Loading CHANGES +23 −2 Original line number Diff line number Diff line Loading @@ -4,6 +4,27 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1'). [Bodo Moeller] *) Addition of the command line parameter '-rand file' to 'openssl req'. The given file adds to whatever has already been seeded into the random pool through the RANDFILE configuration file option or environment variable, or the default random state file. [Richard Levitte] *) mkstack.pl now sorts each macro group into lexical order. Previously the output order depended on the order the files appeared in the directory, resulting in needless rewriting of safestack.h . [Steve Henson] *) Patches to make OpenSSL compile under Win32 again. Mostly work arounds for the VC++ problem that it treats func() as func(void). Also stripped out the parts of mkdef.pl that added extra typesafe functions: these no longer exist. [Steve Henson] *) Reorganisation of the stack code. The macros are now all collected in safestack.h . Each macro is defined in terms of a "stack macro" of the form SKM_<name>(type, a, b). The Loading @@ -13,8 +34,8 @@ then the non typesafe macros are used instead. Also modified the mkstack.pl script to handle the new form. Needs testing to see if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK the default if no major problems. Also need analagous stuff for ASN1_SET_OF etc. the default if no major problems. Similar behaviour for ASN1_SET_OF and PKCS12_STACK_OF. [Steve Henson] *) When some versions of IIS use the 'NET' form of private key the Loading Configure +1 −1 Original line number Diff line number Diff line Loading @@ -383,7 +383,7 @@ my %table=( # Some OpenBSD from Bob Beck <beck@obtuse.com> "OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::", "OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn", "OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::", "OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::", Loading TABLE +1 −1 Original line number Diff line number Diff line Loading @@ -268,7 +268,7 @@ $cast_obj = asm/cx86-out.o $rc4_obj = asm/rx86-out.o $rmd160_obj = asm/rm86-out.o $rc5_obj = asm/r586-out.o $dso_scheme = $dso_scheme = dlfcn *** ReliantUNIX $cc = cc Loading apps/Makefile.ssl +7 −5 Original line number Diff line number Diff line Loading @@ -166,11 +166,13 @@ apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h apps.o: ../include/openssl/crypto.h ../include/openssl/des.h apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h apps.o: ../include/openssl/evp.h ../include/openssl/idea.h apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h apps.o: ../include/openssl/md5.h ../include/openssl/mdc2.h apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h apps.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h apps.o: ../include/openssl/err.h ../include/openssl/evp.h apps.o: ../include/openssl/idea.h ../include/openssl/lhash.h apps.o: ../include/openssl/md2.h ../include/openssl/md5.h apps.o: ../include/openssl/mdc2.h ../include/openssl/objects.h apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h apps.o: ../include/openssl/rc2.h ../include/openssl/rc4.h apps.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h Loading apps/apps.c +237 −0 Original line number Diff line number Diff line Loading @@ -64,6 +64,11 @@ #define NON_MAIN #include "apps.h" #undef NON_MAIN #include <openssl/err.h> #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/pkcs12.h> #include <openssl/safestack.h> #ifdef WINDOWS # include "bss_file.c" Loading Loading @@ -159,6 +164,10 @@ int str2fmt(char *s) return(FORMAT_PEM); else if ((*s == 'N') || (*s == 'n')) return(FORMAT_NETSCAPE); else if ((*s == '1') || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0) || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0)) return(FORMAT_PKCS12); else return(FORMAT_UNDEF); } Loading Loading @@ -414,3 +423,231 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio) if(tmp) *tmp = 0; return BUF_strdup(tpass); } int add_oid_section(BIO *err, LHASH *conf) { char *p; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *cnf; int i; if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; if(!(sktmp = CONF_get_section(conf, p))) { BIO_printf(err, "problem loading oid section %s\n", p); return 0; } for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { cnf = sk_CONF_VALUE_value(sktmp, i); if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { BIO_printf(err, "problem creating object %s=%s\n", cnf->name, cnf->value); return 0; } } return 1; } X509 *load_cert(BIO *err, char *file, int format) { ASN1_HEADER *ah=NULL; BUF_MEM *buf=NULL; X509 *x=NULL; BIO *cert; if ((cert=BIO_new(BIO_s_file())) == NULL) { ERR_print_errors(err); goto end; } if (file == NULL) BIO_set_fp(cert,stdin,BIO_NOCLOSE); else { if (BIO_read_filename(cert,file) <= 0) { perror(file); goto end; } } if (format == FORMAT_ASN1) x=d2i_X509_bio(cert,NULL); else if (format == FORMAT_NETSCAPE) { unsigned char *p,*op; int size=0,i; /* We sort of have to do it this way because it is sort of nice * to read the header first and check it, then * try to read the certificate */ buf=BUF_MEM_new(); for (;;) { if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10))) goto end; i=BIO_read(cert,&(buf->data[size]),1024*10); size+=i; if (i == 0) break; if (i < 0) { perror("reading certificate"); goto end; } } p=(unsigned char *)buf->data; op=p; /* First load the header */ if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL) goto end; if ((ah->header == NULL) || (ah->header->data == NULL) || (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data, ah->header->length) != 0)) { BIO_printf(err,"Error reading header on certificate\n"); goto end; } /* header is ok, so now read the object */ p=op; ah->meth=X509_asn1_meth(); if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL) goto end; x=(X509 *)ah->data; ah->data=NULL; } else if (format == FORMAT_PEM) x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL); else if (format == FORMAT_PKCS12) { PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL); PKCS12_parse(p12, NULL, NULL, &x, NULL); PKCS12_free(p12); p12 = NULL; } else { BIO_printf(err,"bad input format specified for input cert\n"); goto end; } end: if (x == NULL) { BIO_printf(err,"unable to load certificate\n"); ERR_print_errors(err); } if (ah != NULL) ASN1_HEADER_free(ah); if (cert != NULL) BIO_free(cert); if (buf != NULL) BUF_MEM_free(buf); return(x); } EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass) { BIO *key=NULL; EVP_PKEY *pkey=NULL; if (file == NULL) { BIO_printf(err,"no keyfile specified\n"); goto end; } key=BIO_new(BIO_s_file()); if (key == NULL) { ERR_print_errors(err); goto end; } if (BIO_read_filename(key,file) <= 0) { perror(file); goto end; } if (format == FORMAT_ASN1) { pkey=d2i_PrivateKey_bio(key, NULL); } else if (format == FORMAT_PEM) { pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass); } else if (format == FORMAT_PKCS12) { PKCS12 *p12 = d2i_PKCS12_bio(key, NULL); PKCS12_parse(p12, pass, &pkey, NULL, NULL); PKCS12_free(p12); p12 = NULL; } else { BIO_printf(err,"bad input format specified for key\n"); goto end; } end: if (key != NULL) BIO_free(key); if (pkey == NULL) BIO_printf(err,"unable to load Private Key\n"); return(pkey); } STACK_OF(X509) *load_certs(BIO *err, char *file, int format) { BIO *certs; int i; STACK_OF(X509) *othercerts = NULL; STACK_OF(X509_INFO) *allcerts = NULL; X509_INFO *xi; if((certs = BIO_new(BIO_s_file())) == NULL) { ERR_print_errors(err); goto end; } if (file == NULL) BIO_set_fp(certs,stdin,BIO_NOCLOSE); else { if (BIO_read_filename(certs,file) <= 0) { perror(file); goto end; } } if (format == FORMAT_PEM) { othercerts = sk_X509_new(NULL); if(!othercerts) { sk_X509_free(othercerts); othercerts = NULL; goto end; } allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); for(i = 0; i < sk_X509_INFO_num(allcerts); i++) { xi = sk_X509_INFO_value (allcerts, i); if (xi->x509) { sk_X509_push(othercerts, xi->x509); xi->x509 = NULL; } } goto end; } else { BIO_printf(err,"bad input format specified for input cert\n"); goto end; } end: if (othercerts == NULL) { BIO_printf(err,"unable to load certificates\n"); ERR_print_errors(err); } if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free); if (certs != NULL) BIO_free(certs); return(othercerts); } Loading
CHANGES +23 −2 Original line number Diff line number Diff line Loading @@ -4,6 +4,27 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1'). [Bodo Moeller] *) Addition of the command line parameter '-rand file' to 'openssl req'. The given file adds to whatever has already been seeded into the random pool through the RANDFILE configuration file option or environment variable, or the default random state file. [Richard Levitte] *) mkstack.pl now sorts each macro group into lexical order. Previously the output order depended on the order the files appeared in the directory, resulting in needless rewriting of safestack.h . [Steve Henson] *) Patches to make OpenSSL compile under Win32 again. Mostly work arounds for the VC++ problem that it treats func() as func(void). Also stripped out the parts of mkdef.pl that added extra typesafe functions: these no longer exist. [Steve Henson] *) Reorganisation of the stack code. The macros are now all collected in safestack.h . Each macro is defined in terms of a "stack macro" of the form SKM_<name>(type, a, b). The Loading @@ -13,8 +34,8 @@ then the non typesafe macros are used instead. Also modified the mkstack.pl script to handle the new form. Needs testing to see if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK the default if no major problems. Also need analagous stuff for ASN1_SET_OF etc. the default if no major problems. Similar behaviour for ASN1_SET_OF and PKCS12_STACK_OF. [Steve Henson] *) When some versions of IIS use the 'NET' form of private key the Loading
Configure +1 −1 Original line number Diff line number Diff line Loading @@ -383,7 +383,7 @@ my %table=( # Some OpenBSD from Bob Beck <beck@obtuse.com> "OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::", "OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn", "OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::", "OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::", Loading
TABLE +1 −1 Original line number Diff line number Diff line Loading @@ -268,7 +268,7 @@ $cast_obj = asm/cx86-out.o $rc4_obj = asm/rx86-out.o $rmd160_obj = asm/rm86-out.o $rc5_obj = asm/r586-out.o $dso_scheme = $dso_scheme = dlfcn *** ReliantUNIX $cc = cc Loading
apps/Makefile.ssl +7 −5 Original line number Diff line number Diff line Loading @@ -166,11 +166,13 @@ apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h apps.o: ../include/openssl/crypto.h ../include/openssl/des.h apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h apps.o: ../include/openssl/evp.h ../include/openssl/idea.h apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h apps.o: ../include/openssl/md5.h ../include/openssl/mdc2.h apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h apps.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h apps.o: ../include/openssl/err.h ../include/openssl/evp.h apps.o: ../include/openssl/idea.h ../include/openssl/lhash.h apps.o: ../include/openssl/md2.h ../include/openssl/md5.h apps.o: ../include/openssl/mdc2.h ../include/openssl/objects.h apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h apps.o: ../include/openssl/rc2.h ../include/openssl/rc4.h apps.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h Loading
apps/apps.c +237 −0 Original line number Diff line number Diff line Loading @@ -64,6 +64,11 @@ #define NON_MAIN #include "apps.h" #undef NON_MAIN #include <openssl/err.h> #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/pkcs12.h> #include <openssl/safestack.h> #ifdef WINDOWS # include "bss_file.c" Loading Loading @@ -159,6 +164,10 @@ int str2fmt(char *s) return(FORMAT_PEM); else if ((*s == 'N') || (*s == 'n')) return(FORMAT_NETSCAPE); else if ((*s == '1') || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0) || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0)) return(FORMAT_PKCS12); else return(FORMAT_UNDEF); } Loading Loading @@ -414,3 +423,231 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio) if(tmp) *tmp = 0; return BUF_strdup(tpass); } int add_oid_section(BIO *err, LHASH *conf) { char *p; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *cnf; int i; if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; if(!(sktmp = CONF_get_section(conf, p))) { BIO_printf(err, "problem loading oid section %s\n", p); return 0; } for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { cnf = sk_CONF_VALUE_value(sktmp, i); if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { BIO_printf(err, "problem creating object %s=%s\n", cnf->name, cnf->value); return 0; } } return 1; } X509 *load_cert(BIO *err, char *file, int format) { ASN1_HEADER *ah=NULL; BUF_MEM *buf=NULL; X509 *x=NULL; BIO *cert; if ((cert=BIO_new(BIO_s_file())) == NULL) { ERR_print_errors(err); goto end; } if (file == NULL) BIO_set_fp(cert,stdin,BIO_NOCLOSE); else { if (BIO_read_filename(cert,file) <= 0) { perror(file); goto end; } } if (format == FORMAT_ASN1) x=d2i_X509_bio(cert,NULL); else if (format == FORMAT_NETSCAPE) { unsigned char *p,*op; int size=0,i; /* We sort of have to do it this way because it is sort of nice * to read the header first and check it, then * try to read the certificate */ buf=BUF_MEM_new(); for (;;) { if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10))) goto end; i=BIO_read(cert,&(buf->data[size]),1024*10); size+=i; if (i == 0) break; if (i < 0) { perror("reading certificate"); goto end; } } p=(unsigned char *)buf->data; op=p; /* First load the header */ if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL) goto end; if ((ah->header == NULL) || (ah->header->data == NULL) || (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data, ah->header->length) != 0)) { BIO_printf(err,"Error reading header on certificate\n"); goto end; } /* header is ok, so now read the object */ p=op; ah->meth=X509_asn1_meth(); if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL) goto end; x=(X509 *)ah->data; ah->data=NULL; } else if (format == FORMAT_PEM) x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL); else if (format == FORMAT_PKCS12) { PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL); PKCS12_parse(p12, NULL, NULL, &x, NULL); PKCS12_free(p12); p12 = NULL; } else { BIO_printf(err,"bad input format specified for input cert\n"); goto end; } end: if (x == NULL) { BIO_printf(err,"unable to load certificate\n"); ERR_print_errors(err); } if (ah != NULL) ASN1_HEADER_free(ah); if (cert != NULL) BIO_free(cert); if (buf != NULL) BUF_MEM_free(buf); return(x); } EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass) { BIO *key=NULL; EVP_PKEY *pkey=NULL; if (file == NULL) { BIO_printf(err,"no keyfile specified\n"); goto end; } key=BIO_new(BIO_s_file()); if (key == NULL) { ERR_print_errors(err); goto end; } if (BIO_read_filename(key,file) <= 0) { perror(file); goto end; } if (format == FORMAT_ASN1) { pkey=d2i_PrivateKey_bio(key, NULL); } else if (format == FORMAT_PEM) { pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass); } else if (format == FORMAT_PKCS12) { PKCS12 *p12 = d2i_PKCS12_bio(key, NULL); PKCS12_parse(p12, pass, &pkey, NULL, NULL); PKCS12_free(p12); p12 = NULL; } else { BIO_printf(err,"bad input format specified for key\n"); goto end; } end: if (key != NULL) BIO_free(key); if (pkey == NULL) BIO_printf(err,"unable to load Private Key\n"); return(pkey); } STACK_OF(X509) *load_certs(BIO *err, char *file, int format) { BIO *certs; int i; STACK_OF(X509) *othercerts = NULL; STACK_OF(X509_INFO) *allcerts = NULL; X509_INFO *xi; if((certs = BIO_new(BIO_s_file())) == NULL) { ERR_print_errors(err); goto end; } if (file == NULL) BIO_set_fp(certs,stdin,BIO_NOCLOSE); else { if (BIO_read_filename(certs,file) <= 0) { perror(file); goto end; } } if (format == FORMAT_PEM) { othercerts = sk_X509_new(NULL); if(!othercerts) { sk_X509_free(othercerts); othercerts = NULL; goto end; } allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); for(i = 0; i < sk_X509_INFO_num(allcerts); i++) { xi = sk_X509_INFO_value (allcerts, i); if (xi->x509) { sk_X509_push(othercerts, xi->x509); xi->x509 = NULL; } } goto end; } else { BIO_printf(err,"bad input format specified for input cert\n"); goto end; } end: if (othercerts == NULL) { BIO_printf(err,"unable to load certificates\n"); ERR_print_errors(err); } if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free); if (certs != NULL) BIO_free(certs); return(othercerts); }
