summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/usr.bin/openssl/dh.c54
-rw-r--r--src/usr.bin/openssl/dhparam.c60
-rw-r--r--src/usr.bin/openssl/dsaparam.c65
-rw-r--r--src/usr.bin/openssl/ecparam.c152
-rw-r--r--src/usr.bin/openssl/openssl.125
-rw-r--r--src/usr.bin/openssl/x509.c92
6 files changed, 12 insertions, 436 deletions
diff --git a/src/usr.bin/openssl/dh.c b/src/usr.bin/openssl/dh.c
index a4c02235f2..d7c7d2db91 100644
--- a/src/usr.bin/openssl/dh.c
+++ b/src/usr.bin/openssl/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.15 2023/03/06 14:32:05 tb Exp $ */ 1/* $OpenBSD: dh.c,v 1.16 2025/01/19 10:24:17 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -75,7 +75,6 @@
75#include <openssl/x509.h> 75#include <openssl/x509.h>
76 76
77static struct { 77static struct {
78 int C;
79 int check; 78 int check;
80 char *infile; 79 char *infile;
81 int informat; 80 int informat;
@@ -87,12 +86,6 @@ static struct {
87 86
88static const struct option dh_options[] = { 87static const struct option dh_options[] = {
89 { 88 {
90 .name = "C",
91 .desc = "Convert DH parameters into C code",
92 .type = OPTION_FLAG,
93 .opt.flag = &cfg.C,
94 },
95 {
96 .name = "check", 89 .name = "check",
97 .desc = "Check the DH parameters", 90 .desc = "Check the DH parameters",
98 .type = OPTION_FLAG, 91 .type = OPTION_FLAG,
@@ -145,7 +138,7 @@ static void
145dh_usage(void) 138dh_usage(void)
146{ 139{
147 fprintf(stderr, 140 fprintf(stderr,
148 "usage: dh [-C] [-check] [-in file] [-inform format]\n" 141 "usage: dh [-check] [-in file] [-inform format]\n"
149 " [-noout] [-out file] [-outform format] [-text]\n\n"); 142 " [-noout] [-out file] [-outform format] [-text]\n\n");
150 options_usage(dh_options); 143 options_usage(dh_options);
151} 144}
@@ -228,49 +221,6 @@ dh_main(int argc, char **argv)
228 if (i == 0) 221 if (i == 0)
229 printf("DH parameters appear to be ok.\n"); 222 printf("DH parameters appear to be ok.\n");
230 } 223 }
231 if (cfg.C) {
232 unsigned char *data;
233 int len, l, bits;
234
235 len = BN_num_bytes(DH_get0_p(dh));
236 bits = BN_num_bits(DH_get0_p(dh));
237 data = malloc(len);
238 if (data == NULL) {
239 perror("malloc");
240 goto end;
241 }
242 l = BN_bn2bin(DH_get0_p(dh), data);
243 printf("static unsigned char dh%d_p[] = {", bits);
244 for (i = 0; i < l; i++) {
245 if ((i % 12) == 0)
246 printf("\n\t");
247 printf("0x%02X, ", data[i]);
248 }
249 printf("\n\t};\n");
250
251 l = BN_bn2bin(DH_get0_g(dh), data);
252 printf("static unsigned char dh%d_g[] = {", bits);
253 for (i = 0; i < l; i++) {
254 if ((i % 12) == 0)
255 printf("\n\t");
256 printf("0x%02X, ", data[i]);
257 }
258 printf("\n\t};\n\n");
259
260 printf("DH *get_dh%d()\n\t{\n", bits);
261 printf("\tDH *dh;\n");
262 printf("\tBIGNUM *p = NULL, *g = NULL;\n\n");
263 printf("\tif ((dh = DH_new()) == NULL) return(NULL);\n");
264 printf("\tp = BN_bin2bn(dh%d_p, sizeof(dh%d_p), NULL);\n",
265 bits, bits);
266 printf("\tg = BN_bin2bn(dh%d_g, sizeof(dh%d_g), NULL);\n",
267 bits, bits);
268 printf("\tif (p == NULL || g == NULL)\n");
269 printf("\t\t{ BN_free(p); BN_free(q); DH_free(dh); return(NULL); }\n");
270 printf("\tDH_set0_pqg(dh, p, NULL, g);\n");
271 printf("\treturn(dh);\n\t}\n");
272 free(data);
273 }
274 if (!cfg.noout) { 224 if (!cfg.noout) {
275 if (cfg.outformat == FORMAT_ASN1) 225 if (cfg.outformat == FORMAT_ASN1)
276 i = i2d_DHparams_bio(out, dh); 226 i = i2d_DHparams_bio(out, dh);
diff --git a/src/usr.bin/openssl/dhparam.c b/src/usr.bin/openssl/dhparam.c
index 00bf697264..752f9ee01a 100644
--- a/src/usr.bin/openssl/dhparam.c
+++ b/src/usr.bin/openssl/dhparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dhparam.c,v 1.18 2023/07/23 11:39:29 tb Exp $ */ 1/* $OpenBSD: dhparam.c,v 1.19 2025/01/19 10:24:17 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -132,7 +132,6 @@
132#define DEFBITS 2048 132#define DEFBITS 2048
133 133
134static struct { 134static struct {
135 int C;
136 int check; 135 int check;
137 int dsaparam; 136 int dsaparam;
138 int g; 137 int g;
@@ -161,12 +160,6 @@ static const struct option dhparam_options[] = {
161 .value = 5, 160 .value = 5,
162 }, 161 },
163 { 162 {
164 .name = "C",
165 .desc = "Convert DH parameters into C code",
166 .type = OPTION_FLAG,
167 .opt.flag = &cfg.C,
168 },
169 {
170 .name = "check", 163 .name = "check",
171 .desc = "Check the DH parameters", 164 .desc = "Check the DH parameters",
172 .type = OPTION_FLAG, 165 .type = OPTION_FLAG,
@@ -225,7 +218,7 @@ static void
225dhparam_usage(void) 218dhparam_usage(void)
226{ 219{
227 fprintf(stderr, 220 fprintf(stderr,
228 "usage: dhparam [-2 | -5] [-C] [-check] [-dsaparam]\n" 221 "usage: dhparam [-2 | -5] [-check] [-dsaparam]\n"
229 " [-in file] [-inform DER | PEM] [-noout] [-out file]\n" 222 " [-in file] [-inform DER | PEM] [-noout] [-out file]\n"
230 " [-outform DER | PEM] [-text] [numbits]\n\n"); 223 " [-outform DER | PEM] [-text] [numbits]\n\n");
231 options_usage(dhparam_options); 224 options_usage(dhparam_options);
@@ -405,55 +398,6 @@ dhparam_main(int argc, char **argv)
405 if (i == 0) 398 if (i == 0)
406 printf("DH parameters appear to be ok.\n"); 399 printf("DH parameters appear to be ok.\n");
407 } 400 }
408 if (cfg.C) {
409 unsigned char *data;
410 int len, l, bits;
411
412 len = BN_num_bytes(DH_get0_p(dh));
413 bits = BN_num_bits(DH_get0_p(dh));
414 data = malloc(len);
415 if (data == NULL) {
416 perror("malloc");
417 goto end;
418 }
419 printf("#ifndef HEADER_DH_H\n"
420 "#include <openssl/dh.h>\n"
421 "#endif\n");
422 printf("DH *get_dh%d()\n\t{\n", bits);
423
424 l = BN_bn2bin(DH_get0_p(dh), data);
425 printf("\tstatic unsigned char dh%d_p[] = {", bits);
426 for (i = 0; i < l; i++) {
427 if ((i % 12) == 0)
428 printf("\n\t\t");
429 printf("0x%02X, ", data[i]);
430 }
431 printf("\n\t\t};\n");
432
433 l = BN_bn2bin(DH_get0_g(dh), data);
434 printf("\tstatic unsigned char dh%d_g[] = {", bits);
435 for (i = 0; i < l; i++) {
436 if ((i % 12) == 0)
437 printf("\n\t\t");
438 printf("0x%02X, ", data[i]);
439 }
440 printf("\n\t\t};\n");
441
442 printf("\tDH *dh;\n");
443 printf("\tBIGNUM *p = NULL, *g = NULL;\n\n");
444 printf("\tif ((dh = DH_new()) == NULL) return(NULL);\n");
445 printf("\tp = BN_bin2bn(dh%d_p, sizeof(dh%d_p), NULL);\n",
446 bits, bits);
447 printf("\tg = BN_bin2bn(dh%d_g, sizeof(dh%d_g), NULL);\n",
448 bits, bits);
449 printf("\tif (p == NULL || g == NULL)\n");
450 printf("\t\t{ BN_free(p); BN_free(g); DH_free(dh); return(NULL); }\n");
451 printf("\tDH_set0_pqg(dh, p, NULL, g);\n");
452 if (DH_get_length(dh) > 0)
453 printf("\tDH_set_length(dh, %ld);\n", DH_get_length(dh));
454 printf("\treturn(dh);\n\t}\n");
455 free(data);
456 }
457 if (!cfg.noout) { 401 if (!cfg.noout) {
458 if (cfg.outformat == FORMAT_ASN1) 402 if (cfg.outformat == FORMAT_ASN1)
459 i = i2d_DHparams_bio(out, dh); 403 i = i2d_DHparams_bio(out, dh);
diff --git a/src/usr.bin/openssl/dsaparam.c b/src/usr.bin/openssl/dsaparam.c
index bc9ccd14d8..962f261210 100644
--- a/src/usr.bin/openssl/dsaparam.c
+++ b/src/usr.bin/openssl/dsaparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsaparam.c,v 1.15 2023/03/06 14:32:06 tb Exp $ */ 1/* $OpenBSD: dsaparam.c,v 1.16 2025/01/19 10:24:17 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -80,7 +80,6 @@
80#include <openssl/x509.h> 80#include <openssl/x509.h>
81 81
82static struct { 82static struct {
83 int C;
84 int genkey; 83 int genkey;
85 char *infile; 84 char *infile;
86 int informat; 85 int informat;
@@ -92,12 +91,6 @@ static struct {
92 91
93static const struct option dsaparam_options[] = { 92static const struct option dsaparam_options[] = {
94 { 93 {
95 .name = "C",
96 .desc = "Convert DSA parameters into C code",
97 .type = OPTION_FLAG,
98 .opt.flag = &cfg.C,
99 },
100 {
101 .name = "genkey", 94 .name = "genkey",
102 .desc = "Generate a DSA key", 95 .desc = "Generate a DSA key",
103 .type = OPTION_FLAG, 96 .type = OPTION_FLAG,
@@ -150,7 +143,7 @@ static void
150dsaparam_usage(void) 143dsaparam_usage(void)
151{ 144{
152 fprintf(stderr, 145 fprintf(stderr,
153 "usage: dsaparam [-C] [-genkey] [-in file]\n" 146 "usage: dsaparam [-genkey] [-in file]\n"
154 " [-inform format] [-noout] [-out file] [-outform format]\n" 147 " [-inform format] [-noout] [-out file] [-outform format]\n"
155 " [-text] [numbits]\n\n"); 148 " [-text] [numbits]\n\n");
156 options_usage(dsaparam_options); 149 options_usage(dsaparam_options);
@@ -253,60 +246,6 @@ dsaparam_main(int argc, char **argv)
253 if (cfg.text) { 246 if (cfg.text) {
254 DSAparams_print(out, dsa); 247 DSAparams_print(out, dsa);
255 } 248 }
256 if (cfg.C) {
257 unsigned char *data;
258 int l, len, bits_p;
259
260 len = BN_num_bytes(DSA_get0_p(dsa));
261 bits_p = BN_num_bits(DSA_get0_p(dsa));
262 data = malloc(len + 20);
263 if (data == NULL) {
264 perror("malloc");
265 goto end;
266 }
267 l = BN_bn2bin(DSA_get0_p(dsa), data);
268 printf("static unsigned char dsa%d_p[] = {", bits_p);
269 for (i = 0; i < l; i++) {
270 if ((i % 12) == 0)
271 printf("\n\t");
272 printf("0x%02X, ", data[i]);
273 }
274 printf("\n\t};\n");
275
276 l = BN_bn2bin(DSA_get0_q(dsa), data);
277 printf("static unsigned char dsa%d_q[] = {", bits_p);
278 for (i = 0; i < l; i++) {
279 if ((i % 12) == 0)
280 printf("\n\t");
281 printf("0x%02X, ", data[i]);
282 }
283 printf("\n\t};\n");
284
285 l = BN_bn2bin(DSA_get0_g(dsa), data);
286 printf("static unsigned char dsa%d_g[] = {", bits_p);
287 for (i = 0; i < l; i++) {
288 if ((i % 12) == 0)
289 printf("\n\t");
290 printf("0x%02X, ", data[i]);
291 }
292 free(data);
293 printf("\n\t};\n\n");
294
295 printf("DSA *get_dsa%d()\n\t{\n", bits_p);
296 printf("\tBIGNUM *p = NULL, *q = NULL, *g = NULL;\n");
297 printf("\tDSA *dsa;\n\n");
298 printf("\tif ((dsa = DSA_new()) == NULL) return(NULL);\n");
299 printf("\tp = BN_bin2bn(dsa%d_p, sizeof(dsa%d_p), NULL);\n",
300 bits_p, bits_p);
301 printf("\tq = BN_bin2bn(dsa%d_q, sizeof(dsa%d_q), NULL);\n",
302 bits_p, bits_p);
303 printf("\tg = BN_bin2bn(dsa%d_g, sizeof(dsa%d_g), NULL);\n",
304 bits_p, bits_p);
305 printf("\tif (p == NULL || q == NULL || g == NULL)\n");
306 printf("\t\t{ BN_free(p); BN_free(q); BN_free(g); DSA_free(dsa); return(NULL); }\n");
307 printf("\tDSA_set0_pqg(dsa, p, q, g);\n");
308 printf("\treturn(dsa);\n\t}\n");
309 }
310 if (!cfg.noout) { 249 if (!cfg.noout) {
311 if (cfg.outformat == FORMAT_ASN1) 250 if (cfg.outformat == FORMAT_ASN1)
312 i = i2d_DSAparams_bio(out, dsa); 251 i = i2d_DSAparams_bio(out, dsa);
diff --git a/src/usr.bin/openssl/ecparam.c b/src/usr.bin/openssl/ecparam.c
index 2d2755acfc..285f5d563e 100644
--- a/src/usr.bin/openssl/ecparam.c
+++ b/src/usr.bin/openssl/ecparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecparam.c,v 1.24 2025/01/19 07:41:52 tb Exp $ */ 1/* $OpenBSD: ecparam.c,v 1.25 2025/01/19 10:24:17 tb Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -87,11 +87,7 @@
87#include <openssl/pem.h> 87#include <openssl/pem.h>
88#include <openssl/x509.h> 88#include <openssl/x509.h>
89 89
90static int ecparam_print_var(BIO *, BIGNUM *, const char *, int,
91 unsigned char *);
92
93static struct { 90static struct {
94 int C;
95 int asn1_flag; 91 int asn1_flag;
96 int check; 92 int check;
97 char *curve_name; 93 char *curve_name;
@@ -141,12 +137,6 @@ ecparam_opt_enctype(char *arg)
141 137
142static const struct option ecparam_options[] = { 138static const struct option ecparam_options[] = {
143 { 139 {
144 .name = "C",
145 .desc = "Convert the EC parameters into C code",
146 .type = OPTION_FLAG,
147 .opt.flag = &cfg.C,
148 },
149 {
150 .name = "check", 140 .name = "check",
151 .desc = "Validate the elliptic curve parameters", 141 .desc = "Validate the elliptic curve parameters",
152 .type = OPTION_FLAG, 142 .type = OPTION_FLAG,
@@ -241,7 +231,7 @@ static const struct option ecparam_options[] = {
241static void 231static void
242ecparam_usage(void) 232ecparam_usage(void)
243{ 233{
244 fprintf(stderr, "usage: ecparam [-C] [-check] [-conv_form arg] " 234 fprintf(stderr, "usage: ecparam [-check] [-conv_form arg] "
245 " [-genkey]\n" 235 " [-genkey]\n"
246 " [-in file] [-inform DER | PEM] [-list_curves] [-name arg]\n" 236 " [-in file] [-inform DER | PEM] [-list_curves] [-name arg]\n"
247 " [-no_seed] [-noout] [-out file] [-outform DER | PEM]\n" 237 " [-no_seed] [-noout] [-out file] [-outform DER | PEM]\n"
@@ -252,10 +242,7 @@ ecparam_usage(void)
252int 242int
253ecparam_main(int argc, char **argv) 243ecparam_main(int argc, char **argv)
254{ 244{
255 BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, *ec_gen = NULL;
256 BIGNUM *ec_order = NULL, *ec_cofactor = NULL;
257 EC_GROUP *group = NULL; 245 EC_GROUP *group = NULL;
258 unsigned char *buffer = NULL;
259 BIO *in = NULL, *out = NULL; 246 BIO *in = NULL, *out = NULL;
260 int i, ret = 1; 247 int i, ret = 1;
261 248
@@ -403,109 +390,6 @@ ecparam_main(int argc, char **argv)
403 BIO_printf(bio_err, "ok\n"); 390 BIO_printf(bio_err, "ok\n");
404 391
405 } 392 }
406 if (cfg.C) {
407 size_t buf_len = 0, tmp_len = 0;
408 const EC_POINT *point;
409 int len = 0;
410
411 if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
412 (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
413 (ec_order = BN_new()) == NULL ||
414 (ec_cofactor = BN_new()) == NULL) {
415 perror("malloc");
416 goto end;
417 }
418
419 if (!EC_GROUP_get_curve(group, ec_p, ec_a, ec_b, NULL))
420 goto end;
421
422 if ((point = EC_GROUP_get0_generator(group)) == NULL)
423 goto end;
424 if (!EC_POINT_point2bn(group, point,
425 EC_GROUP_get_point_conversion_form(group), ec_gen,
426 NULL))
427 goto end;
428 if (!EC_GROUP_get_order(group, ec_order, NULL))
429 goto end;
430 if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
431 goto end;
432
433 len = BN_num_bits(ec_order);
434
435 if ((tmp_len = (size_t) BN_num_bytes(ec_p)) > buf_len)
436 buf_len = tmp_len;
437 if ((tmp_len = (size_t) BN_num_bytes(ec_a)) > buf_len)
438 buf_len = tmp_len;
439 if ((tmp_len = (size_t) BN_num_bytes(ec_b)) > buf_len)
440 buf_len = tmp_len;
441 if ((tmp_len = (size_t) BN_num_bytes(ec_gen)) > buf_len)
442 buf_len = tmp_len;
443 if ((tmp_len = (size_t) BN_num_bytes(ec_order)) > buf_len)
444 buf_len = tmp_len;
445 if ((tmp_len = (size_t) BN_num_bytes(ec_cofactor)) > buf_len)
446 buf_len = tmp_len;
447
448 buffer = malloc(buf_len);
449
450 if (buffer == NULL) {
451 perror("malloc");
452 goto end;
453 }
454 ecparam_print_var(out, ec_p, "ec_p", len, buffer);
455 ecparam_print_var(out, ec_a, "ec_a", len, buffer);
456 ecparam_print_var(out, ec_b, "ec_b", len, buffer);
457 ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
458 ecparam_print_var(out, ec_order, "ec_order", len, buffer);
459 ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
460 buffer);
461
462 BIO_printf(out, "\n\n");
463
464 BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
465 BIO_printf(out, "\tint ok=0;\n");
466 BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
467 BIO_printf(out, "\tEC_POINT *point = NULL;\n");
468 BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
469 "*tmp_3 = NULL;\n\n");
470 BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
471 "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
472 "goto err;\n", len, len);
473 BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
474 "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
475 "goto err;\n", len, len);
476 BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
477 "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
478 "goto err;\n", len, len);
479 BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_GFp"
480 "(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n\t\tgoto err;\n\n");
481 BIO_printf(out, "\t/* build generator */\n");
482 BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
483 "sizeof(ec_gen_%d), tmp_1)) == NULL)"
484 "\n\t\tgoto err;\n", len, len);
485 BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
486 "NULL, NULL);\n");
487 BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
488 BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
489 "sizeof(ec_order_%d), tmp_2)) == NULL)"
490 "\n\t\tgoto err;\n", len, len);
491 BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
492 "sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
493 "\n\t\tgoto err;\n", len, len);
494 BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
495 " tmp_2, tmp_3))\n\t\tgoto err;\n");
496 BIO_printf(out, "\n\tok=1;\n");
497 BIO_printf(out, "err:\n");
498 BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
499 BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
500 BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
501 BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
502 BIO_printf(out, "\tif (!ok)\n");
503 BIO_printf(out, "\t\t{\n");
504 BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
505 BIO_printf(out, "\t\tgroup = NULL;\n");
506 BIO_printf(out, "\t\t}\n");
507 BIO_printf(out, "\treturn(group);\n\t}\n");
508 }
509 if (!cfg.noout) { 393 if (!cfg.noout) {
510 if (cfg.outformat == FORMAT_ASN1) 394 if (cfg.outformat == FORMAT_ASN1)
511 i = i2d_ECPKParameters_bio(out, group); 395 i = i2d_ECPKParameters_bio(out, group);
@@ -554,15 +438,6 @@ ecparam_main(int argc, char **argv)
554 ret = 0; 438 ret = 0;
555 439
556 end: 440 end:
557 BN_free(ec_p);
558 BN_free(ec_a);
559 BN_free(ec_b);
560 BN_free(ec_gen);
561 BN_free(ec_order);
562 BN_free(ec_cofactor);
563
564 free(buffer);
565
566 BIO_free(in); 441 BIO_free(in);
567 BIO_free_all(out); 442 BIO_free_all(out);
568 EC_GROUP_free(group); 443 EC_GROUP_free(group);
@@ -570,27 +445,4 @@ ecparam_main(int argc, char **argv)
570 return (ret); 445 return (ret);
571} 446}
572 447
573static int
574ecparam_print_var(BIO * out, BIGNUM * in, const char *var,
575 int len, unsigned char *buffer)
576{
577 BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
578 if (BN_is_zero(in))
579 BIO_printf(out, "\n\t0x00");
580 else {
581 int i, l;
582
583 l = BN_bn2bin(in, buffer);
584 for (i = 0; i < l - 1; i++) {
585 if ((i % 12) == 0)
586 BIO_printf(out, "\n\t");
587 BIO_printf(out, "0x%02X,", buffer[i]);
588 }
589 if ((i % 12) == 0)
590 BIO_printf(out, "\n\t");
591 BIO_printf(out, "0x%02X", buffer[i]);
592 }
593 BIO_printf(out, "\n\t};\n\n");
594 return 1;
595}
596#endif 448#endif
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index ea20639c47..6ceb53ef5c 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: openssl.1,v 1.161 2024/08/30 06:05:10 jmc Exp $ 1.\" $OpenBSD: openssl.1,v 1.162 2025/01/19 10:24:17 tb Exp $
2.\" ==================================================================== 2.\" ====================================================================
3.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4.\" 4.\"
@@ -110,7 +110,7 @@
110.\" copied and put under another distribution licence 110.\" copied and put under another distribution licence
111.\" [including the GNU Public Licence.] 111.\" [including the GNU Public Licence.]
112.\" 112.\"
113.Dd $Mdocdate: August 30 2024 $ 113.Dd $Mdocdate: January 19 2025 $
114.Dt OPENSSL 1 114.Dt OPENSSL 1
115.Os 115.Os
116.Sh NAME 116.Sh NAME
@@ -1697,7 +1697,6 @@ If no files are specified then standard input is used.
1697.It Nm openssl dhparam 1697.It Nm openssl dhparam
1698.Bk -words 1698.Bk -words
1699.Op Fl 2 | 5 1699.Op Fl 2 | 5
1700.Op Fl C
1701.Op Fl check 1700.Op Fl check
1702.Op Fl dsaparam 1701.Op Fl dsaparam
1703.Op Fl in Ar file 1702.Op Fl in Ar file
@@ -1722,11 +1721,6 @@ The options are as follows:
1722The generator to use; 1721The generator to use;
17232 is the default. 17222 is the default.
1724If present, the input file is ignored and parameters are generated instead. 1723If present, the input file is ignored and parameters are generated instead.
1725.It Fl C
1726Convert the parameters into C code.
1727The parameters can then be loaded by calling the
1728.No get_dh Ns Ar numbits
1729function.
1730.It Fl check 1724.It Fl check
1731Check the DH parameters. 1725Check the DH parameters.
1732.It Fl dsaparam 1726.It Fl dsaparam
@@ -1862,7 +1856,6 @@ Print the public/private key in plain text.
1862.Bl -hang -width "openssl dsaparam" 1856.Bl -hang -width "openssl dsaparam"
1863.It Nm openssl dsaparam 1857.It Nm openssl dsaparam
1864.Bk -words 1858.Bk -words
1865.Op Fl C
1866.Op Fl genkey 1859.Op Fl genkey
1867.Op Fl in Ar file 1860.Op Fl in Ar file
1868.Op Fl inform Cm der | pem 1861.Op Fl inform Cm der | pem
@@ -1880,11 +1873,6 @@ command is used to manipulate or generate DSA parameter files.
1880.Pp 1873.Pp
1881The options are as follows: 1874The options are as follows:
1882.Bl -tag -width Ds 1875.Bl -tag -width Ds
1883.It Fl C
1884Convert the parameters into C code.
1885The parameters can then be loaded by calling the
1886.No get_dsa Ns Ar XXX
1887function.
1888.It Fl genkey 1876.It Fl genkey
1889Generate a DSA key either using the specified or generated 1877Generate a DSA key either using the specified or generated
1890parameters. 1878parameters.
@@ -2028,7 +2016,6 @@ Print the public/private key in plain text.
2028.Bl -hang -width "openssl ecparam" 2016.Bl -hang -width "openssl ecparam"
2029.It Nm openssl ecparam 2017.It Nm openssl ecparam
2030.Bk -words 2018.Bk -words
2031.Op Fl C
2032.Op Fl check 2019.Op Fl check
2033.Op Fl conv_form Ar arg 2020.Op Fl conv_form Ar arg
2034.Op Fl genkey 2021.Op Fl genkey
@@ -2055,11 +2042,6 @@ can only create EC parameters from known (named) curves.
2055.Pp 2042.Pp
2056The options are as follows: 2043The options are as follows:
2057.Bl -tag -width Ds 2044.Bl -tag -width Ds
2058.It Fl C
2059Convert the EC parameters into C code.
2060The parameters can then be loaded by calling the
2061.No get_ec_group_ Ns Ar XXX
2062function.
2063.It Fl check 2045.It Fl check
2064Validate the elliptic curve parameters. 2046Validate the elliptic curve parameters.
2065.It Fl conv_form Ar arg 2047.It Fl conv_form Ar arg
@@ -5984,7 +5966,6 @@ version.
5984.Bl -hang -width "openssl x509" 5966.Bl -hang -width "openssl x509"
5985.It Nm openssl x509 5967.It Nm openssl x509
5986.Bk -words 5968.Bk -words
5987.Op Fl C
5988.Op Fl addreject Ar arg 5969.Op Fl addreject Ar arg
5989.Op Fl addtrust Ar arg 5970.Op Fl addtrust Ar arg
5990.Op Fl alias 5971.Op Fl alias
@@ -6091,8 +6072,6 @@ The key password source.
6091.Pp 6072.Pp
6092The following are x509 display options: 6073The following are x509 display options:
6093.Bl -tag -width "XXXX" 6074.Bl -tag -width "XXXX"
6094.It Fl C
6095Output the certificate in the form of a C source file.
6096.It Fl certopt Ar option 6075.It Fl certopt Ar option
6097Customise the output format used with 6076Customise the output format used with
6098.Fl text , 6077.Fl text ,
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c
index fc8a0daeb3..e67e6fa54d 100644
--- a/src/usr.bin/openssl/x509.c
+++ b/src/usr.bin/openssl/x509.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.c,v 1.40 2024/12/04 08:14:34 tb Exp $ */ 1/* $OpenBSD: x509.c,v 1.41 2025/01/19 10:24:17 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -93,7 +93,6 @@ static struct {
93 char *alias; 93 char *alias;
94 int aliasout; 94 int aliasout;
95 int badops; 95 int badops;
96 int C;
97 int CA_createserial; 96 int CA_createserial;
98 int CA_flag; 97 int CA_flag;
99 char *CAfile; 98 char *CAfile;
@@ -328,13 +327,6 @@ x509_opt_utf8(void)
328 327
329static const struct option x509_options[] = { 328static const struct option x509_options[] = {
330 { 329 {
331 .name = "C",
332 .desc = "Convert the certificate into C code",
333 .type = OPTION_ORDER,
334 .opt.order = &cfg.C,
335 .order = &cfg.num,
336 },
337 {
338 .name = "addreject", 330 .name = "addreject",
339 .argname = "arg", 331 .argname = "arg",
340 .desc = "Reject certificate for a given purpose", 332 .desc = "Reject certificate for a given purpose",
@@ -763,7 +755,7 @@ static void
763x509_usage(void) 755x509_usage(void)
764{ 756{
765 fprintf(stderr, "usage: x509 " 757 fprintf(stderr, "usage: x509 "
766 "[-C] [-addreject arg] [-addtrust arg] [-alias] [-CA file]\n" 758 " [-addreject arg] [-addtrust arg] [-alias] [-CA file]\n"
767 " [-CAcreateserial] [-CAform der | pem] [-CAkey file]\n" 759 " [-CAcreateserial] [-CAform der | pem] [-CAkey file]\n"
768 " [-CAkeyform der | pem] [-CAserial file] [-certopt option]\n" 760 " [-CAkeyform der | pem] [-CAserial file] [-certopt option]\n"
769 " [-checkend arg] [-clrext] [-clrreject] [-clrtrust] [-dates]\n" 761 " [-checkend arg] [-clrext] [-clrreject] [-clrtrust] [-dates]\n"
@@ -798,7 +790,6 @@ x509_main(int argc, char **argv)
798 BIO *STDout = NULL; 790 BIO *STDout = NULL;
799 X509_STORE *ctx = NULL; 791 X509_STORE *ctx = NULL;
800 X509_REQ *rq = NULL; 792 X509_REQ *rq = NULL;
801 char buf[256];
802 CONF *extconf = NULL; 793 CONF *extconf = NULL;
803 char *passin = NULL; 794 char *passin = NULL;
804 795
@@ -1178,85 +1169,6 @@ x509_main(int argc, char **argv)
1178 goto end; 1169 goto end;
1179 } 1170 }
1180 PEM_write_bio_PUBKEY(STDout, pubkey); 1171 PEM_write_bio_PUBKEY(STDout, pubkey);
1181 } else if (cfg.C == i) {
1182 unsigned char *d;
1183 char *m;
1184 int y, z;
1185
1186 m = X509_NAME_oneline(X509_get_subject_name(x),
1187 buf, sizeof buf);
1188 if (m == NULL)
1189 goto end;
1190 BIO_printf(STDout, "/* subject:%s */\n", buf);
1191 m = X509_NAME_oneline(X509_get_issuer_name(x),
1192 buf, sizeof buf);
1193 if (m == NULL)
1194 goto end;
1195 BIO_printf(STDout, "/* issuer :%s */\n", buf);
1196
1197 z = i2d_X509(x, NULL);
1198 if (z < 0)
1199 goto end;
1200
1201 m = malloc(z);
1202 if (m == NULL) {
1203 BIO_printf(bio_err, "out of mem\n");
1204 goto end;
1205 }
1206
1207 d = (unsigned char *) m;
1208 z = i2d_X509_NAME(X509_get_subject_name(x), &d);
1209 if (z < 0) {
1210 free(m);
1211 goto end;
1212 }
1213 BIO_printf(STDout,
1214 "unsigned char XXX_subject_name[%d]={\n", z);
1215 d = (unsigned char *) m;
1216 for (y = 0; y < z; y++) {
1217 BIO_printf(STDout, "0x%02X,", d[y]);
1218 if ((y & 0x0f) == 0x0f)
1219 BIO_printf(STDout, "\n");
1220 }
1221 if (y % 16 != 0)
1222 BIO_printf(STDout, "\n");
1223 BIO_printf(STDout, "};\n");
1224
1225 z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
1226 if (z < 0) {
1227 free(m);
1228 goto end;
1229 }
1230 BIO_printf(STDout,
1231 "unsigned char XXX_public_key[%d]={\n", z);
1232 d = (unsigned char *) m;
1233 for (y = 0; y < z; y++) {
1234 BIO_printf(STDout, "0x%02X,", d[y]);
1235 if ((y & 0x0f) == 0x0f)
1236 BIO_printf(STDout, "\n");
1237 }
1238 if (y % 16 != 0)
1239 BIO_printf(STDout, "\n");
1240 BIO_printf(STDout, "};\n");
1241
1242 z = i2d_X509(x, &d);
1243 if (z < 0) {
1244 free(m);
1245 goto end;
1246 }
1247 BIO_printf(STDout,
1248 "unsigned char XXX_certificate[%d]={\n", z);
1249 d = (unsigned char *) m;
1250 for (y = 0; y < z; y++) {
1251 BIO_printf(STDout, "0x%02X,", d[y]);
1252 if ((y & 0x0f) == 0x0f)
1253 BIO_printf(STDout, "\n");
1254 }
1255 if (y % 16 != 0)
1256 BIO_printf(STDout, "\n");
1257 BIO_printf(STDout, "};\n");
1258
1259 free(m);
1260 } else if (cfg.text == i) { 1172 } else if (cfg.text == i) {
1261 if(!X509_print_ex(STDout, x, cfg.nmflag, 1173 if(!X509_print_ex(STDout, x, cfg.nmflag,
1262 cfg.certflag)) 1174 cfg.certflag))
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 10:09:17 +0000