 if (argc != 5) {
18 fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
19 exit(1);
20 }
21 SSLeay_add_all_algorithms();
22 ERR_load_crypto_strings();
23 if (!(fp = fopen(argv[1], "r"))) {
24 fprintf(stderr, "Error opening file %s\n", argv[1]);
25 exit(1);
26 }
27 cert = PEM_read_X509(fp, NULL, NULL, NULL);
28 rewind(fp);
29 pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
30 fclose(fp);
31 p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0,0,0,0,0);
32 if(!p12) {
33 fprintf(stderr, "Error creating PKCS#12 structure\n");
34 ERR_print_errors_fp(stderr);
35 exit(1);
36 }
37 if (!(fp = fopen(argv[4], "wb"))) {
38 fprintf(stderr, "Error opening file %s\n", argv[1]);
39 ERR_print_errors_fp(stderr);
40 exit(1);
41 }
42 i2d_PKCS12_fp(fp, p12);
43 PKCS12_free(p12);
44 fclose(fp);
45 return 0;
46}
diff --git a/src/lib/libssl/src/demos/prime/Makefile b/src/lib/libssl/src/demos/prime/Makefile
deleted file mode 100644
index 0166cd46fe..0000000000
--- a/src/lib/libssl/src/demos/prime/Makefile
+++ /dev/null
@@ -1,20 +0,0 @@
1CC=cc
2CFLAGS= -g -I../../include -Wall
3LIBS= -L../.. -lcrypto
4EXAMPLES=prime
5
6all: $(EXAMPLES)
7
8prime: prime.o
9 $(CC) -o prime prime.o $(LIBS)
10
11clean:
12 rm -f $(EXAMPLES) *.o
13
14test: all
15 @echo Test creating a 128-bit prime
16 ./prime 128
17 @echo Test creating a 256-bit prime
18 ./prime 256
19 @echo Test creating a 512-bit prime
20 ./prime 512
diff --git a/src/lib/libssl/src/demos/prime/prime.c b/src/lib/libssl/src/demos/prime/prime.c
deleted file mode 100644
index 103e0efc0c..0000000000
--- a/src/lib/libssl/src/demos/prime/prime.c
+++ /dev/null
@@ -1,101 +0,0 @@
1/* demos/prime/prime.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/bn.h>
62
63void callback(type,num)
64int type,num;
65 {
66 if (type == 0)
67 fprintf(stderr,".");
68 else if (type == 1)
69 fprintf(stderr,"+");
70 else if (type == 2)
71 fprintf(stderr,"*");
72 fflush(stderr);
73 }
74
75int main(argc,argv)
76int argc;
77char *argv[];
78 {
79 BIGNUM *rand;
80 int num=256;
81
82 /* we should really call RAND_seed(char *bytes,int num);
83 * to fully initalise the random number generator */
84 if (argc >= 2)
85 {
86 num=atoi(argv[1]);
87 if (num == 0) num=256;
88 }
89
90 fprintf(stderr,"generate a strong prime\n");
91 rand=BN_generate_prime(NULL,num,1,NULL,NULL,callback,NULL);
92 /* change the third parameter to 1 for a strong prime */
93 fprintf(stderr,"\n");
94
95 BN_print_fp(stdout,rand);
96 fprintf(stdout,"\n");
97 BN_free(rand);
98 exit(0);
99 return(0);
100 }
101
diff --git a/src/lib/libssl/src/demos/privkey.pem b/src/lib/libssl/src/demos/privkey.pem
deleted file mode 100644
index ddae24075d..0000000000
--- a/src/lib/libssl/src/demos/privkey.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIBPAIBAAJBAN+FmbxmHVOp/RxtpMGz0DvQEBz1sDktHp19hIoMSu0YZift5MAu
34xAEJYvWVCshDiyOTWsUBXwZkrkt87FyctkCAwEAAQJAG/vxBGpQb6IPo1iC0RF/
4F430BnwoBPCGLbeCOXpSgx5X+19vuTSdEqMgeNB6+aNb+XY/7mvVfCjyD6WZ0oxs
5JQIhAPO+uL9cP40lFs62pdL3QSWsh3VNDByvOtr9LpeaxBm/AiEA6sKVfXsDQ5hd
6SHt9U61r2r8Lcxmzi9Kw6JNqjMmzqWcCIQCKoRy+aZ8Tjdas9yDVHh+FZ90bEBkl
7b1xQFNOdEj8aTQIhAOJWrO6INYNsWTPS6+hLYZtLamyUsQj0H+B8kNQge/mtAiEA
8nBfvUl243qbqN8gF7Az1u33uc9FsPVvQPiBzLxZ4ixw=
9-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/selfsign.c b/src/lib/libssl/src/demos/selfsign.c
deleted file mode 100644
index f306d8d8a4..0000000000
--- a/src/lib/libssl/src/demos/selfsign.c
+++ /dev/null
@@ -1,172 +0,0 @@
1/* NOCW */
2/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */
3
4#include <stdio.h>
5#include <stdlib.h>
6
7#include <openssl/pem.h>
8#include <openssl/conf.h>
9#include <openssl/x509v3.h>
10
11int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
12
13int main()
14 {
15 BIO *bio_err;
16 X509 *x509=NULL;
17 EVP_PKEY *pkey=NULL;
18
19 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
20
21 bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
22
23 mkit(&x509,&pkey,512,0,365);
24
25 RSA_print_fp(stdout,pkey->pkey.rsa,0);
26 X509_print_fp(stdout,x509);
27
28 PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
29 PEM_write_X509(stdout,x509);
30
31 X509_free(x509);
32 EVP_PKEY_free(pkey);
33
34#ifdef CUSTOM_EXT
35 /* Only needed if we add objects or custom extensions */
36 X509V3_EXT_cleanup();
37 OBJ_cleanup();
38#endif
39
40 CRYPTO_mem_leaks(bio_err);
41 BIO_free(bio_err);
42 return(0);
43 }
44
45static void callback(p, n, arg)
46int p;
47int n;
48void *arg;
49 {
50 char c='B';
51
52 if (p == 0) c='.';
53 if (p == 1) c='+';
54 if (p == 2) c='*';
55 if (p == 3) c='\n';
56 fputc(c,stderr);
57 }
58
59int mkit(x509p,pkeyp,bits,serial,days)
60X509 **x509p;
61EVP_PKEY **pkeyp;
62int bits;
63int serial;
64int days;
65 {
66 X509 *x;
67 EVP_PKEY *pk;
68 RSA *rsa;
69 X509_NAME *name=NULL;
70 X509_NAME_ENTRY *ne=NULL;
71 X509_EXTENSION *ex=NULL;
72
73
74 if ((pkeyp == NULL) || (*pkeyp == NULL))
75 {
76 if ((pk=EVP_PKEY_new()) == NULL)
77 {
78 abort();
79 return(0);
80 }
81 }
82 else
83 pk= *pkeyp;
84
85 if ((x509p == NULL) || (*x509p == NULL))
86 {
87 if ((x=X509_new()) == NULL)
88 goto err;
89 }
90 else
91 x= *x509p;
92
93 rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
94 if (!EVP_PKEY_assign_RSA(pk,rsa))
95 {
96 abort();
97 goto err;
98 }
99 rsa=NULL;
100
101 X509_set_version(x,3);
102 ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
103 X509_gmtime_adj(X509_get_notBefore(x),0);
104 X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
105 X509_set_pubkey(x,pk);
106
107 name=X509_get_subject_name(x);
108
109 /* This function creates and adds the entry, working out the
110 * correct string type and performing checks on its length.
111 * Normally we'd check the return value for errors...
112 */
113 X509_NAME_add_entry_by_txt(name,"C",
114 MBSTRING_ASC, "UK", -1, -1, 0);
115 X509_NAME_add_entry_by_txt(name,"CN",
116 MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
117
118 X509_set_issuer_name(x,name);
119
120 /* Add extension using V3 code: we can set the config file as NULL
121 * because we wont reference any other sections. We can also set
122 * the context to NULL because none of these extensions below will need
123 * to access it.
124 */
125
126 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
127 X509_add_ext(x,ex,-1);
128 X509_EXTENSION_free(ex);
129
130 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
131 "example comment extension");
132 X509_add_ext(x,ex,-1);
133 X509_EXTENSION_free(ex);
134
135 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
136 "www.openssl.org");
137
138 X509_add_ext(x,ex,-1);
139 X509_EXTENSION_free(ex);
140
141#if 0
142 /* might want something like this too.... */
143 ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
144 "critical,CA:TRUE");
145
146
147 X509_add_ext(x,ex,-1);
148 X509_EXTENSION_free(ex);
149#endif
150
151#ifdef CUSTOM_EXT
152 /* Maybe even add our own extension based on existing */
153 {
154 int nid;
155 nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
156 X509V3_EXT_add_alias(nid, NID_netscape_comment);
157 ex = X509V3_EXT_conf_nid(NULL, NULL, nid,
158 "example comment alias");
159 X509_add_ext(x,ex,-1);
160 X509_EXTENSION_free(ex);
161 }
162#endif
163
164 if (!X509_sign(x,pk,EVP_md5()))
165 goto err;
166
167 *x509p=x;
168 *pkeyp=pk;
169 return(1);
170err:
171 return(0);
172 }
diff --git a/src/lib/libssl/src/demos/sign/Makefile b/src/lib/libssl/src/demos/sign/Makefile
deleted file mode 100644
index e6d391e4ad..0000000000
--- a/src/lib/libssl/src/demos/sign/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
1CC=cc
2CFLAGS= -g -I../../include -Wall
3LIBS= -L../.. -lcrypto
4EXAMPLES=sign
5
6all: $(EXAMPLES)
7
8sign: sign.o
9 $(CC) -o sign sign.o $(LIBS)
10
11clean:
12 rm -f $(EXAMPLES) *.o
13
14test: all
15 ./sign
diff --git a/src/lib/libssl/src/demos/sign/cert.pem b/src/lib/libssl/src/demos/sign/cert.pem
deleted file mode 100644
index 9d7ac238d8..0000000000
--- a/src/lib/libssl/src/demos/sign/cert.pem
+++ /dev/null
@@ -1,14 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
3VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
4bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
5dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
6DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
7EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
8dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
9EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
10MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
11L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
12BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
139EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
14-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/demos/sign/key.pem b/src/lib/libssl/src/demos/sign/key.pem
deleted file mode 100644
index 239ad66f99..0000000000
--- a/src/lib/libssl/src/demos/sign/key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
32RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
4oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
58IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
6a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
7WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
86/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
9-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/sign/sig.txt b/src/lib/libssl/src/demos/sign/sig.txt
deleted file mode 100644
index 5613c0ee77..0000000000
--- a/src/lib/libssl/src/demos/sign/sig.txt
+++ /dev/null
@@ -1,158 +0,0 @@
1From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996
2Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782
3 (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000
4Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)
5Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 11:44:51 +1000 (EST)
6Received: by minbne.mincom.oz.au id AA22230
7 (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000
8Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <ssl-users@mincom.com>; Mon, 30 Sep 1996 11:40:07 +1000
9Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100
10Date: Mon, 30 Sep 1996 01:37:40 +0100
11Message-Id: <199609300037.BAA08729@brutus.neuronio.pt>
12From: Sampo Kellomaki <sampo@neuronio.pt>
13To: ssl-users@mincom.com
14Cc: sampo@brutus.neuronio.pt
15Subject: Signing with envelope routines
16Sender: ssl-lists-owner@mincom.com
17Precedence: bulk
18Status: RO
19X-Status: D
20
21
22I have been trying to figure out how to produce signatures with EVP_
23routines. I seem to be able to read in private key and sign some
24data ok, but I can't figure out how I am supposed to read in
25public key so that I could verify my signature. I use self signed
26certificate.
27
28I figured I should use
29 EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
30 fp, NULL, NULL);
31to read in private key and this seems to work Ok.
32
33However when I try analogous
34 EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
35 fp, NULL, NULL);
36the program fails with
37
38error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93
39error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232
40
41I figured that the second argument to PEM_ASN1_read should match the
42name in my PEM encoded object, hence PEM_STRING_X509.
43PEM_STRING_EVP_PKEY seems to be somehow magical
44because it matches whatever private key there happens to be. I could
45not find a similar constant to use with getting the certificate, however.
46
47Is my approach of using PEM_ASN1_read correct? What should I pass in
48as name? Can I use normal (or even self signed) X509 certificate for
49verifying the signature?
50
51When will SSLeay documentation be written ;-)? If I would contribute
52comments to the code, would Eric take time to review them and include
53them in distribution?
54
55I'm using SSLeay-0.6.4. My program is included below along with the
56key and cert that I use.
57
58--Sampo
59
60-----------------------------------
61/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
62 29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
63
64#include <stdio.h>
65#include "rsa.h"
66#include "evp.h"
67#include "objects.h"
68#include "x509.h"
69#include "err.h"
70#include "pem.h"
71#include "ssl.h"
72
73void main ()
74{
75 int err;
76 int sig_len;
77 unsigned char sig_buf [4096];
78 const char certfile[] = "plain-cert.pem";
79 const char keyfile[] = "plain-key.pem";
80 const char data[] = "I owe you...";
81 EVP_MD_CTX md_ctx;
82 EVP_PKEY* pkey;
83 FILE* fp;
84
85 SSL_load_error_strings();
86
87 /* Read private key */
88
89 fp = fopen (keyfile, "r"); if (fp == NULL) exit (1);
90 pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
91 PEM_STRING_EVP_PKEY,
92 fp,
93 NULL, NULL);
94 if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
95 fclose (fp);
96
97 /* Do the signature */
98
99 EVP_SignInit (&md_ctx, EVP_md5());
100 EVP_SignUpdate (&md_ctx, data, strlen(data));
101 sig_len = sizeof(sig_buf);
102 err = EVP_SignFinal (&md_ctx,
103 sig_buf,
104 &sig_len,
105 pkey);
106 if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
107 EVP_PKEY_free (pkey);
108
109 /* Read public key */
110
111 fp = fopen (certfile, "r"); if (fp == NULL) exit (1);
112 pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,
113 PEM_STRING_X509,
114 fp,
115 NULL, NULL);
116 if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
117 fclose (fp);
118
119 /* Verify the signature */
120
121 EVP_VerifyInit (&md_ctx, EVP_md5());
122 EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
123 err = EVP_VerifyFinal (&md_ctx,
124 sig_buf,
125 sig_len,
126 pkey);
127 if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
128 EVP_PKEY_free (pkey);
129 printf ("Signature Verified Ok.\n");
130}
131/* EOF */
132--------------- plain-cert.pem -----------------
133-----BEGIN CERTIFICATE-----
134MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
135VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
136bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
137dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
138DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
139EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
140dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
141EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
142MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
143L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
144BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
1459EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
146-----END CERTIFICATE-----
147---------------- plain-key.pem -----------------
148-----BEGIN RSA PRIVATE KEY-----
149MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
1502RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
151oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
1528IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
153a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
154WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
1556/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
156-----END RSA PRIVATE KEY-----
157------------------------------------------------
158
diff --git a/src/lib/libssl/src/demos/sign/sign.c b/src/lib/libssl/src/demos/sign/sign.c
deleted file mode 100644
index a6c66e17c3..0000000000
--- a/src/lib/libssl/src/demos/sign/sign.c
+++ /dev/null
@@ -1,153 +0,0 @@
1/* demos/sign/sign.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
60 29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
61
62/* converted to C - eay :-) */
63
64/* reformated a bit and converted to use the more common functions: this was
65 * initially written at the dawn of time :-) - Steve.
66 */
67
68#include <stdio.h>
69#include <openssl/rsa.h>
70#include <openssl/evp.h>
71#include <openssl/objects.h>
72#include <openssl/x509.h>
73#include <openssl/err.h>
74#include <openssl/pem.h>
75#include <openssl/ssl.h>
76
77int main ()
78{
79 int err;
80 int sig_len;
81 unsigned char sig_buf [4096];
82 static char certfile[] = "cert.pem";
83 static char keyfile[] = "key.pem";
84 static char data[] = "I owe you...";
85 EVP_MD_CTX md_ctx;
86 EVP_PKEY * pkey;
87 FILE * fp;
88 X509 * x509;
89
90 /* Just load the crypto library error strings,
91 * SSL_load_error_strings() loads the crypto AND the SSL ones */
92 /* SSL_load_error_strings();*/
93 ERR_load_crypto_strings();
94
95 /* Read private key */
96
97 fp = fopen (keyfile, "r");
98 if (fp == NULL) exit (1);
99 pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
100 fclose (fp);
101
102 if (pkey == NULL) {
103 ERR_print_errors_fp (stderr);
104 exit (1);
105 }
106
107 /* Do the signature */
108
109 EVP_SignInit (&md_ctx, EVP_sha1());
110 EVP_SignUpdate (&md_ctx, data, strlen(data));
111 sig_len = sizeof(sig_buf);
112 err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);
113
114 if (err != 1) {
115 ERR_print_errors_fp(stderr);
116 exit (1);
117 }
118
119 EVP_PKEY_free (pkey);
120
121 /* Read public key */
122
123 fp = fopen (certfile, "r");
124 if (fp == NULL) exit (1);
125 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
126 fclose (fp);
127
128 if (x509 == NULL) {
129 ERR_print_errors_fp (stderr);
130 exit (1);
131 }
132
133 /* Get public key - eay */
134 pkey=X509_get_pubkey(x509);
135 if (pkey == NULL) {
136 ERR_print_errors_fp (stderr);
137 exit (1);
138 }
139
140 /* Verify the signature */
141
142 EVP_VerifyInit (&md_ctx, EVP_sha1());
143 EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
144 err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey);
145 EVP_PKEY_free (pkey);
146
147 if (err != 1) {
148 ERR_print_errors_fp (stderr);
149 exit (1);
150 }
151 printf ("Signature Verified Ok.\n");
152 return(0);
153}
diff --git a/src/lib/libssl/src/demos/sign/sign.txt b/src/lib/libssl/src/demos/sign/sign.txt
deleted file mode 100644
index 2aa2b46cc3..0000000000
--- a/src/lib/libssl/src/demos/sign/sign.txt
+++ /dev/null
@@ -1,170 +0,0 @@
1From ssl-lists-owner@mincom.com Mon Sep 30 22:43:15 1996
2Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802
3 (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000
4Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST)
5Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 12:43:39 +1000 (EST)
6Received: by orb.mincom.oz.au id AA12688
7 (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000
8Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST)
9From: Eric Young <eay@mincom.com>
10X-Sender: eay@orb
11To: Sampo Kellomaki <sampo@neuronio.pt>
12Cc: ssl-users@mincom.com, sampo@brutus.neuronio.pt
13Subject: Re: Signing with envelope routines
14In-Reply-To: <199609300037.BAA08729@brutus.neuronio.pt>
15Message-Id: <Pine.SOL.3.91.960930121504.11800Y-100000@orb>
16Mime-Version: 1.0
17Content-Type: TEXT/PLAIN; charset=US-ASCII
18Sender: ssl-lists-owner@mincom.com
19Precedence: bulk
20Status: O
21X-Status:
22
23
24On Mon, 30 Sep 1996, Sampo Kellomaki wrote:
25> I have been trying to figure out how to produce signatures with EVP_
26> routines. I seem to be able to read in private key and sign some
27> data ok, but I can't figure out how I am supposed to read in
28> public key so that I could verify my signature. I use self signed
29> certificate.
30
31hmm... a rather poorly documented are of the library at this point in time.
32
33> I figured I should use
34> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
35> fp, NULL, NULL);
36> to read in private key and this seems to work Ok.
37>
38> However when I try analogous
39> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
40> fp, NULL, NULL);
41
42What you should do is
43 X509 *x509=PEM_read_X509(fp,NULL,NULL);
44 /* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp,
45 * NULL,NULL); */
46Then
47 EVP_PKEY *pkey=X509_extract_key(x509);
48
49There is also a X509_REQ_extract_key(req);
50which gets the public key from a certificate request.
51
52I re-worked quite a bit of this when I cleaned up the dependancy on
53RSA as the private key.
54
55> I figured that the second argument to PEM_ASN1_read should match the
56> name in my PEM encoded object, hence PEM_STRING_X509.
57> PEM_STRING_EVP_PKEY seems to be somehow magical
58> because it matches whatever private key there happens to be. I could
59> not find a similar constant to use with getting the certificate, however.
60
61:-), PEM_STRING_EVP_PKEY is 'magical' :-). In theory I should be using a
62standard such as PKCS#8 to store the private key so that the type is
63encoded in the asn.1 encoding of the object.
64
65> Is my approach of using PEM_ASN1_read correct? What should I pass in
66> as name? Can I use normal (or even self signed) X509 certificate for
67> verifying the signature?
68
69The actual public key is kept in the certificate, so basically you have
70to load the certificate and then 'unpack' the public key from the
71certificate.
72
73> When will SSLeay documentation be written ;-)? If I would contribute
74> comments to the code, would Eric take time to review them and include
75> them in distribution?
76
77:-) After SSLv3 and PKCS#7 :-). I actually started doing a function list
78but what I really need to do is do quite a few 'this is how you do xyz'
79type documents. I suppose the current method is to post to ssl-users and
80I'll respond :-).
81
82I'll add a 'demo' directory for the next release, I've appended a
83modified version of your program that works, you were very close :-).
84
85eric
86
87/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
88 29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
89
90/* converted to C - eay :-) */
91
92#include <stdio.h>
93#include "rsa.h"
94#include "evp.h"
95#include "objects.h"
96#include "x509.h"
97#include "err.h"
98#include "pem.h"
99#include "ssl.h"
100
101void main ()
102{
103 int err;
104 int sig_len;
105 unsigned char sig_buf [4096];
106 static char certfile[] = "plain-cert.pem";
107 static char keyfile[] = "plain-key.pem";
108 static char data[] = "I owe you...";
109 EVP_MD_CTX md_ctx;
110 EVP_PKEY * pkey;
111 FILE * fp;
112 X509 * x509;
113
114 /* Just load the crypto library error strings,
115 * SSL_load_error_strings() loads the crypto AND the SSL ones */
116 /* SSL_load_error_strings();*/
117 ERR_load_crypto_strings();
118
119 /* Read private key */
120
121 fp = fopen (keyfile, "r"); if (fp == NULL) exit (1);
122 pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
123 PEM_STRING_EVP_PKEY,
124 fp,
125 NULL, NULL);
126 if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
127 fclose (fp);
128
129 /* Do the signature */
130
131 EVP_SignInit (&md_ctx, EVP_md5());
132 EVP_SignUpdate (&md_ctx, data, strlen(data));
133 sig_len = sizeof(sig_buf);
134 err = EVP_SignFinal (&md_ctx,
135 sig_buf,
136 &sig_len,
137 pkey);
138 if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
139 EVP_PKEY_free (pkey);
140
141 /* Read public key */
142
143 fp = fopen (certfile, "r"); if (fp == NULL) exit (1);
144 x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
145 PEM_STRING_X509,
146 fp, NULL, NULL);
147 if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); }
148 fclose (fp);
149
150 /* Get public key - eay */
151 pkey=X509_extract_key(x509);
152 if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
153
154 /* Verify the signature */
155
156 EVP_VerifyInit (&md_ctx, EVP_md5());
157 EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
158 err = EVP_VerifyFinal (&md_ctx,
159 sig_buf,
160 sig_len,
161 pkey);
162 if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
163 EVP_PKEY_free (pkey);
164 printf ("Signature Verified Ok.\n");
165}
166
167
168
169
170
diff --git a/src/lib/libssl/src/demos/smime/cacert.pem b/src/lib/libssl/src/demos/smime/cacert.pem
deleted file mode 100644
index 75cbb347aa..0000000000
--- a/src/lib/libssl/src/demos/smime/cacert.pem
+++ /dev/null
@@ -1,18 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
3BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
4dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3
5WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD
6aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN
7RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz
8i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR
9ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT
10jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx
11CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B
12SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD
13VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB
14ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc
15G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo
16u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF
171je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw==
18-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/demos/smime/cakey.pem b/src/lib/libssl/src/demos/smime/cakey.pem
deleted file mode 100644
index 3b53c5e817..0000000000
--- a/src/lib/libssl/src/demos/smime/cakey.pem
+++ /dev/null
@@ -1,15 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd
3c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3
4dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB
5AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5
6HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs
7tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS
8rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18
99R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u
10jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is
11uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU
12+VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP
13wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW
148nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg==
15-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/smime/encr.txt b/src/lib/libssl/src/demos/smime/encr.txt
deleted file mode 100644
index f163a326ed..0000000000
--- a/src/lib/libssl/src/demos/smime/encr.txt
+++ /dev/null
@@ -1,3 +0,0 @@
1Content-type: text/plain
2
3Sample OpenSSL Data for PKCS#7 encryption
diff --git a/src/lib/libssl/src/demos/smime/sign.txt b/src/lib/libssl/src/demos/smime/sign.txt
deleted file mode 100644
index af1341d0a8..0000000000
--- a/src/lib/libssl/src/demos/smime/sign.txt
+++ /dev/null
@@ -1,3 +0,0 @@
1Content-type: text/plain
2
3Test OpenSSL Signed Content
diff --git a/src/lib/libssl/src/demos/smime/signer.pem b/src/lib/libssl/src/demos/smime/signer.pem
deleted file mode 100644
index bac16ba963..0000000000
--- a/src/lib/libssl/src/demos/smime/signer.pem
+++ /dev/null
@@ -1,32 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
3BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
4dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
5WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
6TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
7bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
8jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
9ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
10gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
11AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
12BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
132lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
14MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
15+Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
16lDiQlgX0JtmLgA==
17-----END CERTIFICATE-----
18-----BEGIN RSA PRIVATE KEY-----
19MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
201I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
21Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
22AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
23mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
24wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
2504+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
26qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
27YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
28sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
294rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
307t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
31xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
32-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/smime/signer2.pem b/src/lib/libssl/src/demos/smime/signer2.pem
deleted file mode 100644
index 25e23d131a..0000000000
--- a/src/lib/libssl/src/demos/smime/signer2.pem
+++ /dev/null
@@ -1,32 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
3BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
4dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0
5WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
6TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl
7bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ
8jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW
9ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW
10GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
11AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
12BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
132lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X
14h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4
15aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR
162aX6rl2JEuJ5Yg==
17-----END CERTIFICATE-----
18-----BEGIN RSA PRIVATE KEY-----
19MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM
20nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f
21nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB
22AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF
236r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2
24CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf
25m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX
262m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr
27upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4
28ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL
29SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk
30gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX
31pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A=
32-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/smime/smdec.c b/src/lib/libssl/src/demos/smime/smdec.c
deleted file mode 100644
index 8b1a8545a6..0000000000
--- a/src/lib/libssl/src/demos/smime/smdec.c
+++ /dev/null
@@ -1,83 +0,0 @@
1/* Simple S/MIME signing example */
2#include <openssl/pem.h>
3#include <openssl/pkcs7.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL, *tbio = NULL;
9 X509 *rcert = NULL;
10 EVP_PKEY *rkey = NULL;
11 PKCS7 *p7 = NULL;
12 int ret = 1;
13
14 OpenSSL_add_all_algorithms();
15 ERR_load_crypto_strings();
16
17 /* Read in recipient certificate and private key */
18 tbio = BIO_new_file("signer.pem", "r");
19
20 if (!tbio)
21 goto err;
22
23 rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
24
25 BIO_reset(tbio);
26
27 rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
28
29 if (!rcert || !rkey)
30 goto err;
31
32 /* Open content being signed */
33
34 in = BIO_new_file("smencr.txt", "r");
35
36 if (!in)
37 goto err;
38
39 /* Sign content */
40 p7 = SMIME_read_PKCS7(in, NULL);
41
42 if (!p7)
43 goto err;
44
45 out = BIO_new_file("encrout.txt", "w");
46 if (!out)
47 goto err;
48
49 /* Decrypt S/MIME message */
50 if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
51 goto err;
52
53 ret = 0;
54
55 err:
56
57 if (ret)
58 {
59 fprintf(stderr, "Error Signing Data\n");
60 ERR_print_errors_fp(stderr);
61 }
62
63 if (p7)
64 PKCS7_free(p7);
65 if (rcert)
66 X509_free(rcert);
67 if (rkey)
68 EVP_PKEY_free(rkey);
69
70 if (in)
71 BIO_free(in);
72 if (out)
73 BIO_free(out);
74 if (tbio)
75 BIO_free(tbio);
76
77 return ret;
78
79 }
80
81
82
83
diff --git a/src/lib/libssl/src/demos/smime/smenc.c b/src/lib/libssl/src/demos/smime/smenc.c
deleted file mode 100644
index 77dd732fc1..0000000000
--- a/src/lib/libssl/src/demos/smime/smenc.c
+++ /dev/null
@@ -1,92 +0,0 @@
1/* Simple S/MIME encrypt example */
2#include <openssl/pem.h>
3#include <openssl/pkcs7.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL, *tbio = NULL;
9 X509 *rcert = NULL;
10 STACK_OF(X509) *recips = NULL;
11 PKCS7 *p7 = NULL;
12 int ret = 1;
13
14 /*
15 * On OpenSSL 0.9.9 only:
16 * for streaming set PKCS7_STREAM
17 */
18 int flags = PKCS7_STREAM;
19
20 OpenSSL_add_all_algorithms();
21 ERR_load_crypto_strings();
22
23 /* Read in recipient certificate */
24 tbio = BIO_new_file("signer.pem", "r");
25
26 if (!tbio)
27 goto err;
28
29 rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
30
31 if (!rcert)
32 goto err;
33
34 /* Create recipient STACK and add recipient cert to it */
35 recips = sk_X509_new_null();
36
37 if (!recips || !sk_X509_push(recips, rcert))
38 goto err;
39
40 /* sk_X509_pop_free will free up recipient STACK and its contents
41 * so set rcert to NULL so it isn't freed up twice.
42 */
43 rcert = NULL;
44
45 /* Open content being encrypted */
46
47 in = BIO_new_file("encr.txt", "r");
48
49 if (!in)
50 goto err;
51
52 /* encrypt content */
53 p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
54
55 if (!p7)
56 goto err;
57
58 out = BIO_new_file("smencr.txt", "w");
59 if (!out)
60 goto err;
61
62 /* Write out S/MIME message */
63 if (!SMIME_write_PKCS7(out, p7, in, flags))
64 goto err;
65
66 ret = 0;
67
68 err:
69
70 if (ret)
71 {
72 fprintf(stderr, "Error Encrypting Data\n");
73 ERR_print_errors_fp(stderr);
74 }
75
76 if (p7)
77 PKCS7_free(p7);
78 if (rcert)
79 X509_free(rcert);
80 if (recips)
81 sk_X509_pop_free(recips, X509_free);
82
83 if (in)
84 BIO_free(in);
85 if (out)
86 BIO_free(out);
87 if (tbio)
88 BIO_free(tbio);
89
90 return ret;
91
92 }
diff --git a/src/lib/libssl/src/demos/smime/smsign.c b/src/lib/libssl/src/demos/smime/smsign.c
deleted file mode 100644
index ba78830cff..0000000000
--- a/src/lib/libssl/src/demos/smime/smsign.c
+++ /dev/null
@@ -1,89 +0,0 @@
1/* Simple S/MIME signing example */
2#include <openssl/pem.h>
3#include <openssl/pkcs7.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL, *tbio = NULL;
9 X509 *scert = NULL;
10 EVP_PKEY *skey = NULL;
11 PKCS7 *p7 = NULL;
12 int ret = 1;
13
14 /* For simple S/MIME signing use PKCS7_DETACHED.
15 * On OpenSSL 0.9.9 only:
16 * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM
17 * for streaming non-detached set PKCS7_STREAM
18 */
19 int flags = PKCS7_DETACHED|PKCS7_STREAM;
20
21 OpenSSL_add_all_algorithms();
22 ERR_load_crypto_strings();
23
24 /* Read in signer certificate and private key */
25 tbio = BIO_new_file("signer.pem", "r");
26
27 if (!tbio)
28 goto err;
29
30 scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
31
32 BIO_reset(tbio);
33
34 skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
35
36 if (!scert || !skey)
37 goto err;
38
39 /* Open content being signed */
40
41 in = BIO_new_file("sign.txt", "r");
42
43 if (!in)
44 goto err;
45
46 /* Sign content */
47 p7 = PKCS7_sign(scert, skey, NULL, in, flags);
48
49 if (!p7)
50 goto err;
51
52 out = BIO_new_file("smout.txt", "w");
53 if (!out)
54 goto err;
55
56 if (!(flags & PKCS7_STREAM))
57 BIO_reset(in);
58
59 /* Write out S/MIME message */
60 if (!SMIME_write_PKCS7(out, p7, in, flags))
61 goto err;
62
63 ret = 0;
64
65 err:
66
67 if (ret)
68 {
69 fprintf(stderr, "Error Signing Data\n");
70 ERR_print_errors_fp(stderr);
71 }
72
73 if (p7)
74 PKCS7_free(p7);
75 if (scert)
76 X509_free(scert);
77 if (skey)
78 EVP_PKEY_free(skey);
79
80 if (in)
81 BIO_free(in);
82 if (out)
83 BIO_free(out);
84 if (tbio)
85 BIO_free(tbio);
86
87 return ret;
88
89 }
diff --git a/src/lib/libssl/src/demos/smime/smsign2.c b/src/lib/libssl/src/demos/smime/smsign2.c
deleted file mode 100644
index ff835c568c..0000000000
--- a/src/lib/libssl/src/demos/smime/smsign2.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
2#include <openssl/pem.h>
3#include <openssl/pkcs7.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL, *tbio = NULL;
9 X509 *scert = NULL, *scert2 = NULL;
10 EVP_PKEY *skey = NULL, *skey2 = NULL;
11 PKCS7 *p7 = NULL;
12 int ret = 1;
13
14 OpenSSL_add_all_algorithms();
15 ERR_load_crypto_strings();
16
17 tbio = BIO_new_file("signer.pem", "r");
18
19 if (!tbio)
20 goto err;
21
22 scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
23
24 BIO_reset(tbio);
25
26 skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
27
28 BIO_free(tbio);
29
30 tbio = BIO_new_file("signer2.pem", "r");
31
32 if (!tbio)
33 goto err;
34
35 scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
36
37 BIO_reset(tbio);
38
39 skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
40
41 if (!scert2 || !skey2)
42 goto err;
43
44 in = BIO_new_file("sign.txt", "r");
45
46 if (!in)
47 goto err;
48
49 p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM|PKCS7_PARTIAL);
50
51 if (!p7)
52 goto err;
53
54 /* Add each signer in turn */
55
56 if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0))
57 goto err;
58
59 if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0))
60 goto err;
61
62 out = BIO_new_file("smout.txt", "w");
63 if (!out)
64 goto err;
65
66 /* NB: content included and finalized by SMIME_write_PKCS7 */
67
68 if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM))
69 goto err;
70
71 ret = 0;
72
73 err:
74
75 if (ret)
76 {
77 fprintf(stderr, "Error Signing Data\n");
78 ERR_print_errors_fp(stderr);
79 }
80
81 if (p7)
82 PKCS7_free(p7);
83
84 if (scert)
85 X509_free(scert);
86 if (skey)
87 EVP_PKEY_free(skey);
88
89 if (scert2)
90 X509_free(scert2);
91 if (skey)
92 EVP_PKEY_free(skey2);
93
94 if (in)
95 BIO_free(in);
96 if (out)
97 BIO_free(out);
98 if (tbio)
99 BIO_free(tbio);
100
101 return ret;
102
103 }
104
105
106
107
diff --git a/src/lib/libssl/src/demos/smime/smver.c b/src/lib/libssl/src/demos/smime/smver.c
deleted file mode 100644
index 9d360c273a..0000000000
--- a/src/lib/libssl/src/demos/smime/smver.c
+++ /dev/null
@@ -1,87 +0,0 @@
1/* Simple S/MIME verification example */
2#include <openssl/pem.h>
3#include <openssl/pkcs7.h>
4#include <openssl/err.h>
5
6int main(int argc, char **argv)
7 {
8 BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
9 X509_STORE *st = NULL;
10 X509 *cacert = NULL;
11 PKCS7 *p7 = NULL;
12
13 int ret = 1;
14
15 OpenSSL_add_all_algorithms();
16 ERR_load_crypto_strings();
17
18 /* Set up trusted CA certificate store */
19
20 st = X509_STORE_new();
21
22 /* Read in signer certificate and private key */
23 tbio = BIO_new_file("cacert.pem", "r");
24
25 if (!tbio)
26 goto err;
27
28 cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
29
30 if (!cacert)
31 goto err;
32
33 if (!X509_STORE_add_cert(st, cacert))
34 goto err;
35
36 /* Open content being signed */
37
38 in = BIO_new_file("smout.txt", "r");
39
40 if (!in)
41 goto err;
42
43 /* Sign content */
44 p7 = SMIME_read_PKCS7(in, &cont);
45
46 if (!p7)
47 goto err;
48
49 /* File to output verified content to */
50 out = BIO_new_file("smver.txt", "w");
51 if (!out)
52 goto err;
53
54 if (!PKCS7_verify(p7, NULL, st, cont, out, 0))
55 {
56 fprintf(stderr, "Verification Failure\n");
57 goto err;
58 }
59
60 fprintf(stderr, "Verification Successful\n");
61
62 ret = 0;
63
64 err:
65
66 if (ret)
67 {
68 fprintf(stderr, "Error Verifying Data\n");
69 ERR_print_errors_fp(stderr);
70 }
71
72 if (p7)
73 PKCS7_free(p7);
74
75 if (cacert)
76 X509_free(cacert);
77
78 if (in)
79 BIO_free(in);
80 if (out)
81 BIO_free(out);
82 if (tbio)
83 BIO_free(tbio);
84
85 return ret;
86
87 }
diff --git a/src/lib/libssl/src/demos/spkigen.c b/src/lib/libssl/src/demos/spkigen.c
deleted file mode 100644
index 2cd5dfea97..0000000000
--- a/src/lib/libssl/src/demos/spkigen.c
+++ /dev/null
@@ -1,161 +0,0 @@
1/* NOCW */
2/* demos/spkigen.c
3 * 18-Mar-1997 - eay - A quick hack :-)
4 * version 1.1, it would probably help to save or load the
5 * private key :-)
6 */
7#include <stdio.h>
8#include <stdlib.h>
9#include <openssl/err.h>
10#include <openssl/asn1.h>
11#include <openssl/objects.h>
12#include <openssl/evp.h>
13#include <openssl/x509.h>
14#include <openssl/pem.h>
15
16/* The following two don't exist in SSLeay but they are in here as
17 * examples */
18#define PEM_write_SPKI(fp,x) \
19 PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\
20 (char *)x,NULL,NULL,0,NULL)
21int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
22
23/* These are defined in the next version of SSLeay */
24int EVP_PKEY_assign(EVP_PKEY *pkey, int type,char *key);
25#define RSA_F4 0x10001
26#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
27 (char *)(rsa))
28
29int main(argc,argv)
30int argc;
31char *argv[];
32 {
33 RSA *rsa=NULL;
34 NETSCAPE_SPKI *spki=NULL;
35 EVP_PKEY *pkey=NULL;
36 char buf[128];
37 int ok=0,i;
38 FILE *fp;
39
40 pkey=EVP_PKEY_new();
41
42 if (argc < 2)
43 {
44 /* Generate an RSA key, the random state should have been seeded
45 * with lots of calls to RAND_seed(....) */
46 fprintf(stderr,"generating RSA key, could take some time...\n");
47 if ((rsa=RSA_generate_key(512,RSA_F4,NULL)) == NULL) goto err;
48 }
49 else
50 {
51 if ((fp=fopen(argv[1],"r")) == NULL)
52 { perror(argv[1]); goto err; }
53 if ((rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL)) == NULL)
54 goto err;
55 fclose(fp);
56 }
57
58 if (!EVP_PKEY_assign_RSA(pkey,rsa)) goto err;
59 rsa=NULL;
60
61 /* lets make the spki and set the public key and challenge */
62 if ((spki=NETSCAPE_SPKI_new()) == NULL) goto err;
63
64 if (!SPKI_set_pubkey(spki,pkey)) goto err;
65
66 fprintf(stderr,"please enter challenge string:");
67 fflush(stderr);
68 buf[0]='\0';
69 fgets(buf,sizeof buf,stdin);
70 i=strlen(buf);
71 if (i > 0) buf[--i]='\0';
72 if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,
73 buf,i)) goto err;
74
75 if (!NETSCAPE_SPKI_sign(spki,pkey,EVP_md5())) goto err;
76 PEM_write_SPKI(stdout,spki);
77 if (argc < 2)
78 PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL);
79
80 ok=1;
81err:
82 if (!ok)
83 {
84 fprintf(stderr,"something bad happened....");
85 ERR_print_errors_fp(stderr);
86 }
87 NETSCAPE_SPKI_free(spki);
88 EVP_PKEY_free(pkey);
89 exit(!ok);
90 }
91
92/* This function is in the next version of SSLeay */
93int EVP_PKEY_assign(pkey,type,key)
94EVP_PKEY *pkey;
95int type;
96char *key;
97 {
98 if (pkey == NULL) return(0);
99 if (pkey->pkey.ptr != NULL)
100 {
101 if (pkey->type == EVP_PKEY_RSA)
102 RSA_free(pkey->pkey.rsa);
103 /* else memory leak */
104 }
105 pkey->type=type;
106 pkey->pkey.ptr=key;
107 return(1);
108 }
109
110/* While I have a
111 * X509_set_pubkey() and X509_REQ_set_pubkey(), SPKI_set_pubkey() does
112 * not currently exist so here is a version of it.
113 * The next SSLeay release will probably have
114 * X509_set_pubkey(),
115 * X509_REQ_set_pubkey() and
116 * NETSCAPE_SPKI_set_pubkey()
117 * as macros calling the same function */
118int SPKI_set_pubkey(x,pkey)
119NETSCAPE_SPKI *x;
120EVP_PKEY *pkey;
121 {
122 int ok=0;
123 X509_PUBKEY *pk;
124 X509_ALGOR *a;
125 ASN1_OBJECT *o;
126 unsigned char *s,*p;
127 int i;
128
129 if (x == NULL) return(0);
130
131 if ((pk=X509_PUBKEY_new()) == NULL) goto err;
132 a=pk->algor;
133
134 /* set the algorithm id */
135 if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
136 ASN1_OBJECT_free(a->algorithm);
137 a->algorithm=o;
138
139 /* Set the parameter list */
140 if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL))
141 {
142 ASN1_TYPE_free(a->parameter);
143 a->parameter=ASN1_TYPE_new();
144 a->parameter->type=V_ASN1_NULL;
145 }
146 i=i2d_PublicKey(pkey,NULL);
147 if ((s=(unsigned char *)malloc(i+1)) == NULL) goto err;
148 p=s;
149 i2d_PublicKey(pkey,&p);
150 if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
151 free(s);
152
153 X509_PUBKEY_free(x->spkac->pubkey);
154 x->spkac->pubkey=pk;
155 pk=NULL;
156 ok=1;
157err:
158 if (pk != NULL) X509_PUBKEY_free(pk);
159 return(ok);
160 }
161
diff --git a/src/lib/libssl/src/demos/ssl/cli.cpp b/src/lib/libssl/src/demos/ssl/cli.cpp
deleted file mode 100644
index 49cba5da0c..0000000000
--- a/src/lib/libssl/src/demos/ssl/cli.cpp
+++ /dev/null
@@ -1,110 +0,0 @@
1/* cli.cpp - Minimal ssleay client for Unix
2 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
3
4/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
5 Simplified to be even more minimal
6 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
7
8#include <stdio.h>
9#include <memory.h>
10#include <errno.h>
11#include <sys/types.h>
12#include <sys/socket.h>
13#include <netinet/in.h>
14#include <arpa/inet.h>
15#include <netdb.h>
16
17#include <openssl/crypto.h>
18#include <openssl/x509.h>
19#include <openssl/pem.h>
20#include <openssl/ssl.h>
21#include <openssl/err.h>
22
23
24#define CHK_NULL(x) if ((x)==NULL) exit (1)
25#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
26#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
27
28void main ()
29{
30 int err;
31 int sd;
32 struct sockaddr_in sa;
33 SSL_CTX* ctx;
34 SSL* ssl;
35 X509* server_cert;
36 char* str;
37 char buf [4096];
38 SSL_METHOD *meth;
39
40 SSLeay_add_ssl_algorithms();
41 meth = SSLv2_client_method();
42 SSL_load_error_strings();
43 ctx = SSL_CTX_new (meth); CHK_NULL(ctx);
44
45 CHK_SSL(err);
46
47 /* ----------------------------------------------- */
48 /* Create a socket and connect to server using normal socket calls. */
49
50 sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket");
51
52 memset (&sa, '\0', sizeof(sa));
53 sa.sin_family = AF_INET;
54 sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */
55 sa.sin_port = htons (1111); /* Server Port number */
56
57 err = connect(sd, (struct sockaddr*) &sa,
58 sizeof(sa)); CHK_ERR(err, "connect");
59
60 /* ----------------------------------------------- */
61 /* Now we have TCP conncetion. Start SSL negotiation. */
62
63 ssl = SSL_new (ctx); CHK_NULL(ssl);
64 SSL_set_fd (ssl, sd);
65 err = SSL_connect (ssl); CHK_SSL(err);
66
67 /* Following two steps are optional and not required for
68 data exchange to be successful. */
69
70 /* Get the cipher - opt */
71
72 printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
73
74 /* Get server's certificate (note: beware of dynamic allocation) - opt */
75
76 server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert);
77 printf ("Server certificate:\n");
78
79 str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
80 CHK_NULL(str);
81 printf ("\t subject: %s\n", str);
82 OPENSSL_free (str);
83
84 str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
85 CHK_NULL(str);
86 printf ("\t issuer: %s\n", str);
87 OPENSSL_free (str);
88
89 /* We could do all sorts of certificate verification stuff here before
90 deallocating the certificate. */
91
92 X509_free (server_cert);
93
94 /* --------------------------------------------------- */
95 /* DATA EXCHANGE - Send a message and receive a reply. */
96
97 err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err);
98
99 err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
100 buf[err] = '\0';
101 printf ("Got %d chars:'%s'\n", err, buf);
102 SSL_shutdown (ssl); /* send SSL/TLS close_notify */
103
104 /* Clean up. */
105
106 close (sd);
107 SSL_free (ssl);
108 SSL_CTX_free (ctx);
109}
110/* EOF - cli.cpp */
diff --git a/src/lib/libssl/src/demos/ssl/inetdsrv.cpp b/src/lib/libssl/src/demos/ssl/inetdsrv.cpp
deleted file mode 100644
index efd70d2771..0000000000
--- a/src/lib/libssl/src/demos/ssl/inetdsrv.cpp
+++ /dev/null
@@ -1,98 +0,0 @@
1/* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf
2 * 30.9.1996, Sampo Kellomaki <sampo@iki.fi>
3 * From /etc/inetd.conf:
4 * 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
5 */
6
7#include <stdio.h>
8#include <errno.h>
9
10#include "rsa.h" /* SSLeay stuff */
11#include <openssl/crypto.h>
12#include <openssl/x509.h>
13#include <openssl/pem.h>
14#include <openssl/ssl.h>
15#include <openssl/err.h>
16
17#define HOME "/usr/users/sampo/demo/"
18#define CERTF HOME "plain-cert.pem"
19#define KEYF HOME "plain-key.pem"
20
21#define CHK_NULL(x) if ((x)==NULL) exit (1)
22#define CHK_ERR(err,s) if ((err)==-1) \
23 { fprintf(log, "%s %d\n", (s), errno); exit(1); }
24#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
25
26void main ()
27{
28 int err;
29 SSL_CTX* ctx;
30 SSL* ssl;
31 X509* client_cert;
32 char* str;
33 char buf [4096];
34 FILE* log;
35
36 log = fopen ("/dev/console", "a"); CHK_NULL(log);
37 fprintf (log, "inetdserv %ld\n", (long)getpid());
38
39 SSL_load_error_strings();
40 ctx = SSL_CTX_new (); CHK_NULL(ctx);
41
42 err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM);
43 CHK_SSL (err);
44
45 err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM);
46 CHK_SSL (err);
47
48 /* inetd has already opened the TCP connection, so we can get right
49 down to business. */
50
51 ssl = SSL_new (ctx); CHK_NULL(ssl);
52 SSL_set_fd (ssl, fileno(stdin));
53 err = SSL_accept (ssl); CHK_SSL(err);
54
55 /* Get the cipher - opt */
56
57 fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl));
58
59 /* Get client's certificate (note: beware of dynamic allocation) - opt */
60
61 client_cert = SSL_get_peer_certificate (ssl);
62 if (client_cert != NULL) {
63 fprintf (log, "Client certificate:\n");
64
65 str = X509_NAME_oneline (X509_get_subject_name (client_cert));
66 CHK_NULL(str);
67 fprintf (log, "\t subject: %s\n", str);
68 OPENSSL_free (str);
69
70 str = X509_NAME_oneline (X509_get_issuer_name (client_cert));
71 CHK_NULL(str);
72 fprintf (log, "\t issuer: %s\n", str);
73 OPENSSL_free (str);
74
75 /* We could do all sorts of certificate verification stuff here before
76 deallocating the certificate. */
77
78 X509_free (client_cert);
79 } else
80 fprintf (log, "Client doe not have certificate.\n");
81
82 /* ------------------------------------------------- */
83 /* DATA EXCHANGE: Receive message and send reply */
84
85 err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
86 buf[err] = '\0';
87 fprintf (log, "Got %d chars:'%s'\n", err, buf);
88
89 err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear."));
90 CHK_SSL(err);
91
92 /* Clean up. */
93
94 fclose (log);
95 SSL_free (ssl);
96 SSL_CTX_free (ctx);
97}
98/* EOF - inetdserv.cpp */
diff --git a/src/lib/libssl/src/demos/ssl/serv.cpp b/src/lib/libssl/src/demos/ssl/serv.cpp
deleted file mode 100644
index b142c758d2..0000000000
--- a/src/lib/libssl/src/demos/ssl/serv.cpp
+++ /dev/null
@@ -1,152 +0,0 @@
1/* serv.cpp - Minimal ssleay server for Unix
2 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
3
4
5/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
6 Simplified to be even more minimal
7 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
8
9#include <stdio.h>
10#include <unistd.h>
11#include <stdlib.h>
12#include <memory.h>
13#include <errno.h>
14#include <sys/types.h>
15#include <sys/socket.h>
16#include <netinet/in.h>
17#include <arpa/inet.h>
18#include <netdb.h>
19
20#include <openssl/rsa.h> /* SSLeay stuff */
21#include <openssl/crypto.h>
22#include <openssl/x509.h>
23#include <openssl/pem.h>
24#include <openssl/ssl.h>
25#include <openssl/err.h>
26
27
28/* define HOME to be dir for key and cert files... */
29#define HOME "./"
30/* Make these what you want for cert & key files */
31#define CERTF HOME "foo-cert.pem"
32#define KEYF HOME "foo-cert.pem"
33
34
35#define CHK_NULL(x) if ((x)==NULL) exit (1)
36#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
37#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
38
39void main ()
40{
41 int err;
42 int listen_sd;
43 int sd;
44 struct sockaddr_in sa_serv;
45 struct sockaddr_in sa_cli;
46 size_t client_len;
47 SSL_CTX* ctx;
48 SSL* ssl;
49 X509* client_cert;
50 char* str;
51 char buf [4096];
52 SSL_METHOD *meth;
53
54 /* SSL preliminaries. We keep the certificate and key with the context. */
55
56 SSL_load_error_strings();
57 SSLeay_add_ssl_algorithms();
58 meth = SSLv23_server_method();
59 ctx = SSL_CTX_new (meth);
60 if (!ctx) {
61 ERR_print_errors_fp(stderr);
62 exit(2);
63 }
64
65 if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
66 ERR_print_errors_fp(stderr);
67 exit(3);
68 }
69 if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
70 ERR_print_errors_fp(stderr);
71 exit(4);
72 }
73
74 if (!SSL_CTX_check_private_key(ctx)) {
75 fprintf(stderr,"Private key does not match the certificate public key\n");
76 exit(5);
77 }
78
79 /* ----------------------------------------------- */
80 /* Prepare TCP socket for receiving connections */
81
82 listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket");
83
84 memset (&sa_serv, '\0', sizeof(sa_serv));
85 sa_serv.sin_family = AF_INET;
86 sa_serv.sin_addr.s_addr = INADDR_ANY;
87 sa_serv.sin_port = htons (1111); /* Server Port number */
88
89 err = bind(listen_sd, (struct sockaddr*) &sa_serv,
90 sizeof (sa_serv)); CHK_ERR(err, "bind");
91
92 /* Receive a TCP connection. */
93
94 err = listen (listen_sd, 5); CHK_ERR(err, "listen");
95
96 client_len = sizeof(sa_cli);
97 sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
98 CHK_ERR(sd, "accept");
99 close (listen_sd);
100
101 printf ("Connection from %lx, port %x\n",
102 sa_cli.sin_addr.s_addr, sa_cli.sin_port);
103
104 /* ----------------------------------------------- */
105 /* TCP connection is ready. Do server side SSL. */
106
107 ssl = SSL_new (ctx); CHK_NULL(ssl);
108 SSL_set_fd (ssl, sd);
109 err = SSL_accept (ssl); CHK_SSL(err);
110
111 /* Get the cipher - opt */
112
113 printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
114
115 /* Get client's certificate (note: beware of dynamic allocation) - opt */
116
117 client_cert = SSL_get_peer_certificate (ssl);
118 if (client_cert != NULL) {
119 printf ("Client certificate:\n");
120
121 str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
122 CHK_NULL(str);
123 printf ("\t subject: %s\n", str);
124 OPENSSL_free (str);
125
126 str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
127 CHK_NULL(str);
128 printf ("\t issuer: %s\n", str);
129 OPENSSL_free (str);
130
131 /* We could do all sorts of certificate verification stuff here before
132 deallocating the certificate. */
133
134 X509_free (client_cert);
135 } else
136 printf ("Client does not have certificate.\n");
137
138 /* DATA EXCHANGE - Receive message and send reply. */
139
140 err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
141 buf[err] = '\0';
142 printf ("Got %d chars:'%s'\n", err, buf);
143
144 err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err);
145
146 /* Clean up. */
147
148 close (sd);
149 SSL_free (ssl);
150 SSL_CTX_free (ctx);
151}
152/* EOF - serv.cpp */
diff --git a/src/lib/libssl/src/demos/ssltest-ecc/ECC-RSAcertgen.sh b/src/lib/libssl/src/demos/ssltest-ecc/ECC-RSAcertgen.sh
deleted file mode 100755
index b31a4f1ee0..0000000000
--- a/src/lib/libssl/src/demos/ssltest-ecc/ECC-RSAcertgen.sh
+++ /dev/null
@@ -1,98 +0,0 @@
1#!/bin/sh
2
3# For a list of supported curves, use "apps/openssl ecparam -list_curves".
4
5# Path to the openssl distribution
6OPENSSL_DIR=../..
7# Path to the openssl program
8OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
9# Option to find configuration file
10OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
11# Directory where certificates are stored
12CERTS_DIR=./Certs
13# Directory where private key files are stored
14KEYS_DIR=$CERTS_DIR
15# Directory where combo files (containing a certificate and corresponding
16# private key together) are stored
17COMBO_DIR=$CERTS_DIR
18# cat command
19CAT=/bin/cat
20# rm command
21RM=/bin/rm
22# mkdir command
23MKDIR=/bin/mkdir
24# The certificate will expire these many days after the issue date.
25DAYS=1500
26TEST_CA_FILE=rsa1024TestCA
27
28TEST_SERVER_CURVE=sect163r1
29TEST_SERVER_FILE=sect163r1-rsaTestServer
30TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (sect163r1 key signed with RSA)"
31
32TEST_CLIENT_CURVE=sect163r1
33TEST_CLIENT_FILE=sect163r1-rsaTestClient
34TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (sect163r1 key signed with RSA)"
35
36# Generating an EC certificate involves the following main steps
37# 1. Generating curve parameters (if needed)
38# 2. Generating a certificate request
39# 3. Signing the certificate request
40# 4. [Optional] One can combine the cert and private key into a single
41# file and also delete the certificate request
42
43$MKDIR -p $CERTS_DIR
44$MKDIR -p $KEYS_DIR
45$MKDIR -p $COMBO_DIR
46
47echo "GENERATING A TEST SERVER CERTIFICATE (ECC key signed with RSA)"
48echo "=============================================================="
49$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem
50
51$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
52 -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
53 -newkey ec:$TEST_SERVER_CURVE.pem -new \
54 -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
55
56$OPENSSL_CMD x509 -req -days $DAYS \
57 -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
58 -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
59 -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
60 -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
61
62# Display the certificate
63$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
64
65# Place the certificate and key in a common file
66$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
67 > $COMBO_DIR/$TEST_SERVER_FILE.pem
68$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
69
70# Remove the cert request file (no longer needed)
71$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
72
73echo "GENERATING A TEST CLIENT CERTIFICATE (ECC key signed with RSA)"
74echo "=============================================================="
75$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem
76
77$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
78 -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
79 -newkey ec:$TEST_CLIENT_CURVE.pem -new \
80 -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
81
82$OPENSSL_CMD x509 -req -days $DAYS \
83 -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
84 -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
85 -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
86 -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
87
88# Display the certificate
89$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
90
91# Place the certificate and key in a common file
92$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
93 > $COMBO_DIR/$TEST_CLIENT_FILE.pem
94$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
95
96# Remove the cert request file (no longer needed)
97$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
98
diff --git a/src/lib/libssl/src/demos/ssltest-ecc/ECCcertgen.sh b/src/lib/libssl/src/demos/ssltest-ecc/ECCcertgen.sh
deleted file mode 100755
index a47b8bb0b5..0000000000
--- a/src/lib/libssl/src/demos/ssltest-ecc/ECCcertgen.sh
+++ /dev/null
@@ -1,164 +0,0 @@
1#!/bin/sh
2
3# For a list of supported curves, use "apps/openssl ecparam -list_curves".
4
5# Path to the openssl distribution
6OPENSSL_DIR=../..
7# Path to the openssl program
8OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
9# Option to find configuration file
10OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
11# Directory where certificates are stored
12CERTS_DIR=./Certs
13# Directory where private key files are stored
14KEYS_DIR=$CERTS_DIR
15# Directory where combo files (containing a certificate and corresponding
16# private key together) are stored
17COMBO_DIR=$CERTS_DIR
18# cat command
19CAT=/bin/cat
20# rm command
21RM=/bin/rm
22# mkdir command
23MKDIR=/bin/mkdir
24# The certificate will expire these many days after the issue date.
25DAYS=1500
26TEST_CA_CURVE=secp160r1
27TEST_CA_FILE=secp160r1TestCA
28TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (Elliptic curve secp160r1)"
29
30TEST_SERVER_CURVE=secp160r2
31TEST_SERVER_FILE=secp160r2TestServer
32TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (Elliptic curve secp160r2)"
33
34TEST_CLIENT_CURVE=secp160r2
35TEST_CLIENT_FILE=secp160r2TestClient
36TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (Elliptic curve secp160r2)"
37
38# Generating an EC certificate involves the following main steps
39# 1. Generating curve parameters (if needed)
40# 2. Generating a certificate request
41# 3. Signing the certificate request
42# 4. [Optional] One can combine the cert and private key into a single
43# file and also delete the certificate request
44
45$MKDIR -p $CERTS_DIR
46$MKDIR -p $KEYS_DIR
47$MKDIR -p $COMBO_DIR
48
49echo "Generating self-signed CA certificate (on curve $TEST_CA_CURVE)"
50echo "==============================================================="
51$OPENSSL_CMD ecparam -name $TEST_CA_CURVE -out $TEST_CA_CURVE.pem
52
53# Generate a new certificate request in $TEST_CA_FILE.req.pem. A
54# new ecdsa (actually ECC) key pair is generated on the parameters in
55# $TEST_CA_CURVE.pem and the private key is saved in $TEST_CA_FILE.key.pem
56# WARNING: By using the -nodes option, we force the private key to be
57# stored in the clear (rather than encrypted with a password).
58$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
59 -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
60 -newkey ec:$TEST_CA_CURVE.pem -new \
61 -out $CERTS_DIR/$TEST_CA_FILE.req.pem
62
63# Sign the certificate request in $TEST_CA_FILE.req.pem using the
64# private key in $TEST_CA_FILE.key.pem and include the CA extension.
65# Make the certificate valid for 1500 days from the time of signing.
66# The certificate is written into $TEST_CA_FILE.cert.pem
67$OPENSSL_CMD x509 -req -days $DAYS \
68 -in $CERTS_DIR/$TEST_CA_FILE.req.pem \
69 -extfile $OPENSSL_DIR/apps/openssl.cnf \
70 -extensions v3_ca \
71 -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
72 -out $CERTS_DIR/$TEST_CA_FILE.cert.pem
73
74# Display the certificate
75$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
76
77# Place the certificate and key in a common file
78$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
79 > $COMBO_DIR/$TEST_CA_FILE.pem
80$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
81
82# Remove the cert request file (no longer needed)
83$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
84
85echo "GENERATING A TEST SERVER CERTIFICATE (on elliptic curve $TEST_SERVER_CURVE)"
86echo "=========================================================================="
87# Generate parameters for curve $TEST_SERVER_CURVE, if needed
88$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem
89
90# Generate a new certificate request in $TEST_SERVER_FILE.req.pem. A
91# new ecdsa (actually ECC) key pair is generated on the parameters in
92# $TEST_SERVER_CURVE.pem and the private key is saved in
93# $TEST_SERVER_FILE.key.pem
94# WARNING: By using the -nodes option, we force the private key to be
95# stored in the clear (rather than encrypted with a password).
96$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
97 -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
98 -newkey ec:$TEST_SERVER_CURVE.pem -new \
99 -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
100
101# Sign the certificate request in $TEST_SERVER_FILE.req.pem using the
102# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in
103# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number
104# file for this CA, create one. Make the certificate valid for $DAYS days
105# from the time of signing. The certificate is written into
106# $TEST_SERVER_FILE.cert.pem
107$OPENSSL_CMD x509 -req -days $DAYS \
108 -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
109 -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
110 -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
111 -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
112
113# Display the certificate
114$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
115
116# Place the certificate and key in a common file
117$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
118 > $COMBO_DIR/$TEST_SERVER_FILE.pem
119$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
120
121# Remove the cert request file (no longer needed)
122$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
123
124echo "GENERATING A TEST CLIENT CERTIFICATE (on elliptic curve $TEST_CLIENT_CURVE)"
125echo "=========================================================================="
126# Generate parameters for curve $TEST_CLIENT_CURVE, if needed
127$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem
128
129# Generate a new certificate request in $TEST_CLIENT_FILE.req.pem. A
130# new ecdsa (actually ECC) key pair is generated on the parameters in
131# $TEST_CLIENT_CURVE.pem and the private key is saved in
132# $TEST_CLIENT_FILE.key.pem
133# WARNING: By using the -nodes option, we force the private key to be
134# stored in the clear (rather than encrypted with a password).
135$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
136 -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
137 -newkey ec:$TEST_CLIENT_CURVE.pem -new \
138 -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
139
140# Sign the certificate request in $TEST_CLIENT_FILE.req.pem using the
141# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in
142# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number
143# file for this CA, create one. Make the certificate valid for $DAYS days
144# from the time of signing. The certificate is written into
145# $TEST_CLIENT_FILE.cert.pem
146$OPENSSL_CMD x509 -req -days $DAYS \
147 -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
148 -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
149 -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
150 -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
151
152# Display the certificate
153$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
154
155# Place the certificate and key in a common file
156$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
157 > $COMBO_DIR/$TEST_CLIENT_FILE.pem
158$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
159
160# Remove the cert request file (no longer needed)
161$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
162
163
164
diff --git a/src/lib/libssl/src/demos/ssltest-ecc/README b/src/lib/libssl/src/demos/ssltest-ecc/README
deleted file mode 100644
index 71c070af16..0000000000
--- a/src/lib/libssl/src/demos/ssltest-ecc/README
+++ /dev/null
@@ -1,15 +0,0 @@
1Scripts for using ECC ciphersuites with test/testssl
2(these ciphersuites are described in the Internet Draft available at
3http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-03.txt).
4
5Use ECCcertgen.sh, RSAcertgen.sh, ECC-RSAcertgen.sh to generate
6root, client and server certs of the following types:
7
8 ECC certs signed with ECDSA
9 RSA certs signed with RSA
10 ECC certs signed with RSA
11
12Afterwards, you can use ssltest.sh to run the various tests;
13specify one of the following options:
14
15 aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa
diff --git a/src/lib/libssl/src/demos/ssltest-ecc/RSAcertgen.sh b/src/lib/libssl/src/demos/ssltest-ecc/RSAcertgen.sh
deleted file mode 100755
index 0cb0153596..0000000000
--- a/src/lib/libssl/src/demos/ssltest-ecc/RSAcertgen.sh
+++ /dev/null
@@ -1,121 +0,0 @@
1#!/bin/sh
2
3# For a list of supported curves, use "apps/openssl ecparam -list_curves".
4
5# Path to the openssl distribution
6OPENSSL_DIR=../..
7# Path to the openssl program
8OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
9# Option to find configuration file
10OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
11# Directory where certificates are stored
12CERTS_DIR=./Certs
13# Directory where private key files are stored
14KEYS_DIR=$CERTS_DIR
15# Directory where combo files (containing a certificate and corresponding
16# private key together) are stored
17COMBO_DIR=$CERTS_DIR
18# cat command
19CAT=/bin/cat
20# rm command
21RM=/bin/rm
22# mkdir command
23MKDIR=/bin/mkdir
24# The certificate will expire these many days after the issue date.
25DAYS=1500
26TEST_CA_FILE=rsa1024TestCA
27TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)"
28
29TEST_SERVER_FILE=rsa1024TestServer
30TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)"
31
32TEST_CLIENT_FILE=rsa1024TestClient
33TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)"
34
35# Generating an EC certificate involves the following main steps
36# 1. Generating curve parameters (if needed)
37# 2. Generating a certificate request
38# 3. Signing the certificate request
39# 4. [Optional] One can combine the cert and private key into a single
40# file and also delete the certificate request
41
42$MKDIR -p $CERTS_DIR
43$MKDIR -p $KEYS_DIR
44$MKDIR -p $COMBO_DIR
45
46echo "Generating self-signed CA certificate (RSA)"
47echo "==========================================="
48
49$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
50 -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
51 -newkey rsa:1024 -new \
52 -out $CERTS_DIR/$TEST_CA_FILE.req.pem
53
54$OPENSSL_CMD x509 -req -days $DAYS \
55 -in $CERTS_DIR/$TEST_CA_FILE.req.pem \
56 -extfile $OPENSSL_DIR/apps/openssl.cnf \
57 -extensions v3_ca \
58 -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
59 -out $CERTS_DIR/$TEST_CA_FILE.cert.pem
60
61# Display the certificate
62$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
63
64# Place the certificate and key in a common file
65$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
66 > $COMBO_DIR/$TEST_CA_FILE.pem
67$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
68
69# Remove the cert request file (no longer needed)
70$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
71
72echo "GENERATING A TEST SERVER CERTIFICATE (RSA)"
73echo "=========================================="
74
75$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
76 -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
77 -newkey rsa:1024 -new \
78 -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
79
80$OPENSSL_CMD x509 -req -days $DAYS \
81 -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
82 -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
83 -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
84 -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
85
86# Display the certificate
87$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
88
89# Place the certificate and key in a common file
90$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
91 > $COMBO_DIR/$TEST_SERVER_FILE.pem
92$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
93
94# Remove the cert request file (no longer needed)
95$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
96
97echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)"
98echo "=========================================="
99
100$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
101 -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
102 -newkey rsa:1024 -new \
103 -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
104
105$OPENSSL_CMD x509 -req -days $DAYS \
106 -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
107 -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
108 -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
109 -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
110
111# Display the certificate
112$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
113
114# Place the certificate and key in a common file
115$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
116 > $COMBO_DIR/$TEST_CLIENT_FILE.pem
117$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
118
119# Remove the cert request file (no longer needed)
120$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
121
diff --git a/src/lib/libssl/src/demos/ssltest-ecc/ssltest.sh b/src/lib/libssl/src/demos/ssltest-ecc/ssltest.sh
deleted file mode 100755
index 923ca43824..0000000000
--- a/src/lib/libssl/src/demos/ssltest-ecc/ssltest.sh
+++ /dev/null
@@ -1,188 +0,0 @@
1#! /bin/sh
2# Tests ECC cipher suites using ssltest. Requires one argument which could
3# be aecdh or ecdh-ecdsa or ecdhe-ecdsa or ecdh-rsa or ecdhe-rsa.
4# A second optional argument can be one of ssl2 ssl3 or tls1
5
6if [ "$1" = "" ]; then
7 (echo "Usage: $0 test [ protocol ]"
8 echo " where test is one of aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa"
9 echo " and protocol (optional) is one of ssl2, ssl3, tls1"
10 echo "Run RSAcertgen.sh, ECC-RSAcertgen.sh, ECCcertgen.sh first."
11 ) >&2
12 exit 1
13fi
14
15
16OPENSSL_DIR=../..
17CERTS_DIR=./Certs
18SSLTEST=$OPENSSL_DIR/test/ssltest
19# SSL protocol version to test (one of ssl2 ssl3 or tls1)"
20SSLVERSION=
21
22# These don't really require any certificates
23AECDH_CIPHER_LIST="AECDH-AES256-SHA AECDH-AES128-SHA AECDH-DES-CBC3-SHA AECDH-RC4-SHA AECDH-NULL-SHA"
24
25# These require ECC certificates signed with ECDSA
26# The EC public key must be authorized for key agreement.
27ECDH_ECDSA_CIPHER_LIST="ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA"
28
29# These require ECC certificates.
30# The EC public key must be authorized for digital signature.
31ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-NULL-SHA"
32
33# These require ECC certificates signed with RSA.
34# The EC public key must be authorized for key agreement.
35ECDH_RSA_CIPHER_LIST="ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA"
36
37# These require RSA certificates.
38# The RSA public key must be authorized for digital signature.
39ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-NULL-SHA"
40
41# List of Elliptic curves over which we wish to test generation of
42# ephemeral ECDH keys when using AECDH or ECDHE ciphers
43# NOTE: secp192r1 = prime192v1 and secp256r1 = prime256v1
44#ELLIPTIC_CURVE_LIST="secp112r1 sect113r2 secp128r1 sect131r1 secp160k1 sect163r2 wap-wsg-idm-ecid-wtls7 c2pnb163v3 c2pnb176v3 c2tnb191v3 secp192r1 prime192v3 sect193r2 secp224r1 wap-wsg-idm-ecid-wtls10 sect239k1 prime239v2 secp256r1 prime256v1 sect283k1 secp384r1 sect409r1 secp521r1 sect571r1"
45ELLIPTIC_CURVE_LIST="sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp160k1 secp160r1 secp160r2 secp192k1 prime192v1 secp224k1 secp224r1 secp256k1 prime256v1 secp384r1 secp521r1"
46
47DEFAULT_CURVE="sect163r2"
48
49if [ "$2" = "" ]; then
50 if [ "$SSL_VERSION" = "" ]; then
51 SSL_VERSION=""
52 else
53 SSL_VERSION="-$SSL_VERSION"
54 fi
55else
56 SSL_VERSION="-$2"
57fi
58
59#==============================================================
60# Anonymous cipher suites do not require key or certificate files
61# but ssltest expects a cert file and complains if it can't
62# open the default one.
63SERVER_PEM=$OPENSSL_DIR/apps/server.pem
64
65if [ "$1" = "aecdh" ]; then
66for cipher in $AECDH_CIPHER_LIST
67do
68 echo "Testing $cipher"
69 $SSLTEST $SSL_VERSION -cert $SERVER_PEM -cipher $cipher
70done
71#--------------------------------------------------------------
72for curve in $ELLIPTIC_CURVE_LIST
73do
74 echo "Testing AECDH-NULL-SHA (with $curve)"
75 $SSLTEST $SSL_VERSION -cert $SERVER_PEM \
76 -named_curve $curve -cipher AECDH-NULL-SHA
77done
78
79for curve in $ELLIPTIC_CURVE_LIST
80do
81 echo "Testing AECDH-RC4-SHA (with $curve)"
82 $SSLTEST $SSL_VERSION -cert $SERVER_PEM \
83 -named_curve $curve -cipher AECDH-RC4-SHA
84done
85fi
86
87#==============================================================
88# Both ECDH-ECDSA and ECDHE-ECDSA cipher suites require
89# the server to have an ECC certificate signed with ECDSA.
90CA_PEM=$CERTS_DIR/secp160r1TestCA.pem
91SERVER_PEM=$CERTS_DIR/secp160r2TestServer.pem
92CLIENT_PEM=$CERTS_DIR/secp160r2TestClient.pem
93
94if [ "$1" = "ecdh-ecdsa" ]; then
95for cipher in $ECDH_ECDSA_CIPHER_LIST
96do
97 echo "Testing $cipher (with server authentication)"
98 $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
99 -cert $SERVER_PEM -server_auth \
100 -cipher $cipher
101
102 echo "Testing $cipher (with server and client authentication)"
103 $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
104 -cert $SERVER_PEM -server_auth \
105 -c_cert $CLIENT_PEM -client_auth \
106 -cipher $cipher
107done
108fi
109
110#==============================================================
111if [ "$1" = "ecdhe-ecdsa" ]; then
112for cipher in $ECDHE_ECDSA_CIPHER_LIST
113do
114 echo "Testing $cipher (with server authentication)"
115 $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
116 -cert $SERVER_PEM -server_auth \
117 -cipher $cipher -named_curve $DEFAULT_CURVE
118
119 echo "Testing $cipher (with server and client authentication)"
120 $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
121 -cert $SERVER_PEM -server_auth \
122 -c_cert $CLIENT_PEM -client_auth \
123 -cipher $cipher -named_curve $DEFAULT_CURVE
124done
125
126#--------------------------------------------------------------
127for curve in $ELLIPTIC_CURVE_LIST
128do
129 echo "Testing ECDHE-ECDSA-AES128-SHA (2-way auth with $curve)"
130 $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
131 -cert $SERVER_PEM -server_auth \
132 -c_cert $CLIENT_PEM -client_auth \
133 -cipher ECDHE-ECDSA-AES128-SHA -named_curve $curve
134done
135fi
136
137#==============================================================
138# ECDH-RSA cipher suites require the server to have an ECC
139# certificate signed with RSA.
140CA_PEM=$CERTS_DIR/rsa1024TestCA.pem
141SERVER_PEM=$CERTS_DIR/sect163r1-rsaTestServer.pem
142CLIENT_PEM=$CERTS_DIR/sect163r1-rsaTestClient.pem
143
144if [ "$1" = "ecdh-rsa" ]; then
145for cipher in $ECDH_RSA_CIPHER_LIST
146do
147 echo "Testing $cipher (with server authentication)"
148 $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
149 -cert $SERVER_PEM -server_auth \
150 -cipher $cipher
151
152 echo "Testing $cipher (with server and client authentication)"
153 $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
154 -cert $SERVER_PEM -server_auth \
155 -c_cert $CLIENT_PEM -client_auth \
156 -cipher $cipher
157done
158fi
159
160#==============================================================
161# ECDHE-RSA cipher suites require the server to have an RSA cert.
162CA_PEM=$CERTS_DIR/rsa1024TestCA.pem
163SERVER_PEM=$CERTS_DIR/rsa1024TestServer.pem
164CLIENT_PEM=$CERTS_DIR/rsa1024TestClient.pem
165
166if [ "$1" = "ecdhe-rsa" ]; then
167for cipher in $ECDHE_RSA_CIPHER_LIST
168do
169 echo "Testing $cipher (with server authentication)"
170 echo $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
171 -cert $SERVER_PEM -server_auth \
172 -cipher $cipher -named_curve $DEFAULT_CURVE
173 $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
174 -cert $SERVER_PEM -server_auth \
175 -cipher $cipher -named_curve $DEFAULT_CURVE
176
177 echo "Testing $cipher (with server and client authentication)"
178 $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
179 -cert $SERVER_PEM -server_auth \
180 -c_cert $CLIENT_PEM -client_auth \
181 -cipher $cipher -named_curve $DEFAULT_CURVE
182done
183fi
184#==============================================================
185
186
187
188
diff --git a/src/lib/libssl/src/demos/state_machine/Makefile b/src/lib/libssl/src/demos/state_machine/Makefile
deleted file mode 100644
index c7a114540d..0000000000
--- a/src/lib/libssl/src/demos/state_machine/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1CFLAGS=-I../../include -Wall -Werror -g
2
3all: state_machine
4
5state_machine: state_machine.o
6 $(CC) -o state_machine state_machine.o -L../.. -lssl -lcrypto
7
8test: state_machine
9 ./state_machine 10000 ../../apps/server.pem ../../apps/server.pem
diff --git a/src/lib/libssl/src/demos/state_machine/state_machine.c b/src/lib/libssl/src/demos/state_machine/state_machine.c
deleted file mode 100644
index fef3f3e3d1..0000000000
--- a/src/lib/libssl/src/demos/state_machine/state_machine.c
+++ /dev/null
@@ -1,416 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55/*
56 * Nuron, a leader in hardware encryption technology, generously
57 * sponsored the development of this demo by Ben Laurie.
58 *
59 * See http://www.nuron.com/.
60 */
61
62/*
63 * the aim of this demo is to provide a fully working state-machine
64 * style SSL implementation, i.e. one where the main loop acquires
65 * some data, then converts it from or to SSL by feeding it into the
66 * SSL state machine. It then does any I/O required by the state machine
67 * and loops.
68 *
69 * In order to keep things as simple as possible, this implementation
70 * listens on a TCP socket, which it expects to get an SSL connection
71 * on (for example, from s_client) and from then on writes decrypted
72 * data to stdout and encrypts anything arriving on stdin. Verbose
73 * commentary is written to stderr.
74 *
75 * This implementation acts as a server, but it can also be done for a client. */
76
77#include <openssl/ssl.h>
78#include <assert.h>
79#include <unistd.h>
80#include <string.h>
81#include <openssl/err.h>
82#include <sys/types.h>
83#include <sys/socket.h>
84#include <netinet/in.h>
85
86/* die_unless is intended to work like assert, except that it happens
87 always, even if NDEBUG is defined. Use assert as a stopgap. */
88
89#define die_unless(x) assert(x)
90
91typedef struct
92 {
93 SSL_CTX *pCtx;
94 BIO *pbioRead;
95 BIO *pbioWrite;
96 SSL *pSSL;
97 } SSLStateMachine;
98
99void SSLStateMachine_print_error(SSLStateMachine *pMachine,const char *szErr)
100 {
101 unsigned long l;
102
103 fprintf(stderr,"%s\n",szErr);
104 while((l=ERR_get_error()))
105 {
106 char buf[1024];
107
108 ERR_error_string_n(l,buf,sizeof buf);
109 fprintf(stderr,"Error %lx: %s\n",l,buf);
110 }
111 }
112
113SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile,
114 const char *szKeyFile)
115 {
116 SSLStateMachine *pMachine=malloc(sizeof *pMachine);
117 int n;
118
119 die_unless(pMachine);
120
121 pMachine->pCtx=SSL_CTX_new(SSLv23_server_method());
122 die_unless(pMachine->pCtx);
123
124 n=SSL_CTX_use_certificate_file(pMachine->pCtx,szCertificateFile,
125 SSL_FILETYPE_PEM);
126 die_unless(n > 0);
127
128 n=SSL_CTX_use_PrivateKey_file(pMachine->pCtx,szKeyFile,SSL_FILETYPE_PEM);
129 die_unless(n > 0);
130
131 pMachine->pSSL=SSL_new(pMachine->pCtx);
132 die_unless(pMachine->pSSL);
133
134 pMachine->pbioRead=BIO_new(BIO_s_mem());
135
136 pMachine->pbioWrite=BIO_new(BIO_s_mem());
137
138 SSL_set_bio(pMachine->pSSL,pMachine->pbioRead,pMachine->pbioWrite);
139
140 SSL_set_accept_state(pMachine->pSSL);
141
142 return pMachine;
143 }
144
145void SSLStateMachine_read_inject(SSLStateMachine *pMachine,
146 const unsigned char *aucBuf,int nBuf)
147 {
148 int n=BIO_write(pMachine->pbioRead,aucBuf,nBuf);
149 /* If it turns out this assert fails, then buffer the data here
150 * and just feed it in in churn instead. Seems to me that it
151 * should be guaranteed to succeed, though.
152 */
153 assert(n == nBuf);
154 fprintf(stderr,"%d bytes of encrypted data fed to state machine\n",n);
155 }
156
157int SSLStateMachine_read_extract(SSLStateMachine *pMachine,
158 unsigned char *aucBuf,int nBuf)
159 {
160 int n;
161
162 if(!SSL_is_init_finished(pMachine->pSSL))
163 {
164 fprintf(stderr,"Doing SSL_accept\n");
165 n=SSL_accept(pMachine->pSSL);
166 if(n == 0)
167 fprintf(stderr,"SSL_accept returned zero\n");
168 if(n < 0)
169 {
170 int err;
171
172 if((err=SSL_get_error(pMachine->pSSL,n)) == SSL_ERROR_WANT_READ)
173 {
174 fprintf(stderr,"SSL_accept wants more data\n");
175 return 0;
176 }
177
178 SSLStateMachine_print_error(pMachine,"SSL_accept error");
179 exit(7);
180 }
181 return 0;
182 }
183
184 n=SSL_read(pMachine->pSSL,aucBuf,nBuf);
185 if(n < 0)
186 {
187 int err=SSL_get_error(pMachine->pSSL,n);
188
189 if(err == SSL_ERROR_WANT_READ)
190 {
191 fprintf(stderr,"SSL_read wants more data\n");
192 return 0;
193 }
194
195 SSLStateMachine_print_error(pMachine,"SSL_read error");
196 exit(8);
197 }
198
199 fprintf(stderr,"%d bytes of decrypted data read from state machine\n",n);
200 return n;
201 }
202
203int SSLStateMachine_write_can_extract(SSLStateMachine *pMachine)
204 {
205 int n=BIO_pending(pMachine->pbioWrite);
206 if(n)
207 fprintf(stderr,"There is encrypted data available to write\n");
208 else
209 fprintf(stderr,"There is no encrypted data available to write\n");
210
211 return n;
212 }
213
214int SSLStateMachine_write_extract(SSLStateMachine *pMachine,
215 unsigned char *aucBuf,int nBuf)
216 {
217 int n;
218
219 n=BIO_read(pMachine->pbioWrite,aucBuf,nBuf);
220 fprintf(stderr,"%d bytes of encrypted data read from state machine\n",n);
221 return n;
222 }
223
224void SSLStateMachine_write_inject(SSLStateMachine *pMachine,
225 const unsigned char *aucBuf,int nBuf)
226 {
227 int n=SSL_write(pMachine->pSSL,aucBuf,nBuf);
228 /* If it turns out this assert fails, then buffer the data here
229 * and just feed it in in churn instead. Seems to me that it
230 * should be guaranteed to succeed, though.
231 */
232 assert(n == nBuf);
233 fprintf(stderr,"%d bytes of unencrypted data fed to state machine\n",n);
234 }
235
236int OpenSocket(int nPort)
237 {
238 int nSocket;
239 struct sockaddr_in saServer;
240 struct sockaddr_in saClient;
241 int one=1;
242 int nSize;
243 int nFD;
244 int nLen;
245
246 nSocket=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
247 if(nSocket < 0)
248 {
249 perror("socket");
250 exit(1);
251 }
252
253 if(setsockopt(nSocket,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof one) < 0)
254 {
255 perror("setsockopt");
256 exit(2);
257 }
258
259 memset(&saServer,0,sizeof saServer);
260 saServer.sin_family=AF_INET;
261 saServer.sin_port=htons(nPort);
262 nSize=sizeof saServer;
263 if(bind(nSocket,(struct sockaddr *)&saServer,nSize) < 0)
264 {
265 perror("bind");
266 exit(3);
267 }
268
269 if(listen(nSocket,512) < 0)
270 {
271 perror("listen");
272 exit(4);
273 }
274
275 nLen=sizeof saClient;
276 nFD=accept(nSocket,(struct sockaddr *)&saClient,&nLen);
277 if(nFD < 0)
278 {
279 perror("accept");
280 exit(5);
281 }
282
283 fprintf(stderr,"Incoming accepted on port %d\n",nPort);
284
285 return nFD;
286 }
287
288int main(int argc,char **argv)
289 {
290 SSLStateMachine *pMachine;
291 int nPort;
292 int nFD;
293 const char *szCertificateFile;
294 const char *szKeyFile;
295 char rbuf[1];
296 int nrbuf=0;
297
298 if(argc != 4)
299 {
300 fprintf(stderr,"%s <port> <certificate file> <key file>\n",argv[0]);
301 exit(6);
302 }
303
304 nPort=atoi(argv[1]);
305 szCertificateFile=argv[2];
306 szKeyFile=argv[3];
307
308 SSL_library_init();
309 OpenSSL_add_ssl_algorithms();
310 SSL_load_error_strings();
311 ERR_load_crypto_strings();
312
313 nFD=OpenSocket(nPort);
314
315 pMachine=SSLStateMachine_new(szCertificateFile,szKeyFile);
316
317 for( ; ; )
318 {
319 fd_set rfds,wfds;
320 unsigned char buf[1024];
321 int n;
322
323 FD_ZERO(&rfds);
324 FD_ZERO(&wfds);
325
326 /* Select socket for input */
327 FD_SET(nFD,&rfds);
328
329 /* check whether there's decrypted data */
330 if(!nrbuf)
331 nrbuf=SSLStateMachine_read_extract(pMachine,rbuf,1);
332
333 /* if there's decrypted data, check whether we can write it */
334 if(nrbuf)
335 FD_SET(1,&wfds);
336
337 /* Select socket for output */
338 if(SSLStateMachine_write_can_extract(pMachine))
339 FD_SET(nFD,&wfds);
340
341 /* Select stdin for input */
342 FD_SET(0,&rfds);
343
344 /* Wait for something to do something */
345 n=select(nFD+1,&rfds,&wfds,NULL,NULL);
346 assert(n > 0);
347
348 /* Socket is ready for input */
349 if(FD_ISSET(nFD,&rfds))
350 {
351 n=read(nFD,buf,sizeof buf);
352 if(n == 0)
353 {
354 fprintf(stderr,"Got EOF on socket\n");
355 exit(0);
356 }
357 assert(n > 0);
358
359 SSLStateMachine_read_inject(pMachine,buf,n);
360 }
361
362 /* stdout is ready for output (and hence we have some to send it) */
363 if(FD_ISSET(1,&wfds))
364 {
365 assert(nrbuf == 1);
366 buf[0]=rbuf[0];
367 nrbuf=0;
368
369 n=SSLStateMachine_read_extract(pMachine,buf+1,sizeof buf-1);
370 if(n < 0)
371 {
372 SSLStateMachine_print_error(pMachine,"read extract failed");
373 break;
374 }
375 assert(n >= 0);
376 ++n;
377 if(n > 0) /* FIXME: has to be true now */
378 {
379 int w;
380
381 w=write(1,buf,n);
382 /* FIXME: we should push back any unwritten data */
383 assert(w == n);
384 }
385 }
386
387 /* Socket is ready for output (and therefore we have output to send) */
388 if(FD_ISSET(nFD,&wfds))
389 {
390 int w;
391
392 n=SSLStateMachine_write_extract(pMachine,buf,sizeof buf);
393 assert(n > 0);
394
395 w=write(nFD,buf,n);
396 /* FIXME: we should push back any unwritten data */
397 assert(w == n);
398 }
399
400 /* Stdin is ready for input */
401 if(FD_ISSET(0,&rfds))
402 {
403 n=read(0,buf,sizeof buf);
404 if(n == 0)
405 {
406 fprintf(stderr,"Got EOF on stdin\n");
407 exit(0);
408 }
409 assert(n > 0);
410
411 SSLStateMachine_write_inject(pMachine,buf,n);
412 }
413 }
414 /* not reached */
415 return 0;
416 }
diff --git a/src/lib/libssl/src/demos/tunala/A-client.pem b/src/lib/libssl/src/demos/tunala/A-client.pem
deleted file mode 100644
index a4caf6ef8a..0000000000
--- a/src/lib/libssl/src/demos/tunala/A-client.pem
+++ /dev/null
@@ -1,84 +0,0 @@
1Certificate:
2 Data:
3 Version: 3 (0x2)
4 Serial Number: 2 (0x2)
5 Signature Algorithm: md5WithRSAEncryption
6 Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/Email=none@fake.domain
7 Validity
8 Not Before: Jan 16 05:19:30 2002 GMT
9 Not After : Jan 14 05:19:30 2012 GMT
10 Subject: C=NZ, L=Auckland, O=Mordor, OU=SSL grunt things, CN=tunala-client/Email=client@fake.domain
11 Subject Public Key Info:
12 Public Key Algorithm: rsaEncryption
13 RSA Public Key: (1024 bit)
14 Modulus (1024 bit):
15 00:b0:d3:56:5c:c8:7f:fb:f4:95:9d:04:84:4f:82:
16 b7:a2:75:5c:81:48:8c:56:5d:52:ee:38:e1:5c:c8:
17 9a:70:8e:72:f2:00:1c:17:ef:df:b7:06:59:82:04:
18 f1:f6:49:11:12:a6:4d:cb:1e:ed:ac:59:1c:4a:d0:
19 3d:de:e6:f2:8d:cd:39:c2:0f:e0:46:2f:db:cb:9f:
20 47:f7:56:e7:f8:16:5f:68:71:fb:3a:e3:ab:d2:e5:
21 05:b7:da:65:61:fe:6d:30:e4:12:a8:b5:c1:71:24:
22 6b:aa:80:05:41:17:a0:8b:6e:8b:e6:04:cf:85:7b:
23 2a:ac:a1:79:7d:f4:96:6e:77
24 Exponent: 65537 (0x10001)
25 X509v3 extensions:
26 X509v3 Basic Constraints:
27 CA:FALSE
28 Netscape Comment:
29 OpenSSL Generated Certificate
30 X509v3 Subject Key Identifier:
31 F8:43:CB:4F:4D:4F:BC:6E:52:1A:FD:F9:7B:E1:12:3F:A7:A3:BA:93
32 X509v3 Authority Key Identifier:
33 keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17
34 DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/Email=none@fake.domain
35 serial:00
36
37 Signature Algorithm: md5WithRSAEncryption
38 8f:5f:0e:43:da:9d:61:43:7e:03:38:9a:e6:50:9d:42:e8:95:
39 34:49:75:ec:04:8d:5c:85:99:94:70:a0:e7:1f:1e:a0:8b:0f:
40 d6:e2:cb:f7:35:d9:96:72:bd:a6:e9:8d:4e:b1:e2:ac:97:7f:
41 2f:70:01:9d:aa:04:bc:d4:01:2b:63:77:a5:de:63:3c:a8:f5:
42 f2:72:af:ec:11:12:c0:d4:70:cf:71:a6:fb:e9:1d:b3:27:07:
43 aa:f2:b1:f3:87:d6:ab:8b:ce:c2:08:1b:3c:f9:ba:ff:77:71:
44 86:09:ef:9e:4e:04:06:63:44:e9:93:20:90:c7:2d:50:c6:50:
45 f8:66
46-----BEGIN CERTIFICATE-----
47MIID9TCCA16gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
48EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
49YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
50dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
51DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE5MzBaFw0xMjAxMTQw
52NTE5MzBaMIGHMQswCQYDVQQGEwJOWjERMA8GA1UEBxMIQXVja2xhbmQxDzANBgNV
53BAoTBk1vcmRvcjEZMBcGA1UECxMQU1NMIGdydW50IHRoaW5nczEWMBQGA1UEAxMN
54dHVuYWxhLWNsaWVudDEhMB8GCSqGSIb3DQEJARYSY2xpZW50QGZha2UuZG9tYWlu
55MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw01ZcyH/79JWdBIRPgreidVyB
56SIxWXVLuOOFcyJpwjnLyABwX79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnC
57D+BGL9vLn0f3Vuf4Fl9ocfs646vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovm
58BM+FeyqsoXl99JZudwIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglghkgBhvhC
59AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPhD
60y09NT7xuUhr9+XvhEj+no7qTMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6V
61xCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3Rv
62bjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBB
63dXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQD
64ExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9t
65YWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAI9fDkPanWFDfgM4muZQnULolTRJdewE
66jVyFmZRwoOcfHqCLD9biy/c12ZZyvabpjU6x4qyXfy9wAZ2qBLzUAStjd6XeYzyo
679fJyr+wREsDUcM9xpvvpHbMnB6rysfOH1quLzsIIGzz5uv93cYYJ755OBAZjROmT
68IJDHLVDGUPhm
69-----END CERTIFICATE-----
70-----BEGIN RSA PRIVATE KEY-----
71MIICXgIBAAKBgQCw01ZcyH/79JWdBIRPgreidVyBSIxWXVLuOOFcyJpwjnLyABwX
7279+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnCD+BGL9vLn0f3Vuf4Fl9ocfs6
7346vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovmBM+FeyqsoXl99JZudwIDAQAB
74AoGAU4chbqbPvkclPYzaq2yGLlneHrwUft+KwzlfS6L/QVgo+CQRIUWQmjaHpaGM
75YtjVFcg1S1QK1bUqZjTEZT0XKhfbYmqW8yYTfbcDEbnY7esoYlvIlW8qRlPRlTBE
76utKrtZafmVhLgoNawYGD0aLZofPqpYjbGUlrC7nrem2vNJECQQDVLD3Qb+OlEMET
7773ApnJhYsK3e+G2LTrtjrS8y5zS4+Xv61XUqvdV7ogzRl0tpvSAmMOItVyoYadkB
78S3xSIWX9AkEA1Fm1FhkQSZwGG5rf4c6gMN71jJ6JE3/kocdVa0sUjRevIupo4XQ2
79Vkykxi84MRP8cfHqyjewq7Ozv3op2MGWgwJBAKemsb66IJjzAkaBav7u70nhOf0/
80+Dc1Zl7QF2y7NVW8sGrnccx5m+ot2lMD4AV6/kvK6jaqdKrapBZGnbGiHqkCQQDI
81T1r33mqz1R8Z2S2Jtzz6/McKf930a/dC+GLGVEutkILf39lRmytKmv/wB0jtWtoO
82rlJ5sLDSNzC+1cE1u997AkEAu3IrtGmLKiuS6kDj6W47m+iiTIsuSJtTJb1SbUaK
83fIoBNFxbvJYW6rUU9+PxpMRaEhzh5s24/jBOE+mlb17mRQ==
84-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/tunala/A-server.pem b/src/lib/libssl/src/demos/tunala/A-server.pem
deleted file mode 100644
index e9f37b1895..0000000000
--- a/src/lib/libssl/src/demos/tunala/A-server.pem
+++ /dev/null
@@ -1,84 +0,0 @@
1Certificate:
2 Data:
3 Version: 3 (0x2)
4 Serial Number: 1 (0x1)
5 Signature Algorithm: md5WithRSAEncryption
6 Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/Email=none@fake.domain
7 Validity
8 Not Before: Jan 16 05:14:06 2002 GMT
9 Not After : Jan 14 05:14:06 2012 GMT
10 Subject: C=NZ, L=Wellington, O=Middle Earth, OU=SSL dev things, CN=tunala-server/Email=server@fake.domain
11 Subject Public Key Info:
12 Public Key Algorithm: rsaEncryption
13 RSA Public Key: (1024 bit)
14 Modulus (1024 bit):
15 00:a9:3e:62:87:97:13:6b:de:8f:bc:1d:0a:3f:65:
16 0c:f9:76:a3:53:ce:97:30:27:0d:c6:df:72:1f:8d:
17 5a:ce:58:23:6a:65:e5:e3:72:1a:8d:7f:fe:90:01:
18 ea:42:f1:9f:6e:7b:0a:bd:eb:52:15:7b:f4:3d:9c:
19 4e:db:74:29:2b:d1:81:9d:b9:9e:18:2b:87:e1:da:
20 50:20:3c:59:6c:c9:83:3e:2c:11:0b:78:1e:03:f4:
21 56:3a:db:95:6a:75:33:85:a9:7b:cc:3c:4a:67:96:
22 f2:24:b2:a0:cb:2e:cc:52:18:16:6f:44:d9:29:64:
23 07:2e:fb:56:cc:7c:dc:a2:d7
24 Exponent: 65537 (0x10001)
25 X509v3 extensions:
26 X509v3 Basic Constraints:
27 CA:FALSE
28 Netscape Comment:
29 OpenSSL Generated Certificate
30 X509v3 Subject Key Identifier:
31 70:AC:7A:B5:6E:97:C2:82:AF:11:9E:32:CB:8D:48:49:93:B7:DC:22
32 X509v3 Authority Key Identifier:
33 keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17
34 DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/Email=none@fake.domain
35 serial:00
36
37 Signature Algorithm: md5WithRSAEncryption
38 2e:cb:a3:cd:6d:a8:9d:d1:dc:e5:f0:e0:27:7e:4b:5a:90:a8:
39 85:43:f0:05:f7:04:43:d7:5f:d1:a5:8f:5c:58:eb:fc:da:c6:
40 7c:e0:0b:2b:98:72:95:f6:79:48:96:7a:fa:0c:6b:09:ec:c6:
41 8c:91:74:45:9f:8f:0f:16:78:e3:66:14:fa:1e:f4:f0:23:ec:
42 cd:a9:52:77:20:4d:c5:05:2c:52:b6:7b:f3:42:33:fd:90:1f:
43 3e:88:6f:9b:23:61:c8:80:3b:e6:57:84:2e:f7:26:c7:35:ed:
44 00:8b:08:30:9b:aa:21:83:b6:6d:b8:7c:8a:9b:2a:ef:79:3d:
45 96:31
46-----BEGIN CERTIFICATE-----
47MIID+zCCA2SgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
48EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
49YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
50dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
51DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE0MDZaFw0xMjAxMTQw
52NTE0MDZaMIGNMQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjEVMBMG
53A1UEChMMTWlkZGxlIEVhcnRoMRcwFQYDVQQLEw5TU0wgZGV2IHRoaW5nczEWMBQG
54A1UEAxMNdHVuYWxhLXNlcnZlcjEhMB8GCSqGSIb3DQEJARYSc2VydmVyQGZha2Uu
55ZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpPmKHlxNr3o+8HQo/
56ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXjchqNf/6QAepC8Z9uewq961IVe/Q9nE7b
57dCkr0YGduZ4YK4fh2lAgPFlsyYM+LBELeB4D9FY625VqdTOFqXvMPEpnlvIksqDL
58LsxSGBZvRNkpZAcu+1bMfNyi1wIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglg
59hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
60BBYEFHCserVul8KCrxGeMsuNSEmTt9wiMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzh
61RaHTCJ6VxCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2Vs
62bGluZ3RvbjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNh
63dGlvbiBBdXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkw
64FwYDVQQDExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZh
65a2UuZG9tYWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAC7Lo81tqJ3R3OXw4Cd+S1qQ
66qIVD8AX3BEPXX9Glj1xY6/zaxnzgCyuYcpX2eUiWevoMawnsxoyRdEWfjw8WeONm
67FPoe9PAj7M2pUncgTcUFLFK2e/NCM/2QHz6Ib5sjYciAO+ZXhC73Jsc17QCLCDCb
68qiGDtm24fIqbKu95PZYx
69-----END CERTIFICATE-----
70-----BEGIN RSA PRIVATE KEY-----
71MIICXAIBAAKBgQCpPmKHlxNr3o+8HQo/ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXj
72chqNf/6QAepC8Z9uewq961IVe/Q9nE7bdCkr0YGduZ4YK4fh2lAgPFlsyYM+LBEL
73eB4D9FY625VqdTOFqXvMPEpnlvIksqDLLsxSGBZvRNkpZAcu+1bMfNyi1wIDAQAB
74AoGANCwqHZhiAU/TyW6+WPqivEhpYw19p/dyFMuPF9DwnEmpaUROUQY8z0AUznn4
75qHhp6Jn/nrprTHowucl0ucweYIYVxZoUiUDFpxdFUbzMdFvo6HcyV1Pe4Rt81HaY
76KYWrTZ6PaPtN65hLms8NhPEdGcGAFlY1owYv4QNGq2bU1JECQQDd32LM0NSfyGmK
774ziajqGcvzK9NO2XyV/nJsGlJZNgMh2zm1t7yR28l/6Q2uyU49cCN+2aYULZCAfs
78taNvxBspAkEAw0alNub+xj2AVQvaxOB1sGfKzsJjHCzKIxUXn/tJi3j0+2asmkBZ
79Umx1MWr9jKQBnCMciCRUbnMEZiElOxCN/wJAfAeQl6Z19gx206lJzzzEo3dOye54
80k02DSxijT8q9pBzf9bN3ZK987BybtiZr8p+bZiYVsSOF1wViSLURdD1QYQJAIaMU
81qH1n24wShBPTrmAfxbBLTgxL+Dl65Eoo1KT7iSvfv0JzbuqwuDL4iPeuD0DdCiE+
82M/FWHeRwGIuTFzaFzwJBANKwx0jZS/h093w9g0Clw6UzeA1P5VcAt9y+qMC9hO3c
834KXwIxQAt9yRaFLpiIR9do5bjjKNnMguf3aO/XRSDQM=
84-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/demos/tunala/CA.pem b/src/lib/libssl/src/demos/tunala/CA.pem
deleted file mode 100644
index 7a55b5463e..0000000000
--- a/src/lib/libssl/src/demos/tunala/CA.pem
+++ /dev/null
@@ -1,24 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIID9zCCA2CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
3EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
4YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
5dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
6DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTA5NTlaFw0xMjAxMTQw
7NTA5NTlaMIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoG
8A1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3Jp
9dHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNr
10b3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluMIGf
11MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7QdDfFIrJn3X24hKmpkyk3TG0Ivxd
12K2wWmDPXq1wjr8lUTwrA6hM5Ba9N36jLieWpXhviLOWu9DBza5GmtgCuXloATKTC
1394xOdKHlciTVujG3wDlLDB5e710Kar84nnj6VueL1RyZ0bmP5PANa4mbGW9Tqc7J
14CkBTTW2y9d0SgQIDAQABo4IBFTCCAREwHQYDVR0OBBYEFEn7RXISxMzhRaHTCJ6V
15xCxtVT8XMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6VxCxtVT8XoYG6pIG3
16MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoGA1UEChMz
17UmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3JpdHkgKFJJ
18QUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNrb3YgYWwt
19VHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluggEAMAwGA1Ud
20EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYQo95V/NY+eKxYxkhibZiUQygph+
21gTfgbDG20MsnH6+8//w5ArHauFCgDrf0P2VyACgq+N4pBTWFGaAaLwbjKy9HCe2E
22j9C91tO1CqDS4MJkDB5AP13FTkK6fP1ZCiTQranOAp3DlGWTTWsFVyW5kVfQ9diS
23ZOyJZ9Fit5XM2X0=
24-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/demos/tunala/INSTALL b/src/lib/libssl/src/demos/tunala/INSTALL
deleted file mode 100644
index a65bbeb8d1..0000000000
--- a/src/lib/libssl/src/demos/tunala/INSTALL
+++ /dev/null
@@ -1,107 +0,0 @@
1There are two ways to build this code;
2
3(1) Manually
4
5(2) Using all-singing all-dancing (all-confusing) autotools, ie. autoconf,
6automake, and their little friends (autoheader, etc).
7
8=================
9Building Manually
10=================
11
12There is a basic "Makefile" in this directory that gets moved out of the way and
13ignored when building with autoconf et al. This Makefile is suitable for
14building tunala on Linux using gcc. Any other platform probably requires some
15tweaking. Here are the various bits you might need to do if you want to build
16this way and the default Makefile isn't sufficient;
17
18* Compiler: Edit the "CC" definition in Makefile
19
20* Headers, features: tunala.h controls what happens in the non-autoconf world.
21 It, by default, assumes the system has *everything* (except autoconf's
22 "config.h") so if a target system is missing something it must define the
23 appropriate "NO_***" symbols in CFLAGS. These include;
24
25 - NO_HAVE_UNISTD_H, NO_HAVE_FCNTL_H, NO_HAVE_LIMITS_H
26 Indicates the compiling system doesn't have (or need) these header files.
27 - NO_HAVE_STRSTR, NO_HAVE_STRTOUL
28 Indicates the compiling system doesn't have these functions. Replacements
29 are compiled and used in breakage.c
30 - NO_HAVE_SELECT, NO_HAVE_SOCKET
31 Pointless symbols - these indicate select() and/or socket() are missing in
32 which case the program won't compile anyway.
33
34 If you want to specify any of these, add them with "-D" prefixed to each in
35 the CFLAGS definition in Makefile.
36
37* Compilation flags: edit DEBUG_FLAGS and/or CFLAGS directly to control the
38 flags passed to the compiler. This can also be used to change the degree of
39 optimisation.
40
41* Linker flags: some systems (eg. Solaris) require extra linker flags such as;
42 -ldl, -lsocket, -lnsl, etc. If unsure, bring up the man page for whichever
43 function is "undefined" when the linker fails - that usually indicates what
44 you need to add. Make changes to the LINK_FLAGS symbol.
45
46* Linker command: if a different linker syntax or even a different program is
47 required to link, edit the linker line directly in the "tunala:" target
48 definition - it currently assumes the "CC" (compiler) program is used to link.
49
50======================
51Building Automagically
52======================
53
54Automagic building is handled courtesy of autoconf, automake, etc. There are in
55fact two steps required to build, and only the first has to be done on a system
56with these tools installed (and if I was prepared to bloat out the CVS
57repository, I could store these extra files, but I'm not).
58
59First step: "autogunk.sh"
60-------------------------
61
62The "./autogunk.sh" script will call all the necessary autotool commands to
63create missing files and run automake and autoconf. The result is that a
64"./configure" script should be generated and a "Makefile.in" generated from the
65supplied "Makefile.am". NB: This script also moves the "manual" Makefile (see
66above) out of the way and calls it "Makefile.plain" - the "ungunk" script
67reverses this to leave the directory it was previously.
68
69Once "ungunk" has been run, the resulting directory should be able to build on
70other systems without autoconf, automake, or libtool. Which is what the second
71step describes;
72
73Second step: "./configure"
74--------------------------
75
76The second step is to run the generated "./configure" script to create a
77config.h header for your system and to generate a "Makefile" (generated from
78"Makefile.in") tweaked to compile on your system. This is the standard sort of
79thing you see in GNU packages, for example, and the standard tricks also work.
80Eg. to override "configure"'s choice of compiler, set the CC environment
81variable prior to running configure, eg.
82
83 CC=gcc ./configure
84
85would cause "gcc" to be used even if there is an otherwise preferable (to
86autoconf) native compiler on your system.
87
88After this run "make" and it should build the "tunala" executable.
89
90Notes
91-----
92
93- Some versions of autoconf (or automake?) generate a Makefile syntax that gives
94 trouble to some "make" programs on some systems (eg. OpenBSD). If this
95 happens, either build 'Manually' (see above) or use "gmake" instead of "make".
96 I don't like this either but like even less the idea of sifting into all the
97 script magic crud that's involved.
98
99- On a solaris system I tried, the "configure" script specified some broken
100 compiler flags in the resulting Makefile that don't even get echoed to
101 stdout/err when the error happens (evil!). If this happens, go into the
102 generated Makefile, find the two affected targets ("%.o:" and "%.lo"), and
103 remove the offending hidden option in the $(COMPILE) line all the sludge after
104 the two first lines of script (ie. after the "echo" and the "COMPILE" lines).
105 NB: This will probably only function if "--disable-shared" was used, otherwise
106 who knows what would result ...
107
diff --git a/src/lib/libssl/src/demos/tunala/Makefile b/src/lib/libssl/src/demos/tunala/Makefile
deleted file mode 100644
index bef1704a3c..0000000000
--- a/src/lib/libssl/src/demos/tunala/Makefile
+++ /dev/null
@@ -1,41 +0,0 @@
1# Edit these to suit
2#
3# Oh yeah, and please read the README too.
4
5
6SSL_HOMEDIR=../..
7SSL_INCLUDEDIR=$(SSL_HOMEDIR)/include
8SSL_LIBDIR=$(SSL_HOMEDIR)
9
10RM=rm -f
11CC=gcc
12DEBUG_FLAGS=-g -ggdb3 -Wall -Wshadow
13INCLUDE_FLAGS=-I$(SSL_INCLUDEDIR)
14CFLAGS=$(DEBUG_FLAGS) $(INCLUDE_FLAGS) -DNO_CONFIG_H
15COMPILE=$(CC) $(CFLAGS) -c
16
17# Edit, particularly the "-ldl" if not building with "dlfcn" support
18LINK_FLAGS=-L$(SSL_LIBDIR) -lssl -lcrypto -ldl
19
20SRCS=buffer.c cb.c ip.c sm.c tunala.c breakage.c
21OBJS=buffer.o cb.o ip.o sm.o tunala.o breakage.o
22
23TARGETS=tunala
24
25default: $(TARGETS)
26
27clean:
28 $(RM) $(OBJS) $(TARGETS) *.bak core
29
30.c.o:
31 $(COMPILE) $<
32
33tunala: $(OBJS)
34 $(CC) -o tunala $(OBJS) $(LINK_FLAGS)
35
36# Extra dependencies, should really use makedepend
37buffer.o: buffer.c tunala.h
38cb.o: cb.c tunala.h
39ip.o: ip.c tunala.h
40sm.o: sm.c tunala.h
41tunala.o: tunala.c tunala.h
diff --git a/src/lib/libssl/src/demos/tunala/Makefile.am b/src/lib/libssl/src/demos/tunala/Makefile.am
deleted file mode 100644
index 706c7806c9..0000000000
--- a/src/lib/libssl/src/demos/tunala/Makefile.am
+++ /dev/null
@@ -1,7 +0,0 @@
1# Our includes come from the OpenSSL build-tree we're in
2INCLUDES = -I$(top_builddir)/../../include
3
4bin_PROGRAMS = tunala
5
6tunala_SOURCES = tunala.c buffer.c cb.c ip.c sm.c breakage.c
7tunala_LDADD = -L$(top_builddir)/../.. -lssl -lcrypto
diff --git a/src/lib/libssl/src/demos/tunala/README b/src/lib/libssl/src/demos/tunala/README
deleted file mode 100644
index 15690088f3..0000000000
--- a/src/lib/libssl/src/demos/tunala/README
+++ /dev/null
@@ -1,233 +0,0 @@
1This is intended to be an example of a state-machine driven SSL application. It
2acts as an SSL tunneler (functioning as either the server or client half,
3depending on command-line arguments). *PLEASE* read the comments in tunala.h
4before you treat this stuff as anything more than a curiosity - YOU HAVE BEEN
5WARNED!! There, that's the draconian bit out of the way ...
6
7
8Why "tunala"??
9--------------
10
11I thought I asked you to read tunala.h?? :-)
12
13
14Show me
15-------
16
17If you want to simply see it running, skip to the end and see some example
18command-line arguments to demonstrate with.
19
20
21Where to look and what to do?
22-----------------------------
23
24The code is split up roughly coinciding with the detaching of an "abstract" SSL
25state machine (which is the purpose of all this) and its surrounding application
26specifics. This is primarily to make it possible for me to know when I could cut
27corners and when I needed to be rigorous (or at least maintain the pretense as
28such :-).
29
30Network stuff:
31
32Basically, the network part of all this is what is supposed to be abstracted out
33of the way. The intention is to illustrate one way to stick OpenSSL's mechanisms
34inside a little memory-driven sandbox and operate it like a pure state-machine.
35So, the network code is inside both ip.c (general utility functions and gory
36IPv4 details) and tunala.c itself, which takes care of application specifics
37like the main select() loop. The connectivity between the specifics of this
38application (TCP/IP tunneling and the associated network code) and the
39underlying abstract SSL state machine stuff is through the use of the "buffer_t"
40type, declared in tunala.h and implemented in buffer.c.
41
42State machine:
43
44Which leaves us, generally speaking, with the abstract "state machine" code left
45over and this is sitting inside sm.c, with declarations inside tunala.h. As can
46be seen by the definition of the state_machine_t structure and the associated
47functions to manipulate it, there are the 3 OpenSSL "handles" plus 4 buffer_t
48structures dealing with IO on both the encrypted and unencrypted sides ("dirty"
49and "clean" respectively). The "SSL" handle is what facilitates the reading and
50writing of the unencrypted (tunneled) data. The two "BIO" handles act as the
51read and write channels for encrypted tunnel traffic - in other applications
52these are often socket BIOs so that the OpenSSL framework operates with the
53network layer directly. In this example, those two BIOs are memory BIOs
54(BIO_s_mem()) so that the sending and receiving of the tunnel traffic stays
55within the state-machine, and we can handle where this gets send to (or read
56from) ourselves.
57
58
59Why?
60----
61
62If you take a look at the "state_machine_t" section of tunala.h and the code in
63sm.c, you will notice that nothing related to the concept of 'transport' is
64involved. The binding to TCP/IP networking occurs in tunala.c, specifically
65within the "tunala_item_t" structure that associates a state_machine_t object
66with 4 file-descriptors. The way to best see where the bridge between the
67outside world (TCP/IP reads, writes, select()s, file-descriptors, etc) and the
68state machine is, is to examine the "tunala_item_io()" function in tunala.c.
69This is currently around lines 641-732 but of course could be subject to change.
70
71
72And...?
73-------
74
75Well, although that function is around 90 lines of code, it could easily have
76been a lot less only I was trying to address an easily missed "gotcha" (item (2)
77below). The main() code that drives the select/accept/IO loop initialises new
78tunala_item_t structures when connections arrive, and works out which
79file-descriptors go where depending on whether we're an SSL client or server
80(client --> accepted connection is clean and proxied is dirty, server -->
81accepted connection is dirty and proxied is clean). What that tunala_item_io()
82function is attempting to do is 2 things;
83
84 (1) Perform all reads and writes on the network directly into the
85 state_machine_t's buffers (based on a previous select() result), and only
86 then allow the abstact state_machine_t to "churn()" using those buffers.
87 This will cause the SSL machine to consume as much input data from the two
88 "IN" buffers as possible, and generate as much output data into the two
89 "OUT" buffers as possible. Back up in the main() function, the next main
90 loop loop will examine these output buffers and select() for writability
91 on the corresponding sockets if the buffers are non-empty.
92
93 (2) Handle the complicated tunneling-specific issue of cascading "close"s.
94 This is the reason for most of the complexity in the logic - if one side
95 of the tunnel is closed, you can't simply close the other side and throw
96 away the whole thing - (a) there may still be outgoing data on the other
97 side of the tunnel that hasn't been sent yet, (b) the close (or things
98 happening during the close) may cause more data to be generated that needs
99 sending on the other side. Of course, this logic is complicated yet futher
100 by the fact that it's different depending on which side closes first :-)
101 state_machine_close_clean() will indicate to the state machine that the
102 unencrypted side of the tunnel has closed, so any existing outgoing data
103 needs to be flushed, and the SSL stream needs to be closed down using the
104 appropriate shutdown sequence. state_machine_close_dirty() is simpler
105 because it indicates that the SSL stream has been disconnected, so all
106 that remains before closing the other side is to flush out anything that
107 remains and wait for it to all be sent.
108
109Anyway, with those things in mind, the code should be a little easier to follow
110in terms of "what is *this* bit supposed to achieve??!!".
111
112
113How might this help?
114--------------------
115
116Well, the reason I wrote this is that there seemed to be rather a flood of
117questions of late on the openssl-dev and openssl-users lists about getting this
118whole IO logic thing sorted out, particularly by those who were trying to either
119use non-blocking IO, or wanted SSL in an environment where "something else" was
120handling the network already and they needed to operate in memory only. This
121code is loosely based on some other stuff I've been working on, although that
122stuff is far more complete, far more dependant on a whole slew of other
123network/framework code I don't want to incorporate here, and far harder to look
124at for 5 minutes and follow where everything is going. I will be trying over
125time to suck in a few things from that into this demo in the hopes it might be
126more useful, and maybe to even make this demo usable as a utility of its own.
127Possible things include:
128
129 * controlling multiple processes/threads - this can be used to combat
130 latencies and get passed file-descriptor limits on some systems, and it uses
131 a "controller" process/thread that maintains IPC links with the
132 processes/threads doing the real work.
133
134 * cert verification rules - having some say over which certs get in or out :-)
135
136 * control over SSL protocols and cipher suites
137
138 * A few other things you can already do in s_client and s_server :-)
139
140 * Support (and control over) session resuming, particularly when functioning
141 as an SSL client.
142
143If you have a particular environment where this model might work to let you "do
144SSL" without having OpenSSL be aware of the transport, then you should find you
145could use the state_machine_t structure (or your own variant thereof) and hook
146it up to your transport stuff in much the way tunala.c matches it up with those
1474 file-descriptors. The state_machine_churn(), state_machine_close_clean(), and
148state_machine_close_dirty() functions are the main things to understand - after
149that's done, you just have to ensure you're feeding and bleeding the 4
150state_machine buffers in a logical fashion. This state_machine loop handles not
151only handshakes and normal streaming, but also renegotiates - there's no special
152handling required beyond keeping an eye on those 4 buffers and keeping them in
153sync with your outer "loop" logic. Ie. if one of the OUT buffers is not empty,
154you need to find an opportunity to try and forward its data on. If one of the IN
155buffers is not full, you should keep an eye out for data arriving that should be
156placed there.
157
158This approach could hopefully also allow you to run the SSL protocol in very
159different environments. As an example, you could support encrypted event-driven
160IPC where threads/processes pass messages to each other inside an SSL layer;
161each IPC-message's payload would be in fact the "dirty" content, and the "clean"
162payload coming out of the tunnel at each end would be the real intended message.
163Likewise, this could *easily* be made to work across unix domain sockets, or
164even entirely different network/comms protocols.
165
166This is also a quick and easy way to do VPN if you (and the remote network's
167gateway) support virtual network devices that are encapsulted in a single
168network connection, perhaps PPP going through an SSL tunnel?
169
170
171Suggestions
172-----------
173
174Please let me know if you find this useful, or if there's anything wrong or
175simply too confusing about it. Patches are also welcome, but please attach a
176description of what it changes and why, and "diff -urN" format is preferred.
177Mail to geoff@openssl.org should do the trick.
178
179
180Example
181-------
182
183Here is an example of how to use "tunala" ...
184
185First, it's assumed that OpenSSL has already built, and that you are building
186inside the ./demos/tunala/ directory. If not - please correct the paths and
187flags inside the Makefile. Likewise, if you want to tweak the building, it's
188best to try and do so in the makefile (eg. removing the debug flags and adding
189optimisation flags).
190
191Secondly, this code has mostly only been tested on Linux. However, some
192autoconf/etc support has been added and the code has been compiled on openbsd
193and solaris using that.
194
195Thirdly, if you are Win32, you probably need to do some *major* rewriting of
196ip.c to stand a hope in hell. Good luck, and please mail me the diff if you do
197this, otherwise I will take a look at another time. It can certainly be done,
198but it's very non-POSIXy.
199
200See the INSTALL document for details on building.
201
202Now, if you don't have an executable "tunala" compiled, go back to "First,...".
203Rinse and repeat.
204
205Inside one console, try typing;
206
207(i) ./tunala -listen localhost:8080 -proxy localhost:8081 -cacert CA.pem \
208 -cert A-client.pem -out_totals -v_peer -v_strict
209
210In another console, type;
211
212(ii) ./tunala -listen localhost:8081 -proxy localhost:23 -cacert CA.pem \
213 -cert A-server.pem -server 1 -out_totals -v_peer -v_strict
214
215Now if you open another console and "telnet localhost 8080", you should be
216tunneled through to the telnet service on your local machine (if it's running -
217you could change it to port "22" and tunnel ssh instead if you so desired). When
218you logout of the telnet session, the tunnel should cleanly shutdown and show
219you some traffic stats in both consoles. Feel free to experiment. :-)
220
221Notes:
222
223 - the format for the "-listen" argument can skip the host part (eg. "-listen
224 8080" is fine). If you do, the listening socket will listen on all interfaces
225 so you can connect from other machines for example. Using the "localhost"
226 form listens only on 127.0.0.1 so you can only connect locally (unless, of
227 course, you've set up weird stuff with your networking in which case probably
228 none of the above applies).
229
230 - ./tunala -? gives you a list of other command-line options, but tunala.c is
231 also a good place to look :-)
232
233
diff --git a/src/lib/libssl/src/demos/tunala/autogunk.sh b/src/lib/libssl/src/demos/tunala/autogunk.sh
deleted file mode 100644
index c9783c6261..0000000000
--- a/src/lib/libssl/src/demos/tunala/autogunk.sh
+++ /dev/null
@@ -1,25 +0,0 @@
1#!/bin/sh
2
3# This script tries to follow the "GNU way" w.r.t. the autobits.
4# This does of course generate a number of irritating files.
5# Try to get over it (I am getting there myself).
6
7# This should generate any missing crud, and then run autoconf which should turn
8# configure.in into a "./configure" script and "Makefile.am" into a
9# "Makefile.in". Then running "./configure" should turn "Makefile.in" into
10# "Makefile" and should generate the config.h containing your systems various
11# settings. I know ... what a hassle ...
12
13# Also, sometimes these autobits things generate bizarre output (looking like
14# errors). So I direct everything "elsewhere" ...
15
16(aclocal
17autoheader
18libtoolize --copy --force
19automake --foreign --add-missing --copy
20autoconf) 1> /dev/null 2>&1
21
22# Move the "no-autotools" Makefile out of the way
23if test ! -f Makefile.plain; then
24 mv Makefile Makefile.plain
25fi
diff --git a/src/lib/libssl/src/demos/tunala/autoungunk.sh b/src/lib/libssl/src/demos/tunala/autoungunk.sh
deleted file mode 100644
index 21790880d7..0000000000
--- a/src/lib/libssl/src/demos/tunala/autoungunk.sh
+++ /dev/null
@@ -1,19 +0,0 @@
1#!/bin/sh
2
3# This script tries to clean up as much as is possible from whatever diabolical
4# mess has been left in the directory thanks to autoconf, automake, and their
5# friends.
6
7if test -f Makefile.plain; then
8 if test -f Makefile; then
9 make distclean
10 fi
11 mv Makefile.plain Makefile
12else
13 make clean
14fi
15
16rm -f aclocal.m4 config.* configure install-sh \
17 missing mkinstalldirs stamp-h.* Makefile.in \
18 ltconfig ltmain.sh depcomp
19rm -rf autom4te.cache
diff --git a/src/lib/libssl/src/demos/tunala/breakage.c b/src/lib/libssl/src/demos/tunala/breakage.c
deleted file mode 100644
index dcdd64b0ef..0000000000
--- a/src/lib/libssl/src/demos/tunala/breakage.c
+++ /dev/null
@@ -1,66 +0,0 @@
1#include "tunala.h"
2
3int int_strtoul(const char *str, unsigned long *val)
4{
5#ifdef HAVE_STRTOUL
6 char *tmp;
7 unsigned long ret = strtoul(str, &tmp, 10);
8 if((str == tmp) || (*tmp != '\0'))
9 /* The value didn't parse cleanly */
10 return 0;
11 if(ret == ULONG_MAX)
12 /* We hit a limit */
13 return 0;
14 *val = ret;
15 return 1;
16#else
17 char buf[2];
18 unsigned long ret = 0;
19 buf[1] = '\0';
20 if(str == '\0')
21 /* An empty string ... */
22 return 0;
23 while(*str != '\0') {
24 /* We have to multiply 'ret' by 10 before absorbing the next
25 * digit. If this will overflow, catch it now. */
26 if(ret && (((ULONG_MAX + 10) / ret) < 10))
27 return 0;
28 ret *= 10;
29 if(!isdigit(*str))
30 return 0;
31 buf[0] = *str;
32 ret += atoi(buf);
33 str++;
34 }
35 *val = ret;
36 return 1;
37#endif
38}
39
40#ifndef HAVE_STRSTR
41char *int_strstr(const char *haystack, const char *needle)
42{
43 const char *sub_haystack = haystack, *sub_needle = needle;
44 unsigned int offset = 0;
45 if(!needle)
46 return haystack;
47 if(!haystack)
48 return NULL;
49 while((*sub_haystack != '\0') && (*sub_needle != '\0')) {
50 if(sub_haystack[offset] == sub_needle) {
51 /* sub_haystack is still a candidate */
52 offset++;
53 sub_needle++;
54 } else {
55 /* sub_haystack is no longer a possibility */
56 sub_haystack++;
57 offset = 0;
58 sub_needle = needle;
59 }
60 }
61 if(*sub_haystack == '\0')
62 /* Found nothing */
63 return NULL;
64 return sub_haystack;
65}
66#endif
diff --git a/src/lib/libssl/src/demos/tunala/buffer.c b/src/lib/libssl/src/demos/tunala/buffer.c
deleted file mode 100644
index c5cd004209..0000000000
--- a/src/lib/libssl/src/demos/tunala/buffer.c
+++ /dev/null
@@ -1,205 +0,0 @@
1#include "tunala.h"
2
3#ifndef NO_BUFFER
4
5void buffer_init(buffer_t *buf)
6{
7 buf->used = 0;
8 buf->total_in = buf->total_out = 0;
9}
10
11void buffer_close(buffer_t *buf)
12{
13 /* Our data is static - nothing needs "release", just reset it */
14 buf->used = 0;
15}
16
17/* Code these simple ones in compact form */
18unsigned int buffer_used(buffer_t *buf) {
19 return buf->used; }
20unsigned int buffer_unused(buffer_t *buf) {
21 return (MAX_DATA_SIZE - buf->used); }
22int buffer_full(buffer_t *buf) {
23 return (buf->used == MAX_DATA_SIZE ? 1 : 0); }
24int buffer_notfull(buffer_t *buf) {
25 return (buf->used < MAX_DATA_SIZE ? 1 : 0); }
26int buffer_empty(buffer_t *buf) {
27 return (buf->used == 0 ? 1 : 0); }
28int buffer_notempty(buffer_t *buf) {
29 return (buf->used > 0 ? 1 : 0); }
30unsigned long buffer_total_in(buffer_t *buf) {
31 return buf->total_in; }
32unsigned long buffer_total_out(buffer_t *buf) {
33 return buf->total_out; }
34
35/* These 3 static (internal) functions don't adjust the "total" variables as
36 * it's not sure when they're called how it should be interpreted. Only the
37 * higher-level "buffer_[to|from]_[fd|SSL|BIO]" functions should alter these
38 * values. */
39#if 0 /* To avoid "unused" warnings */
40static unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
41 unsigned int size)
42{
43 unsigned int added = MAX_DATA_SIZE - buf->used;
44 if(added > size)
45 added = size;
46 if(added == 0)
47 return 0;
48 memcpy(buf->data + buf->used, ptr, added);
49 buf->used += added;
50 buf->total_in += added;
51 return added;
52}
53
54static unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap)
55{
56 unsigned int moved, tomove = from->used;
57 if((int)tomove > cap)
58 tomove = cap;
59 if(tomove == 0)
60 return 0;
61 moved = buffer_adddata(to, from->data, tomove);
62 if(moved == 0)
63 return 0;
64 buffer_takedata(from, NULL, moved);
65 return moved;
66}
67#endif
68
69static unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
70 unsigned int size)
71{
72 unsigned int taken = buf->used;
73 if(taken > size)
74 taken = size;
75 if(taken == 0)
76 return 0;
77 if(ptr)
78 memcpy(ptr, buf->data, taken);
79 buf->used -= taken;
80 /* Do we have to scroll? */
81 if(buf->used > 0)
82 memmove(buf->data, buf->data + taken, buf->used);
83 return taken;
84}
85
86#ifndef NO_IP
87
88int buffer_from_fd(buffer_t *buf, int fd)
89{
90 int toread = buffer_unused(buf);
91 if(toread == 0)
92 /* Shouldn't be called in this case! */
93 abort();
94 toread = read(fd, buf->data + buf->used, toread);
95 if(toread > 0) {
96 buf->used += toread;
97 buf->total_in += toread;
98 }
99 return toread;
100}
101
102int buffer_to_fd(buffer_t *buf, int fd)
103{
104 int towrite = buffer_used(buf);
105 if(towrite == 0)
106 /* Shouldn't be called in this case! */
107 abort();
108 towrite = write(fd, buf->data, towrite);
109 if(towrite > 0) {
110 buffer_takedata(buf, NULL, towrite);
111 buf->total_out += towrite;
112 }
113 return towrite;
114}
115
116#endif /* !defined(NO_IP) */
117
118#ifndef NO_OPENSSL
119
120static void int_ssl_check(SSL *s, int ret)
121{
122 int e = SSL_get_error(s, ret);
123 switch(e) {
124 /* These seem to be harmless and already "dealt with" by our
125 * non-blocking environment. NB: "ZERO_RETURN" is the clean
126 * "error" indicating a successfully closed SSL tunnel. We let
127 * this happen because our IO loop should not appear to have
128 * broken on this condition - and outside the IO loop, the
129 * "shutdown" state is checked. */
130 case SSL_ERROR_NONE:
131 case SSL_ERROR_WANT_READ:
132 case SSL_ERROR_WANT_WRITE:
133 case SSL_ERROR_WANT_X509_LOOKUP:
134 case SSL_ERROR_ZERO_RETURN:
135 return;
136 /* These seem to be indications of a genuine error that should
137 * result in the SSL tunnel being regarded as "dead". */
138 case SSL_ERROR_SYSCALL:
139 case SSL_ERROR_SSL:
140 SSL_set_app_data(s, (char *)1);
141 return;
142 default:
143 break;
144 }
145 /* For any other errors that (a) exist, and (b) crop up - we need to
146 * interpret what to do with them - so "politely inform" the caller that
147 * the code needs updating here. */
148 abort();
149}
150
151void buffer_from_SSL(buffer_t *buf, SSL *ssl)
152{
153 int ret;
154 if(!ssl || buffer_full(buf))
155 return;
156 ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));
157 if(ret > 0) {
158 buf->used += ret;
159 buf->total_in += ret;
160 }
161 if(ret < 0)
162 int_ssl_check(ssl, ret);
163}
164
165void buffer_to_SSL(buffer_t *buf, SSL *ssl)
166{
167 int ret;
168 if(!ssl || buffer_empty(buf))
169 return;
170 ret = SSL_write(ssl, buf->data, buf->used);
171 if(ret > 0) {
172 buffer_takedata(buf, NULL, ret);
173 buf->total_out += ret;
174 }
175 if(ret < 0)
176 int_ssl_check(ssl, ret);
177}
178
179void buffer_from_BIO(buffer_t *buf, BIO *bio)
180{
181 int ret;
182 if(!bio || buffer_full(buf))
183 return;
184 ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));
185 if(ret > 0) {
186 buf->used += ret;
187 buf->total_in += ret;
188 }
189}
190
191void buffer_to_BIO(buffer_t *buf, BIO *bio)
192{
193 int ret;
194 if(!bio || buffer_empty(buf))
195 return;
196 ret = BIO_write(bio, buf->data, buf->used);
197 if(ret > 0) {
198 buffer_takedata(buf, NULL, ret);
199 buf->total_out += ret;
200 }
201}
202
203#endif /* !defined(NO_OPENSSL) */
204
205#endif /* !defined(NO_BUFFER) */
diff --git a/src/lib/libssl/src/demos/tunala/cb.c b/src/lib/libssl/src/demos/tunala/cb.c
deleted file mode 100644
index f6e452ae93..0000000000
--- a/src/lib/libssl/src/demos/tunala/cb.c
+++ /dev/null
@@ -1,162 +0,0 @@
1#include "tunala.h"
2
3#ifndef NO_OPENSSL
4
5/* For callbacks generating output, here are their file-descriptors. */
6static FILE *fp_cb_ssl_info = NULL;
7static FILE *fp_cb_ssl_verify = NULL;
8/* Output level:
9 * 0 = nothing,
10 * 1 = minimal, just errors,
11 * 2 = minimal, all steps,
12 * 3 = detail, all steps */
13static unsigned int cb_ssl_verify_level = 1;
14
15/* Other static rubbish (to mirror s_cb.c where required) */
16static int int_verify_depth = 10;
17
18/* This function is largely borrowed from the one used in OpenSSL's "s_client"
19 * and "s_server" utilities. */
20void cb_ssl_info(const SSL *s, int where, int ret)
21{
22 const char *str1, *str2;
23 int w;
24
25 if(!fp_cb_ssl_info)
26 return;
27
28 w = where & ~SSL_ST_MASK;
29 str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?
30 "SSL_accept" : "undefined")),
31 str2 = SSL_state_string_long(s);
32
33 if (where & SSL_CB_LOOP)
34 fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);
35 else if (where & SSL_CB_EXIT) {
36 if (ret == 0)
37 fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);
38/* In a non-blocking model, we get a few of these "error"s simply because we're
39 * calling "reads" and "writes" on the state-machine that are virtual NOPs
40 * simply to avoid wasting the time seeing if we *should* call them. Removing
41 * this case makes the "-out_state" output a lot easier on the eye. */
42#if 0
43 else if (ret < 0)
44 fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);
45#endif
46 }
47}
48
49void cb_ssl_info_set_output(FILE *fp)
50{
51 fp_cb_ssl_info = fp;
52}
53
54static const char *int_reason_no_issuer = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
55static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID";
56static const char *int_reason_before = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
57static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED";
58static const char *int_reason_after = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
59
60/* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */
61int cb_ssl_verify(int ok, X509_STORE_CTX *ctx)
62{
63 char buf1[256]; /* Used for the subject name */
64 char buf2[256]; /* Used for the issuer name */
65 const char *reason = NULL; /* Error reason (if any) */
66 X509 *err_cert;
67 int err, depth;
68
69 if(!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))
70 return ok;
71 err_cert = X509_STORE_CTX_get_current_cert(ctx);
72 err = X509_STORE_CTX_get_error(ctx);
73 depth = X509_STORE_CTX_get_error_depth(ctx);
74
75 buf1[0] = buf2[0] = '\0';
76 /* Fill buf1 */
77 X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);
78 /* Fill buf2 */
79 X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);
80 switch (ctx->error) {
81 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
82 reason = int_reason_no_issuer;
83 break;
84 case X509_V_ERR_CERT_NOT_YET_VALID:
85 reason = int_reason_not_yet;
86 break;
87 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
88 reason = int_reason_before;
89 break;
90 case X509_V_ERR_CERT_HAS_EXPIRED:
91 reason = int_reason_expired;
92 break;
93 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
94 reason = int_reason_after;
95 break;
96 }
97
98 if((cb_ssl_verify_level == 1) && ok)
99 return ok;
100 fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);
101 if(reason)
102 fprintf(fp_cb_ssl_verify, "error=%s\n", reason);
103 else
104 fprintf(fp_cb_ssl_verify, "error=%d\n", err);
105 if(cb_ssl_verify_level < 3)
106 return ok;
107 fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);
108 fprintf(fp_cb_ssl_verify, "--> issuer = %s\n", buf2);
109 if(!ok)
110 fprintf(fp_cb_ssl_verify,"--> verify error:num=%d:%s\n",err,
111 X509_verify_cert_error_string(err));
112 fprintf(fp_cb_ssl_verify, "--> verify return:%d\n",ok);
113 return ok;
114}
115
116void cb_ssl_verify_set_output(FILE *fp)
117{
118 fp_cb_ssl_verify = fp;
119}
120
121void cb_ssl_verify_set_depth(unsigned int verify_depth)
122{
123 int_verify_depth = verify_depth;
124}
125
126void cb_ssl_verify_set_level(unsigned int level)
127{
128 if(level < 4)
129 cb_ssl_verify_level = level;
130}
131
132RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength)
133{
134 /* TODO: Perhaps make it so our global key can be generated on-the-fly
135 * after certain intervals? */
136 static RSA *rsa_tmp = NULL;
137 BIGNUM *bn = NULL;
138 int ok = 1;
139 if(!rsa_tmp) {
140 ok = 0;
141 if(!(bn = BN_new()))
142 goto end;
143 if(!BN_set_word(bn, RSA_F4))
144 goto end;
145 if(!(rsa_tmp = RSA_new()))
146 goto end;
147 if(!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
148 goto end;
149 ok = 1;
150 }
151end:
152 if(bn)
153 BN_free(bn);
154 if(!ok) {
155 RSA_free(rsa_tmp);
156 rsa_tmp = NULL;
157 }
158 return rsa_tmp;
159}
160
161#endif /* !defined(NO_OPENSSL) */
162
diff --git a/src/lib/libssl/src/demos/tunala/configure.in b/src/lib/libssl/src/demos/tunala/configure.in
deleted file mode 100644
index 590cdbfd26..0000000000
--- a/src/lib/libssl/src/demos/tunala/configure.in
+++ /dev/null
@@ -1,29 +0,0 @@
1dnl Process this file with autoconf to produce a configure script.
2AC_INIT(tunala.c)
3AM_CONFIG_HEADER(config.h)
4AM_INIT_AUTOMAKE(tunala, 0.0.1-dev)
5
6dnl Checks for programs. (Though skip libtool)
7AC_PROG_CC
8dnl AC_PROG_LIBTOOL
9dnl AM_PROG_LIBTOOL
10
11dnl Checks for libraries.
12AC_CHECK_LIB(dl, dlopen)
13AC_CHECK_LIB(z, inflate)
14AC_CHECK_LIB(socket, socket)
15AC_CHECK_LIB(nsl, gethostbyname)
16
17dnl Checks for header files.
18AC_HEADER_STDC
19AC_CHECK_HEADERS(fcntl.h limits.h unistd.h)
20
21dnl Checks for typedefs, structures, and compiler characteristics.
22AC_C_CONST
23
24dnl Checks for library functions.
25AC_CHECK_FUNCS(strstr strtoul)
26AC_CHECK_FUNCS(select socket)
27AC_CHECK_FUNCS(dlopen)
28
29AC_OUTPUT(Makefile)
diff --git a/src/lib/libssl/src/demos/tunala/ip.c b/src/lib/libssl/src/demos/tunala/ip.c
deleted file mode 100644
index 96ef4e6536..0000000000
--- a/src/lib/libssl/src/demos/tunala/ip.c
+++ /dev/null
@@ -1,146 +0,0 @@
1#include "tunala.h"
2
3#ifndef NO_IP
4
5#define IP_LISTENER_BACKLOG 511 /* So if it gets masked by 256 or some other
6 such value it'll still be respectable */
7
8/* Any IP-related initialisations. For now, this means blocking SIGPIPE */
9int ip_initialise(void)
10{
11 struct sigaction sa;
12
13 sa.sa_handler = SIG_IGN;
14 sa.sa_flags = 0;
15 sigemptyset(&sa.sa_mask);
16 if(sigaction(SIGPIPE, &sa, NULL) != 0)
17 return 0;
18 return 1;
19}
20
21int ip_create_listener_split(const char *ip, unsigned short port)
22{
23 struct sockaddr_in in_addr;
24 int fd = -1;
25 int reuseVal = 1;
26
27 /* Create the socket */
28 if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
29 goto err;
30 /* Set the SO_REUSEADDR flag - servers act weird without it */
31 if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),
32 sizeof(reuseVal)) != 0)
33 goto err;
34 /* Prepare the listen address stuff */
35 in_addr.sin_family = AF_INET;
36 memcpy(&in_addr.sin_addr.s_addr, ip, 4);
37 in_addr.sin_port = htons(port);
38 /* Bind to the required port/address/interface */
39 if(bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) != 0)
40 goto err;
41 /* Start "listening" */
42 if(listen(fd, IP_LISTENER_BACKLOG) != 0)
43 goto err;
44 return fd;
45err:
46 if(fd != -1)
47 close(fd);
48 return -1;
49}
50
51int ip_create_connection_split(const char *ip, unsigned short port)
52{
53 struct sockaddr_in in_addr;
54 int flags, fd = -1;
55
56 /* Create the socket */
57 if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
58 goto err;
59 /* Make it non-blocking */
60 if(((flags = fcntl(fd, F_GETFL, 0)) < 0) ||
61 (fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))
62 goto err;
63 /* Prepare the connection address stuff */
64 in_addr.sin_family = AF_INET;
65 memcpy(&in_addr.sin_addr.s_addr, ip, 4);
66 in_addr.sin_port = htons(port);
67 /* Start a connect (non-blocking, in all likelihood) */
68 if((connect(fd, (struct sockaddr *)&in_addr,
69 sizeof(struct sockaddr_in)) != 0) &&
70 (errno != EINPROGRESS))
71 goto err;
72 return fd;
73err:
74 if(fd != -1)
75 close(fd);
76 return -1;
77}
78
79static char all_local_ip[] = {0x00,0x00,0x00,0x00};
80
81int ip_parse_address(const char *address, const char **parsed_ip,
82 unsigned short *parsed_port, int accept_all_ip)
83{
84 char buf[256];
85 struct hostent *lookup;
86 unsigned long port;
87 const char *ptr = strstr(address, ":");
88 const char *ip = all_local_ip;
89
90 if(!ptr) {
91 /* We assume we're listening on all local interfaces and have
92 * only specified a port. */
93 if(!accept_all_ip)
94 return 0;
95 ptr = address;
96 goto determine_port;
97 }
98 if((ptr - address) > 255)
99 return 0;
100 memset(buf, 0, 256);
101 memcpy(buf, address, ptr - address);
102 ptr++;
103 if((lookup = gethostbyname(buf)) == NULL) {
104 /* Spit a message to differentiate between lookup failures and
105 * bad strings. */
106 fprintf(stderr, "hostname lookup for '%s' failed\n", buf);
107 return 0;
108 }
109 ip = lookup->h_addr_list[0];
110determine_port:
111 if(strlen(ptr) < 1)
112 return 0;
113 if(!int_strtoul(ptr, &port) || (port > 65535))
114 return 0;
115 *parsed_ip = ip;
116 *parsed_port = (unsigned short)port;
117 return 1;
118}
119
120int ip_create_listener(const char *address)
121{
122 const char *ip;
123 unsigned short port;
124
125 if(!ip_parse_address(address, &ip, &port, 1))
126 return -1;
127 return ip_create_listener_split(ip, port);
128}
129
130int ip_create_connection(const char *address)
131{
132 const char *ip;
133 unsigned short port;
134
135 if(!ip_parse_address(address, &ip, &port, 0))
136 return -1;
137 return ip_create_connection_split(ip, port);
138}
139
140int ip_accept_connection(int listen_fd)
141{
142 return accept(listen_fd, NULL, NULL);
143}
144
145#endif /* !defined(NO_IP) */
146
diff --git a/src/lib/libssl/src/demos/tunala/sm.c b/src/lib/libssl/src/demos/tunala/sm.c
deleted file mode 100644
index 25359e67ef..0000000000
--- a/src/lib/libssl/src/demos/tunala/sm.c
+++ /dev/null
@@ -1,151 +0,0 @@
1#include "tunala.h"
2
3#ifndef NO_TUNALA
4
5void state_machine_init(state_machine_t *machine)
6{
7 machine->ssl = NULL;
8 machine->bio_intossl = machine->bio_fromssl = NULL;
9 buffer_init(&machine->clean_in);
10 buffer_init(&machine->clean_out);
11 buffer_init(&machine->dirty_in);
12 buffer_init(&machine->dirty_out);
13}
14
15void state_machine_close(state_machine_t *machine)
16{
17 if(machine->ssl)
18 SSL_free(machine->ssl);
19/* SSL_free seems to decrement the reference counts already so doing this goes
20 * kaboom. */
21#if 0
22 if(machine->bio_intossl)
23 BIO_free(machine->bio_intossl);
24 if(machine->bio_fromssl)
25 BIO_free(machine->bio_fromssl);
26#endif
27 buffer_close(&machine->clean_in);
28 buffer_close(&machine->clean_out);
29 buffer_close(&machine->dirty_in);
30 buffer_close(&machine->dirty_out);
31 state_machine_init(machine);
32}
33
34buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type)
35{
36 switch(type) {
37 case SM_CLEAN_IN:
38 return &machine->clean_in;
39 case SM_CLEAN_OUT:
40 return &machine->clean_out;
41 case SM_DIRTY_IN:
42 return &machine->dirty_in;
43 case SM_DIRTY_OUT:
44 return &machine->dirty_out;
45 default:
46 break;
47 }
48 /* Should never get here */
49 abort();
50 return NULL;
51}
52
53SSL *state_machine_get_SSL(state_machine_t *machine)
54{
55 return machine->ssl;
56}
57
58int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server)
59{
60 if(machine->ssl)
61 /* Shouldn't ever be set twice */
62 abort();
63 machine->ssl = ssl;
64 /* Create the BIOs to handle the dirty side of the SSL */
65 if((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)
66 abort();
67 if((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)
68 abort();
69 /* Hook up the BIOs on the dirty side of the SSL */
70 SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);
71 if(is_server)
72 SSL_set_accept_state(machine->ssl);
73 else
74 SSL_set_connect_state(machine->ssl);
75 /* If we're the first one to generate traffic - do it now otherwise we
76 * go into the next select empty-handed and our peer will not send data
77 * but will similarly wait for us. */
78 return state_machine_churn(machine);
79}
80
81/* Performs the data-IO loop and returns zero if the machine should close */
82int state_machine_churn(state_machine_t *machine)
83{
84 unsigned int loop;
85 if(machine->ssl == NULL) {
86 if(buffer_empty(&machine->clean_out))
87 /* Time to close this state-machine altogether */
88 return 0;
89 else
90 /* Still buffered data on the clean side to go out */
91 return 1;
92 }
93 /* Do this loop twice to cover any dependencies about which precise
94 * order of reads and writes is required. */
95 for(loop = 0; loop < 2; loop++) {
96 buffer_to_SSL(&machine->clean_in, machine->ssl);
97 buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);
98 buffer_from_SSL(&machine->clean_out, machine->ssl);
99 buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);
100 }
101 /* We close on the SSL side if the info callback noticed some problems
102 * or an SSL shutdown was underway and shutdown traffic had all been
103 * sent. */
104 if(SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) &&
105 buffer_empty(&machine->dirty_out))) {
106 /* Great, we can seal off the dirty side completely */
107 if(!state_machine_close_dirty(machine))
108 return 0;
109 }
110 /* Either the SSL is alive and well, or the closing process still has
111 * outgoing data waiting to be sent */
112 return 1;
113}
114
115/* Called when the clean side of the SSL has lost its connection */
116int state_machine_close_clean(state_machine_t *machine)
117{
118 /* Well, first thing to do is null out the clean-side buffers - they're
119 * no use any more. */
120 buffer_close(&machine->clean_in);
121 buffer_close(&machine->clean_out);
122 /* And start an SSL shutdown */
123 if(machine->ssl)
124 SSL_shutdown(machine->ssl);
125 /* This is an "event", so flush the SSL of any generated traffic */
126 state_machine_churn(machine);
127 if(buffer_empty(&machine->dirty_in) &&
128 buffer_empty(&machine->dirty_out))
129 return 0;
130 return 1;
131}
132
133/* Called when the dirty side of the SSL has lost its connection. This is pretty
134 * terminal as all that can be left to do is send any buffered output on the
135 * clean side - after that, we're done. */
136int state_machine_close_dirty(state_machine_t *machine)
137{
138 buffer_close(&machine->dirty_in);
139 buffer_close(&machine->dirty_out);
140 buffer_close(&machine->clean_in);
141 if(machine->ssl)
142 SSL_free(machine->ssl);
143 machine->ssl = NULL;
144 machine->bio_intossl = machine->bio_fromssl = NULL;
145 if(buffer_empty(&machine->clean_out))
146 return 0;
147 return 1;
148}
149
150#endif /* !defined(NO_TUNALA) */
151
diff --git a/src/lib/libssl/src/demos/tunala/test.sh b/src/lib/libssl/src/demos/tunala/test.sh
deleted file mode 100755
index 105b447333..0000000000
--- a/src/lib/libssl/src/demos/tunala/test.sh
+++ /dev/null
@@ -1,107 +0,0 @@
1#!/bin/sh
2
3HTTP="localhost:8080"
4CLIENT_PORT="9020"
5SERVER_PORT="9021"
6
7sub_test ()
8{
9 echo "STARTING - $VER $CIPHER"
10 ./tunala -listen localhost:$CLIENT_PORT -proxy localhost:$SERVER_PORT \
11 -cacert CA.pem -cert A-client.pem -server 0 \
12 -dh_special standard -v_peer -v_strict \
13 $VER -cipher $CIPHER 1> tc1.txt 2> tc2.txt &
14 ./tunala -listen localhost:$SERVER_PORT -proxy $HTTP \
15 -cacert CA.pem -cert A-server.pem -server 1 \
16 -dh_special standard -v_peer -v_strict \
17 $VER -cipher $CIPHER 1> ts1.txt 2> ts2.txt &
18 # Wait for the servers to be listening before starting the wget test
19 DONE="no"
20 while [ "$DONE" != "yes" ]; do
21 L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`
22 L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`
23 if [ "x$L1" != "x" ]; then
24 DONE="yes"
25 elif [ "x$L2" != "x" ]; then
26 DONE="yes"
27 else
28 sleep 1
29 fi
30 done
31 HTML=`wget -O - -T 1 http://localhost:$CLIENT_PORT 2> /dev/null | grep "<HTML>"`
32 if [ "x$HTML" != "x" ]; then
33 echo "OK - $CIPHER ($VER)"
34 else
35 echo "FAIL - $CIPHER ($VER)"
36 killall tunala
37 exit 1
38 fi
39 killall tunala
40 # Wait for the servers to stop before returning - otherwise the next
41 # test my fail to start ... (fscking race conditions)
42 DONE="yes"
43 while [ "$DONE" != "no" ]; do
44 L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`
45 L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`
46 if [ "x$L1" != "x" ]; then
47 DONE="yes"
48 elif [ "x$L2" != "x" ]; then
49 DONE="yes"
50 else
51 DONE="no"
52 fi
53 done
54 exit 0
55}
56
57run_test ()
58{
59 (sub_test 1> /dev/null) || exit 1
60}
61
62run_ssl_test ()
63{
64killall tunala 1> /dev/null 2> /dev/null
65echo ""
66echo "Starting all $PRETTY tests"
67if [ "$PRETTY" != "SSLv2" ]; then
68 if [ "$PRETTY" != "SSLv3" ]; then
69 export VER="-no_ssl2 -no_ssl3"
70 export OSSL="-tls1"
71 else
72 export VER="-no_ssl2 -no_tls1"
73 export OSSL="-ssl3"
74 fi
75else
76 export VER="-no_ssl3 -no_tls1"
77 export OSSL="-ssl2"
78fi
79LIST="`../../apps/openssl ciphers $OSSL | sed -e 's/:/ /g'`"
80#echo "$LIST"
81for i in $LIST; do \
82 DSS=`echo "$i" | grep "DSS"`
83 if [ "x$DSS" != "x" ]; then
84 echo "---- skipping $i (no DSA cert/keys) ----"
85 else
86 export CIPHER=$i
87 run_test
88 echo "SUCCESS: $i"
89 fi
90done;
91}
92
93# Welcome the user
94echo "Tests will assume an http server running at $HTTP"
95
96# TLSv1 test
97export PRETTY="TLSv1"
98run_ssl_test
99
100# SSLv3 test
101export PRETTY="SSLv3"
102run_ssl_test
103
104# SSLv2 test
105export PRETTY="SSLv2"
106run_ssl_test
107
diff --git a/src/lib/libssl/src/demos/tunala/tunala.c b/src/lib/libssl/src/demos/tunala/tunala.c
deleted file mode 100644
index ec49d3e943..0000000000
--- a/src/lib/libssl/src/demos/tunala/tunala.c
+++ /dev/null
@@ -1,1109 +0,0 @@
1#if defined(NO_BUFFER) || defined(NO_IP) || defined(NO_OPENSSL)
2#error "Badness, NO_BUFFER, NO_IP or NO_OPENSSL is defined, turn them *off*"
3#endif
4
5/* Include our bits'n'pieces */
6#include "tunala.h"
7
8
9/********************************************/
10/* Our local types that specify our "world" */
11/********************************************/
12
13/* These represent running "tunnels". Eg. if you wanted to do SSL in a
14 * "message-passing" scanario, the "int" file-descriptors might be replaced by
15 * thread or process IDs, and the "select" code might be replaced by message
16 * handling code. Whatever. */
17typedef struct _tunala_item_t {
18 /* The underlying SSL state machine. This is a data-only processing unit
19 * and we communicate with it by talking to its four "buffers". */
20 state_machine_t sm;
21 /* The file-descriptors for the "dirty" (encrypted) side of the SSL
22 * setup. In actuality, this is typically a socket and both values are
23 * identical. */
24 int dirty_read, dirty_send;
25 /* The file-descriptors for the "clean" (unencrypted) side of the SSL
26 * setup. These could be stdin/stdout, a socket (both values the same),
27 * or whatever you like. */
28 int clean_read, clean_send;
29} tunala_item_t;
30
31/* This structure is used as the data for running the main loop. Namely, in a
32 * network format such as this, it is stuff for select() - but as pointed out,
33 * when moving the real-world to somewhere else, this might be replaced by
34 * something entirely different. It's basically the stuff that controls when
35 * it's time to do some "work". */
36typedef struct _select_sets_t {
37 int max; /* As required as the first argument to select() */
38 fd_set reads, sends, excepts; /* As passed to select() */
39} select_sets_t;
40typedef struct _tunala_selector_t {
41 select_sets_t last_selected; /* Results of the last select() */
42 select_sets_t next_select; /* What we'll next select on */
43} tunala_selector_t;
44
45/* This structure is *everything*. We do it to avoid the use of globals so that,
46 * for example, it would be easier to shift things around between async-IO,
47 * thread-based, or multi-fork()ed (or combinations thereof). */
48typedef struct _tunala_world_t {
49 /* The file-descriptor we "listen" on for new connections */
50 int listen_fd;
51 /* The array of tunnels */
52 tunala_item_t *tunnels;
53 /* the number of tunnels in use and allocated, respectively */
54 unsigned int tunnels_used, tunnels_size;
55 /* Our outside "loop" context stuff */
56 tunala_selector_t selector;
57 /* Our SSL_CTX, which is configured as the SSL client or server and has
58 * the various cert-settings and callbacks configured. */
59 SSL_CTX *ssl_ctx;
60 /* Simple flag with complex logic :-) Indicates whether we're an SSL
61 * server or an SSL client. */
62 int server_mode;
63} tunala_world_t;
64
65/*****************************/
66/* Internal static functions */
67/*****************************/
68
69static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
70 const char *CAfile, const char *cert, const char *key,
71 const char *dcert, const char *dkey, const char *cipher_list,
72 const char *dh_file, const char *dh_special, int tmp_rsa,
73 int ctx_options, int out_state, int out_verify, int verify_mode,
74 unsigned int verify_depth);
75static void selector_init(tunala_selector_t *selector);
76static void selector_add_listener(tunala_selector_t *selector, int fd);
77static void selector_add_tunala(tunala_selector_t *selector, tunala_item_t *t);
78static int selector_select(tunala_selector_t *selector);
79/* This returns -1 for error, 0 for no new connections, or 1 for success, in
80 * which case *newfd is populated. */
81static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd);
82static int tunala_world_new_item(tunala_world_t *world, int fd,
83 const char *ip, unsigned short port, int flipped);
84static void tunala_world_del_item(tunala_world_t *world, unsigned int idx);
85static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item);
86
87/*********************************************/
88/* MAIN FUNCTION (and its utility functions) */
89/*********************************************/
90
91static const char *def_proxyhost = "127.0.0.1:443";
92static const char *def_listenhost = "127.0.0.1:8080";
93static int def_max_tunnels = 50;
94static const char *def_cacert = NULL;
95static const char *def_cert = NULL;
96static const char *def_key = NULL;
97static const char *def_dcert = NULL;
98static const char *def_dkey = NULL;
99static const char *def_engine_id = NULL;
100static int def_server_mode = 0;
101static int def_flipped = 0;
102static const char *def_cipher_list = NULL;
103static const char *def_dh_file = NULL;
104static const char *def_dh_special = NULL;
105static int def_tmp_rsa = 1;
106static int def_ctx_options = 0;
107static int def_verify_mode = 0;
108static unsigned int def_verify_depth = 10;
109static int def_out_state = 0;
110static unsigned int def_out_verify = 0;
111static int def_out_totals = 0;
112static int def_out_conns = 0;
113
114static const char *helpstring =
115"\n'Tunala' (A tunneler with a New Zealand accent)\n"
116"Usage: tunala [options], where options are from;\n"
117" -listen [host:]<port> (default = 127.0.0.1:8080)\n"
118" -proxy <host>:<port> (default = 127.0.0.1:443)\n"
119" -maxtunnels <num> (default = 50)\n"
120" -cacert <path|NULL> (default = NULL)\n"
121" -cert <path|NULL> (default = NULL)\n"
122" -key <path|NULL> (default = whatever '-cert' is)\n"
123" -dcert <path|NULL> (usually for DSA, default = NULL)\n"
124" -dkey <path|NULL> (usually for DSA, default = whatever '-dcert' is)\n"
125" -engine <id|NULL> (default = NULL)\n"
126" -server <0|1> (default = 0, ie. an SSL client)\n"
127" -flipped <0|1> (makes SSL servers be network clients, and vice versa)\n"
128" -cipher <list> (specifies cipher list to use)\n"
129" -dh_file <path> (a PEM file containing DH parameters to use)\n"
130" -dh_special <NULL|generate|standard> (see below: def=NULL)\n"
131" -no_tmp_rsa (don't generate temporary RSA keys)\n"
132" -no_ssl2 (disable SSLv2)\n"
133" -no_ssl3 (disable SSLv3)\n"
134" -no_tls1 (disable TLSv1)\n"
135" -v_peer (verify the peer certificate)\n"
136" -v_strict (do not continue if peer doesn't authenticate)\n"
137" -v_once (no verification in renegotiates)\n"
138" -v_depth <num> (limit certificate chain depth, default = 10)\n"
139" -out_conns (prints client connections and disconnections)\n"
140" -out_state (prints SSL handshake states)\n"
141" -out_verify <0|1|2|3> (prints certificate verification states: def=1)\n"
142" -out_totals (prints out byte-totals when a tunnel closes)\n"
143" -<h|help|?> (displays this help screen)\n"
144"Notes:\n"
145"(1) It is recommended to specify a cert+key when operating as an SSL server.\n"
146" If you only specify '-cert', the same file must contain a matching\n"
147" private key.\n"
148"(2) Either dh_file or dh_special can be used to specify where DH parameters\n"
149" will be obtained from (or '-dh_special NULL' for the default choice) but\n"
150" you cannot specify both. For dh_special, 'generate' will create new DH\n"
151" parameters on startup, and 'standard' will use embedded parameters\n"
152" instead.\n"
153"(3) Normally an ssl client connects to an ssl server - so that an 'ssl client\n"
154" tunala' listens for 'clean' client connections and proxies ssl, and an\n"
155" 'ssl server tunala' listens for ssl connections and proxies 'clean'. With\n"
156" '-flipped 1', this behaviour is reversed so that an 'ssl server tunala'\n"
157" listens for clean client connections and proxies ssl (but participating\n"
158" as an ssl *server* in the SSL/TLS protocol), and an 'ssl client tunala'\n"
159" listens for ssl connections (participating as an ssl *client* in the\n"
160" SSL/TLS protocol) and proxies 'clean' to the end destination. This can\n"
161" be useful for allowing network access to 'servers' where only the server\n"
162" needs to authenticate the client (ie. the other way is not required).\n"
163" Even with client and server authentication, this 'technique' mitigates\n"
164" some DoS (denial-of-service) potential as it will be the network client\n"
165" having to perform the first private key operation rather than the other\n"
166" way round.\n"
167"(4) The 'technique' used by setting '-flipped 1' is probably compatible with\n"
168" absolutely nothing except another complimentary instance of 'tunala'\n"
169" running with '-flipped 1'. :-)\n";
170
171/* Default DH parameters for use with "-dh_special standard" ... stolen striaght
172 * from s_server. */
173static unsigned char dh512_p[]={
174 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
175 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
176 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
177 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
178 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
179 0x47,0x74,0xE8,0x33,
180 };
181static unsigned char dh512_g[]={
182 0x02,
183 };
184
185/* And the function that parses the above "standard" parameters, again, straight
186 * out of s_server. */
187static DH *get_dh512(void)
188 {
189 DH *dh=NULL;
190
191 if ((dh=DH_new()) == NULL) return(NULL);
192 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
193 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
194 if ((dh->p == NULL) || (dh->g == NULL))
195 return(NULL);
196 return(dh);
197 }
198
199/* Various help/error messages used by main() */
200static int usage(const char *errstr, int isunknownarg)
201{
202 if(isunknownarg)
203 fprintf(stderr, "Error: unknown argument '%s'\n", errstr);
204 else
205 fprintf(stderr, "Error: %s\n", errstr);
206 fprintf(stderr, "%s\n", helpstring);
207 return 1;
208}
209
210static int err_str0(const char *str0)
211{
212 fprintf(stderr, "%s\n", str0);
213 return 1;
214}
215
216static int err_str1(const char *fmt, const char *str1)
217{
218 fprintf(stderr, fmt, str1);
219 fprintf(stderr, "\n");
220 return 1;
221}
222
223static int parse_max_tunnels(const char *s, unsigned int *maxtunnels)
224{
225 unsigned long l;
226 if(!int_strtoul(s, &l) || (l < 1) || (l > 1024)) {
227 fprintf(stderr, "Error, '%s' is an invalid value for "
228 "maxtunnels\n", s);
229 return 0;
230 }
231 *maxtunnels = (unsigned int)l;
232 return 1;
233}
234
235static int parse_server_mode(const char *s, int *servermode)
236{
237 unsigned long l;
238 if(!int_strtoul(s, &l) || (l > 1)) {
239 fprintf(stderr, "Error, '%s' is an invalid value for the "
240 "server mode\n", s);
241 return 0;
242 }
243 *servermode = (int)l;
244 return 1;
245}
246
247static int parse_dh_special(const char *s, const char **dh_special)
248{
249 if((strcmp(s, "NULL") == 0) || (strcmp(s, "generate") == 0) ||
250 (strcmp(s, "standard") == 0)) {
251 *dh_special = s;
252 return 1;
253 }
254 fprintf(stderr, "Error, '%s' is an invalid value for 'dh_special'\n", s);
255 return 0;
256}
257
258static int parse_verify_level(const char *s, unsigned int *verify_level)
259{
260 unsigned long l;
261 if(!int_strtoul(s, &l) || (l > 3)) {
262 fprintf(stderr, "Error, '%s' is an invalid value for "
263 "out_verify\n", s);
264 return 0;
265 }
266 *verify_level = (unsigned int)l;
267 return 1;
268}
269
270static int parse_verify_depth(const char *s, unsigned int *verify_depth)
271{
272 unsigned long l;
273 if(!int_strtoul(s, &l) || (l < 1) || (l > 50)) {
274 fprintf(stderr, "Error, '%s' is an invalid value for "
275 "verify_depth\n", s);
276 return 0;
277 }
278 *verify_depth = (unsigned int)l;
279 return 1;
280}
281
282/* Some fprintf format strings used when tunnels close */
283static const char *io_stats_dirty =
284" SSL traffic; %8lu bytes in, %8lu bytes out\n";
285static const char *io_stats_clean =
286" clear traffic; %8lu bytes in, %8lu bytes out\n";
287
288int main(int argc, char *argv[])
289{
290 unsigned int loop;
291 int newfd;
292 tunala_world_t world;
293 tunala_item_t *t_item;
294 const char *proxy_ip;
295 unsigned short proxy_port;
296 /* Overridables */
297 const char *proxyhost = def_proxyhost;
298 const char *listenhost = def_listenhost;
299 unsigned int max_tunnels = def_max_tunnels;
300 const char *cacert = def_cacert;
301 const char *cert = def_cert;
302 const char *key = def_key;
303 const char *dcert = def_dcert;
304 const char *dkey = def_dkey;
305 const char *engine_id = def_engine_id;
306 int server_mode = def_server_mode;
307 int flipped = def_flipped;
308 const char *cipher_list = def_cipher_list;
309 const char *dh_file = def_dh_file;
310 const char *dh_special = def_dh_special;
311 int tmp_rsa = def_tmp_rsa;
312 int ctx_options = def_ctx_options;
313 int verify_mode = def_verify_mode;
314 unsigned int verify_depth = def_verify_depth;
315 int out_state = def_out_state;
316 unsigned int out_verify = def_out_verify;
317 int out_totals = def_out_totals;
318 int out_conns = def_out_conns;
319
320/* Parse command-line arguments */
321next_arg:
322 argc--; argv++;
323 if(argc > 0) {
324 if(strcmp(*argv, "-listen") == 0) {
325 if(argc < 2)
326 return usage("-listen requires an argument", 0);
327 argc--; argv++;
328 listenhost = *argv;
329 goto next_arg;
330 } else if(strcmp(*argv, "-proxy") == 0) {
331 if(argc < 2)
332 return usage("-proxy requires an argument", 0);
333 argc--; argv++;
334 proxyhost = *argv;
335 goto next_arg;
336 } else if(strcmp(*argv, "-maxtunnels") == 0) {
337 if(argc < 2)
338 return usage("-maxtunnels requires an argument", 0);
339 argc--; argv++;
340 if(!parse_max_tunnels(*argv, &max_tunnels))
341 return 1;
342 goto next_arg;
343 } else if(strcmp(*argv, "-cacert") == 0) {
344 if(argc < 2)
345 return usage("-cacert requires an argument", 0);
346 argc--; argv++;
347 if(strcmp(*argv, "NULL") == 0)
348 cacert = NULL;
349 else
350 cacert = *argv;
351 goto next_arg;
352 } else if(strcmp(*argv, "-cert") == 0) {
353 if(argc < 2)
354 return usage("-cert requires an argument", 0);
355 argc--; argv++;
356 if(strcmp(*argv, "NULL") == 0)
357 cert = NULL;
358 else
359 cert = *argv;
360 goto next_arg;
361 } else if(strcmp(*argv, "-key") == 0) {
362 if(argc < 2)
363 return usage("-key requires an argument", 0);
364 argc--; argv++;
365 if(strcmp(*argv, "NULL") == 0)
366 key = NULL;
367 else
368 key = *argv;
369 goto next_arg;
370 } else if(strcmp(*argv, "-dcert") == 0) {
371 if(argc < 2)
372 return usage("-dcert requires an argument", 0);
373 argc--; argv++;
374 if(strcmp(*argv, "NULL") == 0)
375 dcert = NULL;
376 else
377 dcert = *argv;
378 goto next_arg;
379 } else if(strcmp(*argv, "-dkey") == 0) {
380 if(argc < 2)
381 return usage("-dkey requires an argument", 0);
382 argc--; argv++;
383 if(strcmp(*argv, "NULL") == 0)
384 dkey = NULL;
385 else
386 dkey = *argv;
387 goto next_arg;
388 } else if(strcmp(*argv, "-engine") == 0) {
389 if(argc < 2)
390 return usage("-engine requires an argument", 0);
391 argc--; argv++;
392 engine_id = *argv;
393 goto next_arg;
394 } else if(strcmp(*argv, "-server") == 0) {
395 if(argc < 2)
396 return usage("-server requires an argument", 0);
397 argc--; argv++;
398 if(!parse_server_mode(*argv, &server_mode))
399 return 1;
400 goto next_arg;
401 } else if(strcmp(*argv, "-flipped") == 0) {
402 if(argc < 2)
403 return usage("-flipped requires an argument", 0);
404 argc--; argv++;
405 if(!parse_server_mode(*argv, &flipped))
406 return 1;
407 goto next_arg;
408 } else if(strcmp(*argv, "-cipher") == 0) {
409 if(argc < 2)
410 return usage("-cipher requires an argument", 0);
411 argc--; argv++;
412 cipher_list = *argv;
413 goto next_arg;
414 } else if(strcmp(*argv, "-dh_file") == 0) {
415 if(argc < 2)
416 return usage("-dh_file requires an argument", 0);
417 if(dh_special)
418 return usage("cannot mix -dh_file with "
419 "-dh_special", 0);
420 argc--; argv++;
421 dh_file = *argv;
422 goto next_arg;
423 } else if(strcmp(*argv, "-dh_special") == 0) {
424 if(argc < 2)
425 return usage("-dh_special requires an argument", 0);
426 if(dh_file)
427 return usage("cannot mix -dh_file with "
428 "-dh_special", 0);
429 argc--; argv++;
430 if(!parse_dh_special(*argv, &dh_special))
431 return 1;
432 goto next_arg;
433 } else if(strcmp(*argv, "-no_tmp_rsa") == 0) {
434 tmp_rsa = 0;
435 goto next_arg;
436 } else if(strcmp(*argv, "-no_ssl2") == 0) {
437 ctx_options |= SSL_OP_NO_SSLv2;
438 goto next_arg;
439 } else if(strcmp(*argv, "-no_ssl3") == 0) {
440 ctx_options |= SSL_OP_NO_SSLv3;
441 goto next_arg;
442 } else if(strcmp(*argv, "-no_tls1") == 0) {
443 ctx_options |= SSL_OP_NO_TLSv1;
444 goto next_arg;
445 } else if(strcmp(*argv, "-v_peer") == 0) {
446 verify_mode |= SSL_VERIFY_PEER;
447 goto next_arg;
448 } else if(strcmp(*argv, "-v_strict") == 0) {
449 verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
450 goto next_arg;
451 } else if(strcmp(*argv, "-v_once") == 0) {
452 verify_mode |= SSL_VERIFY_CLIENT_ONCE;
453 goto next_arg;
454 } else if(strcmp(*argv, "-v_depth") == 0) {
455 if(argc < 2)
456 return usage("-v_depth requires an argument", 0);
457 argc--; argv++;
458 if(!parse_verify_depth(*argv, &verify_depth))
459 return 1;
460 goto next_arg;
461 } else if(strcmp(*argv, "-out_state") == 0) {
462 out_state = 1;
463 goto next_arg;
464 } else if(strcmp(*argv, "-out_verify") == 0) {
465 if(argc < 2)
466 return usage("-out_verify requires an argument", 0);
467 argc--; argv++;
468 if(!parse_verify_level(*argv, &out_verify))
469 return 1;
470 goto next_arg;
471 } else if(strcmp(*argv, "-out_totals") == 0) {
472 out_totals = 1;
473 goto next_arg;
474 } else if(strcmp(*argv, "-out_conns") == 0) {
475 out_conns = 1;
476 goto next_arg;
477 } else if((strcmp(*argv, "-h") == 0) ||
478 (strcmp(*argv, "-help") == 0) ||
479 (strcmp(*argv, "-?") == 0)) {
480 fprintf(stderr, "%s\n", helpstring);
481 return 0;
482 } else
483 return usage(*argv, 1);
484 }
485 /* Run any sanity checks we want here */
486 if(!cert && !dcert && server_mode)
487 fprintf(stderr, "WARNING: you are running an SSL server without "
488 "a certificate - this may not work!\n");
489
490 /* Initialise network stuff */
491 if(!ip_initialise())
492 return err_str0("ip_initialise failed");
493 /* Create the SSL_CTX */
494 if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id,
495 cacert, cert, key, dcert, dkey, cipher_list, dh_file,
496 dh_special, tmp_rsa, ctx_options, out_state, out_verify,
497 verify_mode, verify_depth)) == NULL)
498 return err_str1("initialise_ssl_ctx(engine_id=%s) failed",
499 (engine_id == NULL) ? "NULL" : engine_id);
500 if(engine_id)
501 fprintf(stderr, "Info, engine '%s' initialised\n", engine_id);
502 /* Create the listener */
503 if((world.listen_fd = ip_create_listener(listenhost)) == -1)
504 return err_str1("ip_create_listener(%s) failed", listenhost);
505 fprintf(stderr, "Info, listening on '%s'\n", listenhost);
506 if(!ip_parse_address(proxyhost, &proxy_ip, &proxy_port, 0))
507 return err_str1("ip_parse_address(%s) failed", proxyhost);
508 fprintf(stderr, "Info, proxying to '%s' (%d.%d.%d.%d:%d)\n", proxyhost,
509 (int)proxy_ip[0], (int)proxy_ip[1],
510 (int)proxy_ip[2], (int)proxy_ip[3], (int)proxy_port);
511 fprintf(stderr, "Info, set maxtunnels to %d\n", (int)max_tunnels);
512 fprintf(stderr, "Info, set to operate as an SSL %s\n",
513 (server_mode ? "server" : "client"));
514 /* Initialise the rest of the stuff */
515 world.tunnels_used = world.tunnels_size = 0;
516 world.tunnels = NULL;
517 world.server_mode = server_mode;
518 selector_init(&world.selector);
519
520/* We're ready to loop */
521main_loop:
522 /* Should we listen for *new* tunnels? */
523 if(world.tunnels_used < max_tunnels)
524 selector_add_listener(&world.selector, world.listen_fd);
525 /* We should add in our existing tunnels */
526 for(loop = 0; loop < world.tunnels_used; loop++)
527 selector_add_tunala(&world.selector, world.tunnels + loop);
528 /* Now do the select */
529 switch(selector_select(&world.selector)) {
530 case -1:
531 if(errno != EINTR) {
532 fprintf(stderr, "selector_select returned a "
533 "badness error.\n");
534 goto shouldnt_happen;
535 }
536 fprintf(stderr, "Warn, selector interrupted by a signal\n");
537 goto main_loop;
538 case 0:
539 fprintf(stderr, "Warn, selector_select returned 0 - signal?""?\n");
540 goto main_loop;
541 default:
542 break;
543 }
544 /* Accept new connection if we should and can */
545 if((world.tunnels_used < max_tunnels) && (selector_get_listener(
546 &world.selector, world.listen_fd,
547 &newfd) == 1)) {
548 /* We have a new connection */
549 if(!tunala_world_new_item(&world, newfd, proxy_ip,
550 proxy_port, flipped))
551 fprintf(stderr, "tunala_world_new_item failed\n");
552 else if(out_conns)
553 fprintf(stderr, "Info, new tunnel opened, now up to "
554 "%d\n", world.tunnels_used);
555 }
556 /* Give each tunnel its moment, note the while loop is because it makes
557 * the logic easier than with "for" to deal with an array that may shift
558 * because of deletes. */
559 loop = 0;
560 t_item = world.tunnels;
561 while(loop < world.tunnels_used) {
562 if(!tunala_item_io(&world.selector, t_item)) {
563 /* We're closing whether for reasons of an error or a
564 * natural close. Don't increment loop or t_item because
565 * the next item is moving to us! */
566 if(!out_totals)
567 goto skip_totals;
568 fprintf(stderr, "Tunnel closing, traffic stats follow\n");
569 /* Display the encrypted (over the network) stats */
570 fprintf(stderr, io_stats_dirty,
571 buffer_total_in(state_machine_get_buffer(
572 &t_item->sm,SM_DIRTY_IN)),
573 buffer_total_out(state_machine_get_buffer(
574 &t_item->sm,SM_DIRTY_OUT)));
575 /* Display the local (tunnelled) stats. NB: Data we
576 * *receive* is data sent *out* of the state_machine on
577 * its 'clean' side. Hence the apparent back-to-front
578 * OUT/IN mixup here :-) */
579 fprintf(stderr, io_stats_clean,
580 buffer_total_out(state_machine_get_buffer(
581 &t_item->sm,SM_CLEAN_OUT)),
582 buffer_total_in(state_machine_get_buffer(
583 &t_item->sm,SM_CLEAN_IN)));
584skip_totals:
585 tunala_world_del_item(&world, loop);
586 if(out_conns)
587 fprintf(stderr, "Info, tunnel closed, down to %d\n",
588 world.tunnels_used);
589 }
590 else {
591 /* Move to the next item */
592 loop++;
593 t_item++;
594 }
595 }
596 goto main_loop;
597 /* Should never get here */
598shouldnt_happen:
599 abort();
600 return 1;
601}
602
603/****************/
604/* OpenSSL bits */
605/****************/
606
607static int ctx_set_cert(SSL_CTX *ctx, const char *cert, const char *key)
608{
609 FILE *fp = NULL;
610 X509 *x509 = NULL;
611 EVP_PKEY *pkey = NULL;
612 int toret = 0; /* Assume an error */
613
614 /* cert */
615 if(cert) {
616 if((fp = fopen(cert, "r")) == NULL) {
617 fprintf(stderr, "Error opening cert file '%s'\n", cert);
618 goto err;
619 }
620 if(!PEM_read_X509(fp, &x509, NULL, NULL)) {
621 fprintf(stderr, "Error reading PEM cert from '%s'\n",
622 cert);
623 goto err;
624 }
625 if(!SSL_CTX_use_certificate(ctx, x509)) {
626 fprintf(stderr, "Error, cert in '%s' can not be used\n",
627 cert);
628 goto err;
629 }
630 /* Clear the FILE* for reuse in the "key" code */
631 fclose(fp);
632 fp = NULL;
633 fprintf(stderr, "Info, operating with cert in '%s'\n", cert);
634 /* If a cert was given without matching key, we assume the same
635 * file contains the required key. */
636 if(!key)
637 key = cert;
638 } else {
639 if(key)
640 fprintf(stderr, "Error, can't specify a key without a "
641 "corresponding certificate\n");
642 else
643 fprintf(stderr, "Error, ctx_set_cert called with "
644 "NULLs!\n");
645 goto err;
646 }
647 /* key */
648 if(key) {
649 if((fp = fopen(key, "r")) == NULL) {
650 fprintf(stderr, "Error opening key file '%s'\n", key);
651 goto err;
652 }
653 if(!PEM_read_PrivateKey(fp, &pkey, NULL, NULL)) {
654 fprintf(stderr, "Error reading PEM key from '%s'\n",
655 key);
656 goto err;
657 }
658 if(!SSL_CTX_use_PrivateKey(ctx, pkey)) {
659 fprintf(stderr, "Error, key in '%s' can not be used\n",
660 key);
661 goto err;
662 }
663 fprintf(stderr, "Info, operating with key in '%s'\n", key);
664 } else
665 fprintf(stderr, "Info, operating without a cert or key\n");
666 /* Success */
667 toret = 1; err:
668 if(x509)
669 X509_free(x509);
670 if(pkey)
671 EVP_PKEY_free(pkey);
672 if(fp)
673 fclose(fp);
674 return toret;
675}
676
677static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file, const char *dh_special)
678{
679 DH *dh = NULL;
680 FILE *fp = NULL;
681
682 if(dh_special) {
683 if(strcmp(dh_special, "NULL") == 0)
684 return 1;
685 if(strcmp(dh_special, "standard") == 0) {
686 if((dh = get_dh512()) == NULL) {
687 fprintf(stderr, "Error, can't parse 'standard'"
688 " DH parameters\n");
689 return 0;
690 }
691 fprintf(stderr, "Info, using 'standard' DH parameters\n");
692 goto do_it;
693 }
694 if(strcmp(dh_special, "generate") != 0)
695 /* This shouldn't happen - screening values is handled
696 * in main(). */
697 abort();
698 fprintf(stderr, "Info, generating DH parameters ... ");
699 fflush(stderr);
700 if(!(dh = DH_new()) || !DH_generate_parameters_ex(dh, 512,
701 DH_GENERATOR_5, NULL)) {
702 fprintf(stderr, "error!\n");
703 if(dh)
704 DH_free(dh);
705 return 0;
706 }
707 fprintf(stderr, "complete\n");
708 goto do_it;
709 }
710 /* So, we're loading dh_file */
711 if((fp = fopen(dh_file, "r")) == NULL) {
712 fprintf(stderr, "Error, couldn't open '%s' for DH parameters\n",
713 dh_file);
714 return 0;
715 }
716 dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
717 fclose(fp);
718 if(dh == NULL) {
719 fprintf(stderr, "Error, could not parse DH parameters from '%s'\n",
720 dh_file);
721 return 0;
722 }
723 fprintf(stderr, "Info, using DH parameters from file '%s'\n", dh_file);
724do_it:
725 SSL_CTX_set_tmp_dh(ctx, dh);
726 DH_free(dh);
727 return 1;
728}
729
730static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
731 const char *CAfile, const char *cert, const char *key,
732 const char *dcert, const char *dkey, const char *cipher_list,
733 const char *dh_file, const char *dh_special, int tmp_rsa,
734 int ctx_options, int out_state, int out_verify, int verify_mode,
735 unsigned int verify_depth)
736{
737 SSL_CTX *ctx = NULL, *ret = NULL;
738 const SSL_METHOD *meth;
739 ENGINE *e = NULL;
740
741 OpenSSL_add_ssl_algorithms();
742 SSL_load_error_strings();
743
744 meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method());
745 if(meth == NULL)
746 goto err;
747 if(engine_id) {
748 ENGINE_load_builtin_engines();
749 if((e = ENGINE_by_id(engine_id)) == NULL) {
750 fprintf(stderr, "Error obtaining '%s' engine, openssl "
751 "errors follow\n", engine_id);
752 goto err;
753 }
754 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
755 fprintf(stderr, "Error assigning '%s' engine, openssl "
756 "errors follow\n", engine_id);
757 goto err;
758 }
759 ENGINE_free(e);
760 }
761 if((ctx = SSL_CTX_new(meth)) == NULL)
762 goto err;
763 /* cacert */
764 if(CAfile) {
765 if(!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx),
766 CAfile, NULL)) {
767 fprintf(stderr, "Error loading CA cert(s) in '%s'\n",
768 CAfile);
769 goto err;
770 }
771 fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n",
772 CAfile);
773 } else
774 fprintf(stderr, "Info, operating without a CA cert(-list)\n");
775 if(!SSL_CTX_set_default_verify_paths(ctx)) {
776 fprintf(stderr, "Error setting default verify paths\n");
777 goto err;
778 }
779
780 /* cert and key */
781 if((cert || key) && !ctx_set_cert(ctx, cert, key))
782 goto err;
783 /* dcert and dkey */
784 if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey))
785 goto err;
786 /* temporary RSA key generation */
787 if(tmp_rsa)
788 SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa);
789
790 /* cipher_list */
791 if(cipher_list) {
792 if(!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
793 fprintf(stderr, "Error setting cipher list '%s'\n",
794 cipher_list);
795 goto err;
796 }
797 fprintf(stderr, "Info, set cipher list '%s'\n", cipher_list);
798 } else
799 fprintf(stderr, "Info, operating with default cipher list\n");
800
801 /* dh_file & dh_special */
802 if((dh_file || dh_special) && !ctx_set_dh(ctx, dh_file, dh_special))
803 goto err;
804
805 /* ctx_options */
806 SSL_CTX_set_options(ctx, ctx_options);
807
808 /* out_state (output of SSL handshake states to screen). */
809 if(out_state)
810 cb_ssl_info_set_output(stderr);
811
812 /* out_verify */
813 if(out_verify > 0) {
814 cb_ssl_verify_set_output(stderr);
815 cb_ssl_verify_set_level(out_verify);
816 }
817
818 /* verify_depth */
819 cb_ssl_verify_set_depth(verify_depth);
820
821 /* Success! (includes setting verify_mode) */
822 SSL_CTX_set_info_callback(ctx, cb_ssl_info);
823 SSL_CTX_set_verify(ctx, verify_mode, cb_ssl_verify);
824 ret = ctx;
825err:
826 if(!ret) {
827 ERR_print_errors_fp(stderr);
828 if(ctx)
829 SSL_CTX_free(ctx);
830 }
831 return ret;
832}
833
834/*****************/
835/* Selector bits */
836/*****************/
837
838static void selector_sets_init(select_sets_t *s)
839{
840 s->max = 0;
841 FD_ZERO(&s->reads);
842 FD_ZERO(&s->sends);
843 FD_ZERO(&s->excepts);
844}
845static void selector_init(tunala_selector_t *selector)
846{
847 selector_sets_init(&selector->last_selected);
848 selector_sets_init(&selector->next_select);
849}
850
851#define SEL_EXCEPTS 0x00
852#define SEL_READS 0x01
853#define SEL_SENDS 0x02
854static void selector_add_raw_fd(tunala_selector_t *s, int fd, int flags)
855{
856 FD_SET(fd, &s->next_select.excepts);
857 if(flags & SEL_READS)
858 FD_SET(fd, &s->next_select.reads);
859 if(flags & SEL_SENDS)
860 FD_SET(fd, &s->next_select.sends);
861 /* Adjust "max" */
862 if(s->next_select.max < (fd + 1))
863 s->next_select.max = fd + 1;
864}
865
866static void selector_add_listener(tunala_selector_t *selector, int fd)
867{
868 selector_add_raw_fd(selector, fd, SEL_READS);
869}
870
871static void selector_add_tunala(tunala_selector_t *s, tunala_item_t *t)
872{
873 /* Set clean read if sm.clean_in is not full */
874 if(t->clean_read != -1) {
875 selector_add_raw_fd(s, t->clean_read,
876 (buffer_full(state_machine_get_buffer(&t->sm,
877 SM_CLEAN_IN)) ? SEL_EXCEPTS : SEL_READS));
878 }
879 /* Set clean send if sm.clean_out is not empty */
880 if(t->clean_send != -1) {
881 selector_add_raw_fd(s, t->clean_send,
882 (buffer_empty(state_machine_get_buffer(&t->sm,
883 SM_CLEAN_OUT)) ? SEL_EXCEPTS : SEL_SENDS));
884 }
885 /* Set dirty read if sm.dirty_in is not full */
886 if(t->dirty_read != -1) {
887 selector_add_raw_fd(s, t->dirty_read,
888 (buffer_full(state_machine_get_buffer(&t->sm,
889 SM_DIRTY_IN)) ? SEL_EXCEPTS : SEL_READS));
890 }
891 /* Set dirty send if sm.dirty_out is not empty */
892 if(t->dirty_send != -1) {
893 selector_add_raw_fd(s, t->dirty_send,
894 (buffer_empty(state_machine_get_buffer(&t->sm,
895 SM_DIRTY_OUT)) ? SEL_EXCEPTS : SEL_SENDS));
896 }
897}
898
899static int selector_select(tunala_selector_t *selector)
900{
901 memcpy(&selector->last_selected, &selector->next_select,
902 sizeof(select_sets_t));
903 selector_sets_init(&selector->next_select);
904 return select(selector->last_selected.max,
905 &selector->last_selected.reads,
906 &selector->last_selected.sends,
907 &selector->last_selected.excepts, NULL);
908}
909
910/* This returns -1 for error, 0 for no new connections, or 1 for success, in
911 * which case *newfd is populated. */
912static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd)
913{
914 if(FD_ISSET(fd, &selector->last_selected.excepts))
915 return -1;
916 if(!FD_ISSET(fd, &selector->last_selected.reads))
917 return 0;
918 if((*newfd = ip_accept_connection(fd)) == -1)
919 return -1;
920 return 1;
921}
922
923/************************/
924/* "Tunala" world stuff */
925/************************/
926
927static int tunala_world_make_room(tunala_world_t *world)
928{
929 unsigned int newsize;
930 tunala_item_t *newarray;
931
932 if(world->tunnels_used < world->tunnels_size)
933 return 1;
934 newsize = (world->tunnels_size == 0 ? 16 :
935 ((world->tunnels_size * 3) / 2));
936 if((newarray = malloc(newsize * sizeof(tunala_item_t))) == NULL)
937 return 0;
938 memset(newarray, 0, newsize * sizeof(tunala_item_t));
939 if(world->tunnels_used > 0)
940 memcpy(newarray, world->tunnels,
941 world->tunnels_used * sizeof(tunala_item_t));
942 if(world->tunnels_size > 0)
943 free(world->tunnels);
944 /* migrate */
945 world->tunnels = newarray;
946 world->tunnels_size = newsize;
947 return 1;
948}
949
950static int tunala_world_new_item(tunala_world_t *world, int fd,
951 const char *ip, unsigned short port, int flipped)
952{
953 tunala_item_t *item;
954 int newfd;
955 SSL *new_ssl = NULL;
956
957 if(!tunala_world_make_room(world))
958 return 0;
959 if((new_ssl = SSL_new(world->ssl_ctx)) == NULL) {
960 fprintf(stderr, "Error creating new SSL\n");
961 ERR_print_errors_fp(stderr);
962 return 0;
963 }
964 item = world->tunnels + (world->tunnels_used++);
965 state_machine_init(&item->sm);
966 item->clean_read = item->clean_send =
967 item->dirty_read = item->dirty_send = -1;
968 if((newfd = ip_create_connection_split(ip, port)) == -1)
969 goto err;
970 /* Which way round? If we're a server, "fd" is the dirty side and the
971 * connection we open is the clean one. For a client, it's the other way
972 * around. Unless, of course, we're "flipped" in which case everything
973 * gets reversed. :-) */
974 if((world->server_mode && !flipped) ||
975 (!world->server_mode && flipped)) {
976 item->dirty_read = item->dirty_send = fd;
977 item->clean_read = item->clean_send = newfd;
978 } else {
979 item->clean_read = item->clean_send = fd;
980 item->dirty_read = item->dirty_send = newfd;
981 }
982 /* We use the SSL's "app_data" to indicate a call-back induced "kill" */
983 SSL_set_app_data(new_ssl, NULL);
984 if(!state_machine_set_SSL(&item->sm, new_ssl, world->server_mode))
985 goto err;
986 return 1;
987err:
988 tunala_world_del_item(world, world->tunnels_used - 1);
989 return 0;
990
991}
992
993static void tunala_world_del_item(tunala_world_t *world, unsigned int idx)
994{
995 tunala_item_t *item = world->tunnels + idx;
996 if(item->clean_read != -1)
997 close(item->clean_read);
998 if(item->clean_send != item->clean_read)
999 close(item->clean_send);
1000 item->clean_read = item->clean_send = -1;
1001 if(item->dirty_read != -1)
1002 close(item->dirty_read);
1003 if(item->dirty_send != item->dirty_read)
1004 close(item->dirty_send);
1005 item->dirty_read = item->dirty_send = -1;
1006 state_machine_close(&item->sm);
1007 /* OK, now we fix the item array */
1008 if(idx + 1 < world->tunnels_used)
1009 /* We need to scroll entries to the left */
1010 memmove(world->tunnels + idx,
1011 world->tunnels + (idx + 1),
1012 (world->tunnels_used - (idx + 1)) *
1013 sizeof(tunala_item_t));
1014 world->tunnels_used--;
1015}
1016
1017static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item)
1018{
1019 int c_r, c_s, d_r, d_s; /* Four boolean flags */
1020
1021 /* Take ourselves out of the gene-pool if there was an except */
1022 if((item->clean_read != -1) && FD_ISSET(item->clean_read,
1023 &selector->last_selected.excepts))
1024 return 0;
1025 if((item->clean_send != -1) && FD_ISSET(item->clean_send,
1026 &selector->last_selected.excepts))
1027 return 0;
1028 if((item->dirty_read != -1) && FD_ISSET(item->dirty_read,
1029 &selector->last_selected.excepts))
1030 return 0;
1031 if((item->dirty_send != -1) && FD_ISSET(item->dirty_send,
1032 &selector->last_selected.excepts))
1033 return 0;
1034 /* Grab our 4 IO flags */
1035 c_r = c_s = d_r = d_s = 0;
1036 if(item->clean_read != -1)
1037 c_r = FD_ISSET(item->clean_read, &selector->last_selected.reads);
1038 if(item->clean_send != -1)
1039 c_s = FD_ISSET(item->clean_send, &selector->last_selected.sends);
1040 if(item->dirty_read != -1)
1041 d_r = FD_ISSET(item->dirty_read, &selector->last_selected.reads);
1042 if(item->dirty_send != -1)
1043 d_s = FD_ISSET(item->dirty_send, &selector->last_selected.sends);
1044 /* If no IO has happened for us, skip needless data looping */
1045 if(!c_r && !c_s && !d_r && !d_s)
1046 return 1;
1047 if(c_r)
1048 c_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
1049 SM_CLEAN_IN), item->clean_read) <= 0);
1050 if(c_s)
1051 c_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
1052 SM_CLEAN_OUT), item->clean_send) <= 0);
1053 if(d_r)
1054 d_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
1055 SM_DIRTY_IN), item->dirty_read) <= 0);
1056 if(d_s)
1057 d_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
1058 SM_DIRTY_OUT), item->dirty_send) <= 0);
1059 /* If any of the flags is non-zero, that means they need closing */
1060 if(c_r) {
1061 close(item->clean_read);
1062 if(item->clean_send == item->clean_read)
1063 item->clean_send = -1;
1064 item->clean_read = -1;
1065 }
1066 if(c_s && (item->clean_send != -1)) {
1067 close(item->clean_send);
1068 if(item->clean_send == item->clean_read)
1069 item->clean_read = -1;
1070 item->clean_send = -1;
1071 }
1072 if(d_r) {
1073 close(item->dirty_read);
1074 if(item->dirty_send == item->dirty_read)
1075 item->dirty_send = -1;
1076 item->dirty_read = -1;
1077 }
1078 if(d_s && (item->dirty_send != -1)) {
1079 close(item->dirty_send);
1080 if(item->dirty_send == item->dirty_read)
1081 item->dirty_read = -1;
1082 item->dirty_send = -1;
1083 }
1084 /* This function name is attributed to the term donated by David
1085 * Schwartz on openssl-dev, message-ID:
1086 * <NCBBLIEPOCNJOAEKBEAKEEDGLIAA.davids@webmaster.com>. :-) */
1087 if(!state_machine_churn(&item->sm))
1088 /* If the SSL closes, it will also zero-out the _in buffers
1089 * and will in future process just outgoing data. As and
1090 * when the outgoing data has gone, it will return zero
1091 * here to tell us to bail out. */
1092 return 0;
1093 /* Otherwise, we return zero if both sides are dead. */
1094 if(((item->clean_read == -1) || (item->clean_send == -1)) &&
1095 ((item->dirty_read == -1) || (item->dirty_send == -1)))
1096 return 0;
1097 /* If only one side closed, notify the SSL of this so it can take
1098 * appropriate action. */
1099 if((item->clean_read == -1) || (item->clean_send == -1)) {
1100 if(!state_machine_close_clean(&item->sm))
1101 return 0;
1102 }
1103 if((item->dirty_read == -1) || (item->dirty_send == -1)) {
1104 if(!state_machine_close_dirty(&item->sm))
1105 return 0;
1106 }
1107 return 1;
1108}
1109
diff --git a/src/lib/libssl/src/demos/tunala/tunala.h b/src/lib/libssl/src/demos/tunala/tunala.h
deleted file mode 100644
index 3a752f259a..0000000000
--- a/src/lib/libssl/src/demos/tunala/tunala.h
+++ /dev/null
@@ -1,215 +0,0 @@
1/* Tunala ("Tunneler with a New Zealand accent")
2 *
3 * Written by Geoff Thorpe, but endorsed/supported by noone. Please use this is
4 * if it's useful or informative to you, but it's only here as a scratchpad for
5 * ideas about how you might (or might not) program with OpenSSL. If you deploy
6 * this is in a mission-critical environment, and have not read, understood,
7 * audited, and modified this code to your satisfaction, and the result is that
8 * all hell breaks loose and you are looking for a new employer, then it proves
9 * nothing except perhaps that Darwinism is alive and well. Let's just say, *I*
10 * don't use this in a mission-critical environment, so it would be stupid for
11 * anyone to assume that it is solid and/or tested enough when even its author
12 * doesn't place that much trust in it. You have been warned.
13 *
14 * With thanks to Cryptographic Appliances, Inc.
15 */
16
17#ifndef _TUNALA_H
18#define _TUNALA_H
19
20/* pull in autoconf fluff */
21#ifndef NO_CONFIG_H
22#include "config.h"
23#else
24/* We don't have autoconf, we have to set all of these unless a tweaked Makefile
25 * tells us not to ... */
26/* headers */
27#ifndef NO_HAVE_SELECT
28#define HAVE_SELECT
29#endif
30#ifndef NO_HAVE_SOCKET
31#define HAVE_SOCKET
32#endif
33#ifndef NO_HAVE_UNISTD_H
34#define HAVE_UNISTD_H
35#endif
36#ifndef NO_HAVE_FCNTL_H
37#define HAVE_FCNTL_H
38#endif
39#ifndef NO_HAVE_LIMITS_H
40#define HAVE_LIMITS_H
41#endif
42/* features */
43#ifndef NO_HAVE_STRSTR
44#define HAVE_STRSTR
45#endif
46#ifndef NO_HAVE_STRTOUL
47#define HAVE_STRTOUL
48#endif
49#endif
50
51#if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)
52#error "can't build without some network basics like select() and socket()"
53#endif
54
55#include <stdlib.h>
56#ifndef NO_SYSTEM_H
57#include <string.h>
58#ifdef HAVE_UNISTD_H
59#include <unistd.h>
60#endif
61#ifdef HAVE_FCNTL_H
62#include <fcntl.h>
63#endif
64#ifdef HAVE_LIMITS_H
65#include <limits.h>
66#endif
67#include <netdb.h>
68#include <signal.h>
69#include <sys/socket.h>
70#include <sys/types.h>
71#include <netinet/in.h>
72#endif /* !defined(NO_SYSTEM_H) */
73
74#ifndef NO_OPENSSL
75#include <openssl/err.h>
76#include <openssl/engine.h>
77#include <openssl/ssl.h>
78#endif /* !defined(NO_OPENSSL) */
79
80#ifndef OPENSSL_NO_BUFFER
81/* This is the generic "buffer" type that is used when feeding the
82 * state-machine. It's basically a FIFO with respect to the "adddata" &
83 * "takedata" type functions that operate on it. */
84#define MAX_DATA_SIZE 16384
85typedef struct _buffer_t {
86 unsigned char data[MAX_DATA_SIZE];
87 unsigned int used;
88 /* Statistical values - counts the total number of bytes read in and
89 * read out (respectively) since "buffer_init()" */
90 unsigned long total_in, total_out;
91} buffer_t;
92
93/* Initialise a buffer structure before use */
94void buffer_init(buffer_t *buf);
95/* Cleanup a buffer structure - presently not needed, but if buffer_t is
96 * converted to using dynamic allocation, this would be required - so should be
97 * called to protect against an explosion of memory leaks later if the change is
98 * made. */
99void buffer_close(buffer_t *buf);
100
101/* Basic functions to manipulate buffers */
102
103unsigned int buffer_used(buffer_t *buf); /* How much data in the buffer */
104unsigned int buffer_unused(buffer_t *buf); /* How much space in the buffer */
105int buffer_full(buffer_t *buf); /* Boolean, is it full? */
106int buffer_notfull(buffer_t *buf); /* Boolean, is it not full? */
107int buffer_empty(buffer_t *buf); /* Boolean, is it empty? */
108int buffer_notempty(buffer_t *buf); /* Boolean, is it not empty? */
109unsigned long buffer_total_in(buffer_t *buf); /* Total bytes written to buffer */
110unsigned long buffer_total_out(buffer_t *buf); /* Total bytes read from buffer */
111
112#if 0 /* Currently used only within buffer.c - better to expose only
113 * higher-level functions anyway */
114/* Add data to the tail of the buffer, returns the amount that was actually
115 * added (so, you need to check if return value is less than size) */
116unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
117 unsigned int size);
118
119/* Take data from the front of the buffer (and scroll the rest forward). If
120 * "ptr" is NULL, this just removes data off the front of the buffer. Return
121 * value is the amount actually removed (can be less than size if the buffer has
122 * too little data). */
123unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
124 unsigned int size);
125
126/* Flushes as much data as possible out of the "from" buffer into the "to"
127 * buffer. Return value is the amount moved. The amount moved can be restricted
128 * to a maximum by specifying "cap" - setting it to -1 means no limit. */
129unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap);
130#endif
131
132#ifndef NO_IP
133/* Read or write between a file-descriptor and a buffer */
134int buffer_from_fd(buffer_t *buf, int fd);
135int buffer_to_fd(buffer_t *buf, int fd);
136#endif /* !defined(NO_IP) */
137
138#ifndef NO_OPENSSL
139/* Read or write between an SSL or BIO and a buffer */
140void buffer_from_SSL(buffer_t *buf, SSL *ssl);
141void buffer_to_SSL(buffer_t *buf, SSL *ssl);
142void buffer_from_BIO(buffer_t *buf, BIO *bio);
143void buffer_to_BIO(buffer_t *buf, BIO *bio);
144
145/* Callbacks */
146void cb_ssl_info(const SSL *s, int where, int ret);
147void cb_ssl_info_set_output(FILE *fp); /* Called if output should be sent too */
148int cb_ssl_verify(int ok, X509_STORE_CTX *ctx);
149void cb_ssl_verify_set_output(FILE *fp);
150void cb_ssl_verify_set_depth(unsigned int verify_depth);
151void cb_ssl_verify_set_level(unsigned int level);
152RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength);
153#endif /* !defined(NO_OPENSSL) */
154#endif /* !defined(OPENSSL_NO_BUFFER) */
155
156#ifndef NO_TUNALA
157#ifdef OPENSSL_NO_BUFFER
158#error "TUNALA section of tunala.h requires BUFFER support"
159#endif
160typedef struct _state_machine_t {
161 SSL *ssl;
162 BIO *bio_intossl;
163 BIO *bio_fromssl;
164 buffer_t clean_in, clean_out;
165 buffer_t dirty_in, dirty_out;
166} state_machine_t;
167typedef enum {
168 SM_CLEAN_IN, SM_CLEAN_OUT,
169 SM_DIRTY_IN, SM_DIRTY_OUT
170} sm_buffer_t;
171void state_machine_init(state_machine_t *machine);
172void state_machine_close(state_machine_t *machine);
173buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type);
174SSL *state_machine_get_SSL(state_machine_t *machine);
175int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server);
176/* Performs the data-IO loop and returns zero if the machine should close */
177int state_machine_churn(state_machine_t *machine);
178/* Is used to handle closing conditions - namely when one side of the tunnel has
179 * closed but the other should finish flushing. */
180int state_machine_close_clean(state_machine_t *machine);
181int state_machine_close_dirty(state_machine_t *machine);
182#endif /* !defined(NO_TUNALA) */
183
184#ifndef NO_IP
185/* Initialise anything related to the networking. This includes blocking pesky
186 * SIGPIPE signals. */
187int ip_initialise(void);
188/* ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port is
189 * the port to listen on (host byte order), and the return value is the
190 * file-descriptor or -1 on error. */
191int ip_create_listener_split(const char *ip, unsigned short port);
192/* Same semantics as above. */
193int ip_create_connection_split(const char *ip, unsigned short port);
194/* Converts a string into the ip/port before calling the above */
195int ip_create_listener(const char *address);
196int ip_create_connection(const char *address);
197/* Just does a string conversion on its own. NB: If accept_all_ip is non-zero,
198 * then the address string could be just a port. Ie. it's suitable for a
199 * listening address but not a connecting address. */
200int ip_parse_address(const char *address, const char **parsed_ip,
201 unsigned short *port, int accept_all_ip);
202/* Accepts an incoming connection through the listener. Assumes selects and
203 * what-not have deemed it an appropriate thing to do. */
204int ip_accept_connection(int listen_fd);
205#endif /* !defined(NO_IP) */
206
207/* These functions wrap up things that can be portability hassles. */
208int int_strtoul(const char *str, unsigned long *val);
209#ifdef HAVE_STRSTR
210#define int_strstr strstr
211#else
212char *int_strstr(const char *haystack, const char *needle);
213#endif
214
215#endif /* !defined(_TUNALA_H) */
diff --git a/src/lib/libssl/src/demos/x509/README b/src/lib/libssl/src/demos/x509/README
deleted file mode 100644
index 88f9d6c46e..0000000000
--- a/src/lib/libssl/src/demos/x509/README
+++ /dev/null
@@ -1,3 +0,0 @@
1This directory contains examples of how to contruct
2various X509 structures. Certificates, certificate requests
3and CRLs.
diff --git a/src/lib/libssl/src/demos/x509/mkcert.c b/src/lib/libssl/src/demos/x509/mkcert.c
deleted file mode 100644
index 6a52e5d0fc..0000000000
--- a/src/lib/libssl/src/demos/x509/mkcert.c
+++ /dev/null
@@ -1,172 +0,0 @@
1/* Certificate creation. Demonstrates some certificate related
2 * operations.
3 */
4
5
6#include <stdio.h>
7#include <stdlib.h>
8
9#include <openssl/pem.h>
10#include <openssl/conf.h>
11#include <openssl/x509v3.h>
12#ifndef OPENSSL_NO_ENGINE
13#include <openssl/engine.h>
14#endif
15
16int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
17int add_ext(X509 *cert, int nid, char *value);
18
19int main(int argc, char **argv)
20 {
21 BIO *bio_err;
22 X509 *x509=NULL;
23 EVP_PKEY *pkey=NULL;
24
25 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
26
27 bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
28
29 mkcert(&x509,&pkey,512,0,365);
30
31 RSA_print_fp(stdout,pkey->pkey.rsa,0);
32 X509_print_fp(stdout,x509);
33
34 PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
35 PEM_write_X509(stdout,x509);
36
37 X509_free(x509);
38 EVP_PKEY_free(pkey);
39
40#ifndef OPENSSL_NO_ENGINE
41 ENGINE_cleanup();
42#endif
43 CRYPTO_cleanup_all_ex_data();
44
45 CRYPTO_mem_leaks(bio_err);
46 BIO_free(bio_err);
47 return(0);
48 }
49
50static void callback(int p, int n, void *arg)
51 {
52 char c='B';
53
54 if (p == 0) c='.';
55 if (p == 1) c='+';
56 if (p == 2) c='*';
57 if (p == 3) c='\n';
58 fputc(c,stderr);
59 }
60
61int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
62 {
63 X509 *x;
64 EVP_PKEY *pk;
65 RSA *rsa;
66 X509_NAME *name=NULL;
67
68 if ((pkeyp == NULL) || (*pkeyp == NULL))
69 {
70 if ((pk=EVP_PKEY_new()) == NULL)
71 {
72 abort();
73 return(0);
74 }
75 }
76 else
77 pk= *pkeyp;
78
79 if ((x509p == NULL) || (*x509p == NULL))
80 {
81 if ((x=X509_new()) == NULL)
82 goto err;
83 }
84 else
85 x= *x509p;
86
87 rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
88 if (!EVP_PKEY_assign_RSA(pk,rsa))
89 {
90 abort();
91 goto err;
92 }
93 rsa=NULL;
94
95 X509_set_version(x,2);
96 ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
97 X509_gmtime_adj(X509_get_notBefore(x),0);
98 X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
99 X509_set_pubkey(x,pk);
100
101 name=X509_get_subject_name(x);
102
103 /* This function creates and adds the entry, working out the
104 * correct string type and performing checks on its length.
105 * Normally we'd check the return value for errors...
106 */
107 X509_NAME_add_entry_by_txt(name,"C",
108 MBSTRING_ASC, "UK", -1, -1, 0);
109 X509_NAME_add_entry_by_txt(name,"CN",
110 MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
111
112 /* Its self signed so set the issuer name to be the same as the
113 * subject.
114 */
115 X509_set_issuer_name(x,name);
116
117 /* Add various extensions: standard extensions */
118 add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
119 add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
120
121 add_ext(x, NID_subject_key_identifier, "hash");
122
123 /* Some Netscape specific extensions */
124 add_ext(x, NID_netscape_cert_type, "sslCA");
125
126 add_ext(x, NID_netscape_comment, "example comment extension");
127
128
129#ifdef CUSTOM_EXT
130 /* Maybe even add our own extension based on existing */
131 {
132 int nid;
133 nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
134 X509V3_EXT_add_alias(nid, NID_netscape_comment);
135 add_ext(x, nid, "example comment alias");
136 }
137#endif
138
139 if (!X509_sign(x,pk,EVP_sha1()))
140 goto err;
141
142 *x509p=x;
143 *pkeyp=pk;
144 return(1);
145err:
146 return(0);
147 }
148
149/* Add extension using V3 code: we can set the config file as NULL
150 * because we wont reference any other sections.
151 */
152
153int add_ext(X509 *cert, int nid, char *value)
154 {
155 X509_EXTENSION *ex;
156 X509V3_CTX ctx;
157 /* This sets the 'context' of the extensions. */
158 /* No configuration database */
159 X509V3_set_ctx_nodb(&ctx);
160 /* Issuer and subject certs: both the target since it is self signed,
161 * no request and no CRL
162 */
163 X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
164 ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
165 if (!ex)
166 return 0;
167
168 X509_add_ext(cert,ex,-1);
169 X509_EXTENSION_free(ex);
170 return 1;
171 }
172
diff --git a/src/lib/libssl/src/demos/x509/mkreq.c b/src/lib/libssl/src/demos/x509/mkreq.c
deleted file mode 100644
index d1cba9dc5a..0000000000
--- a/src/lib/libssl/src/demos/x509/mkreq.c
+++ /dev/null
@@ -1,162 +0,0 @@
1/* Certificate request creation. Demonstrates some request related
2 * operations.
3 */
4
5#include <stdio.h>
6#include <stdlib.h>
7
8#include <openssl/pem.h>
9#include <openssl/conf.h>
10#include <openssl/x509.h>
11#include <openssl/x509v3.h>
12#ifndef OPENSSL_NO_ENGINE
13#include <openssl/engine.h>
14#endif
15
16int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
17int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value);
18
19int main(int argc, char **argv)
20 {
21 BIO *bio_err;
22 X509_REQ *req=NULL;
23 EVP_PKEY *pkey=NULL;
24
25 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
26
27 bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
28
29 mkreq(&req,&pkey,512,0,365);
30
31 RSA_print_fp(stdout,pkey->pkey.rsa,0);
32 X509_REQ_print_fp(stdout,req);
33
34 PEM_write_X509_REQ(stdout,req);
35
36 X509_REQ_free(req);
37 EVP_PKEY_free(pkey);
38
39#ifndef OPENSSL_NO_ENGINE
40 ENGINE_cleanup();
41#endif
42 CRYPTO_cleanup_all_ex_data();
43
44 CRYPTO_mem_leaks(bio_err);
45 BIO_free(bio_err);
46 return(0);
47 }
48
49static void callback(int p, int n, void *arg)
50 {
51 char c='B';
52
53 if (p == 0) c='.';
54 if (p == 1) c='+';
55 if (p == 2) c='*';
56 if (p == 3) c='\n';
57 fputc(c,stderr);
58 }
59
60int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days)
61 {
62 X509_REQ *x;
63 EVP_PKEY *pk;
64 RSA *rsa;
65 X509_NAME *name=NULL;
66 STACK_OF(X509_EXTENSION) *exts = NULL;
67
68 if ((pk=EVP_PKEY_new()) == NULL)
69 goto err;
70
71 if ((x=X509_REQ_new()) == NULL)
72 goto err;
73
74 rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
75 if (!EVP_PKEY_assign_RSA(pk,rsa))
76 goto err;
77
78 rsa=NULL;
79
80 X509_REQ_set_pubkey(x,pk);
81
82 name=X509_REQ_get_subject_name(x);
83
84 /* This function creates and adds the entry, working out the
85 * correct string type and performing checks on its length.
86 * Normally we'd check the return value for errors...
87 */
88 X509_NAME_add_entry_by_txt(name,"C",
89 MBSTRING_ASC, "UK", -1, -1, 0);
90 X509_NAME_add_entry_by_txt(name,"CN",
91 MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
92
93#ifdef REQUEST_EXTENSIONS
94 /* Certificate requests can contain extensions, which can be used
95 * to indicate the extensions the requestor would like added to
96 * their certificate. CAs might ignore them however or even choke
97 * if they are present.
98 */
99
100 /* For request extensions they are all packed in a single attribute.
101 * We save them in a STACK and add them all at once later...
102 */
103
104 exts = sk_X509_EXTENSION_new_null();
105 /* Standard extenions */
106
107 add_ext(exts, NID_key_usage, "critical,digitalSignature,keyEncipherment");
108
109 /* This is a typical use for request extensions: requesting a value for
110 * subject alternative name.
111 */
112
113 add_ext(exts, NID_subject_alt_name, "email:steve@openssl.org");
114
115 /* Some Netscape specific extensions */
116 add_ext(exts, NID_netscape_cert_type, "client,email");
117
118
119
120#ifdef CUSTOM_EXT
121 /* Maybe even add our own extension based on existing */
122 {
123 int nid;
124 nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
125 X509V3_EXT_add_alias(nid, NID_netscape_comment);
126 add_ext(x, nid, "example comment alias");
127 }
128#endif
129
130 /* Now we've created the extensions we add them to the request */
131
132 X509_REQ_add_extensions(x, exts);
133
134 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
135
136#endif
137
138 if (!X509_REQ_sign(x,pk,EVP_sha1()))
139 goto err;
140
141 *req=x;
142 *pkeyp=pk;
143 return(1);
144err:
145 return(0);
146 }
147
148/* Add extension using V3 code: we can set the config file as NULL
149 * because we wont reference any other sections.
150 */
151
152int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value)
153 {
154 X509_EXTENSION *ex;
155 ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
156 if (!ex)
157 return 0;
158 sk_X509_EXTENSION_push(sk, ex);
159
160 return 1;
161 }
162
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 16:59:04 +0000