Upgrade to openssl-0.9.8k.
The source tree (and the size of the compiled library)
can be reduced further. This will be done in a future
commit.
diff --git a/apps/Makefile b/apps/Makefile
index 92ae515..402981a 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -152,10 +152,13 @@
$(RM) $(EXE)
shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \
+ elif [ -n "$(FIPSCANLIB)" ]; then \
+ FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
fi; \
LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
+ [ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
$(MAKE) -f $(TOP)/Makefile.shared -e \
- APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
+ CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
link_app.$${shlib_target}
-(cd ..; \
@@ -173,65 +176,66 @@
app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-app_rand.o: app_rand.c apps.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h
+app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+app_rand.o: ../include/openssl/x509v3.h app_rand.c apps.h
apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
apps.o: ../include/openssl/engine.h ../include/openssl/err.h
-apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
-apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
-apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
+apps.o: ../include/openssl/evp.h ../include/openssl/fips.h
+apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+apps.o: ../include/openssl/x509v3.h apps.c apps.h
asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
-asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-asn1pars.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-asn1pars.o: asn1pars.c
+asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+asn1pars.o: ../include/openssl/x509v3.h apps.h asn1pars.c
ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ca.o: ../include/openssl/engine.h ../include/openssl/err.h
-ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ca.o: ../include/openssl/x509v3.h apps.h ca.c
+ca.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -239,7 +243,8 @@
ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
-ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -258,62 +263,63 @@
cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-cms.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-cms.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-cms.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-cms.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-cms.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-cms.o: ../include/openssl/sha.h ../include/openssl/stack.h
-cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-cms.o: ../include/openssl/x509v3.h apps.h cms.c
+cms.o: ../include/openssl/evp.h ../include/openssl/fips.h
+cms.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+cms.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+cms.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cms.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+cms.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+cms.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+cms.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+cms.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h cms.c
crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
crl.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-crl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
+crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h crl.c
crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-crl2p7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-crl2p7.o: crl2p7.c
+crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl2p7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl2p7.o: ../include/openssl/x509v3.h apps.h crl2p7.c
dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-dgst.o: ../include/openssl/x509v3.h apps.h dgst.c
+dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+dgst.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dgst.c
dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -321,15 +327,16 @@
dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c
+dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dh.o: ../include/openssl/x509v3.h apps.h dh.c
dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -337,15 +344,16 @@
dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c
+dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dsa.o: ../include/openssl/x509v3.h apps.h dsa.c
dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -353,65 +361,68 @@
dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-dsaparam.o: ../include/openssl/x509v3.h apps.h dsaparam.c
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
+dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
+dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+dsaparam.o: dsaparam.c
ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
ec.o: ../include/openssl/err.h ../include/openssl/evp.h
-ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ec.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c
+ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ec.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+ec.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ec.o: ../include/openssl/x509v3.h apps.h ec.c
ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ecparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c
+ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ecparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ecparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+ecparam.o: ecparam.c
enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-enc.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-enc.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
-enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-enc.o: ../include/openssl/x509v3.h apps.h enc.c
+enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c
engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -419,7 +430,8 @@
engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
engine.o: ../include/openssl/engine.h ../include/openssl/err.h
-engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+engine.o: ../include/openssl/evp.h ../include/openssl/fips.h
+engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -440,7 +452,8 @@
errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
-errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h
+errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -461,18 +474,19 @@
gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
-gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
+gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h
+gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+gendh.o: gendh.c
gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -480,16 +494,16 @@
gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-gendsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-gendsa.o: gendsa.c
+gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+gendsa.o: ../include/openssl/x509v3.h apps.h gendsa.c
genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -497,33 +511,35 @@
genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
+genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
+genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
+genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+genrsa.o: genrsa.c
nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
-nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-nseq.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c
+nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+nseq.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+nseq.o: ../include/openssl/x509v3.h apps.h nseq.c
ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -531,7 +547,8 @@
ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
-ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ocsp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -552,7 +569,8 @@
openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
-openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h
+openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -573,95 +591,97 @@
passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
-passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-passwd.o: passwd.c
+passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+passwd.o: ../include/openssl/x509v3.h apps.h passwd.c
pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs12.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c
+pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs12.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+pkcs12.o: pkcs12.c
pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-pkcs7.o: pkcs7.c
+pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+pkcs7.o: ../include/openssl/x509v3.h apps.h pkcs7.c
pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs8.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c
+pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs8.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+pkcs8.o: pkcs8.c
prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
prime.o: ../include/openssl/engine.h ../include/openssl/evp.h
-prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-prime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-prime.o: prime.c
+prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+prime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+prime.o: ../include/openssl/x509v3.h apps.h prime.c
rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-rand.o: ../include/openssl/x509v3.h apps.h rand.c
+rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rand.c
req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -669,50 +689,52 @@
req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
req.o: ../include/openssl/engine.h ../include/openssl/err.h
-req.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
-req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-req.o: ../include/openssl/x509v3.h apps.h req.c
+req.o: ../include/openssl/evp.h ../include/openssl/fips.h
+req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/store.h
+req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+req.o: ../include/openssl/ui.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c
+rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
+rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+rsa.o: ../include/openssl/x509v3.h apps.h rsa.c
rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rsautl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c
+rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsautl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+rsautl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+rsautl.o: rsautl.c
s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -720,7 +742,8 @@
s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -741,7 +764,8 @@
s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_client.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -764,7 +788,8 @@
s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -787,6 +812,7 @@
s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/fips.h ../include/openssl/hmac.h
s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
@@ -808,7 +834,8 @@
s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -829,7 +856,8 @@
sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
-sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h
+sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -849,16 +877,16 @@
smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
smime.o: ../include/openssl/err.h ../include/openssl/evp.h
-smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-smime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-smime.o: smime.c
+smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+smime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+smime.o: ../include/openssl/x509v3.h apps.h smime.c
speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -868,53 +896,54 @@
speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
speed.o: ../include/openssl/engine.h ../include/openssl/err.h
-speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
-speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
-speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h
+speed.o: ../include/openssl/evp.h ../include/openssl/fips.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
+speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+speed.o: speed.c testdsa.h testrsa.h
spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-spkac.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-spkac.o: spkac.c
+spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+spkac.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+spkac.o: ../include/openssl/x509v3.h apps.h spkac.c
verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-verify.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-verify.o: verify.c
+verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+verify.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h verify.c
version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@@ -922,18 +951,18 @@
version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-version.o: ../include/openssl/evp.h ../include/openssl/idea.h
-version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-version.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h
-version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-version.o: version.c
+version.o: ../include/openssl/evp.h ../include/openssl/fips.h
+version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h
+version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+version.o: ../include/openssl/x509v3.h apps.h version.c
x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -941,13 +970,13 @@
x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-x509.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
-x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-x509.o: ../include/openssl/x509v3.h apps.h x509.c
+x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+x509.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
diff --git a/apps/apps.c b/apps/apps.c
index 5209cab..498722a 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -115,6 +115,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <ctype.h>
+#include <assert.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
@@ -129,6 +130,9 @@
#include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
+#ifndef OPENSSL_NO_JPAKE
+#include <openssl/jpake.h>
+#endif
#define NON_MAIN
#include "apps.h"
@@ -2333,3 +2337,233 @@
if (free_out)
BIO_free(out);
}
+
+#ifndef OPENSSL_NO_JPAKE
+
+static JPAKE_CTX *jpake_init(const char *us, const char *them,
+ const char *secret)
+ {
+ BIGNUM *p = NULL;
+ BIGNUM *g = NULL;
+ BIGNUM *q = NULL;
+ BIGNUM *bnsecret = BN_new();
+ JPAKE_CTX *ctx;
+
+ /* Use a safe prime for p (that we found earlier) */
+ BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
+ g = BN_new();
+ BN_set_word(g, 2);
+ q = BN_new();
+ BN_rshift1(q, p);
+
+ BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
+
+ ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
+ BN_free(bnsecret);
+ BN_free(q);
+ BN_free(g);
+ BN_free(p);
+
+ return ctx;
+ }
+
+static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
+ {
+ BN_print(conn, p->gx);
+ BIO_puts(conn, "\n");
+ BN_print(conn, p->zkpx.gr);
+ BIO_puts(conn, "\n");
+ BN_print(conn, p->zkpx.b);
+ BIO_puts(conn, "\n");
+ }
+
+static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
+ {
+ JPAKE_STEP1 s1;
+
+ JPAKE_STEP1_init(&s1);
+ JPAKE_STEP1_generate(&s1, ctx);
+ jpake_send_part(bconn, &s1.p1);
+ jpake_send_part(bconn, &s1.p2);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP1_release(&s1);
+ }
+
+static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
+ {
+ JPAKE_STEP2 s2;
+
+ JPAKE_STEP2_init(&s2);
+ JPAKE_STEP2_generate(&s2, ctx);
+ jpake_send_part(bconn, &s2);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP2_release(&s2);
+ }
+
+static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
+ {
+ JPAKE_STEP3A s3a;
+
+ JPAKE_STEP3A_init(&s3a);
+ JPAKE_STEP3A_generate(&s3a, ctx);
+ BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP3A_release(&s3a);
+ }
+
+static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
+ {
+ JPAKE_STEP3B s3b;
+
+ JPAKE_STEP3B_init(&s3b);
+ JPAKE_STEP3B_generate(&s3b, ctx);
+ BIO_write(bconn, s3b.hk, sizeof s3b.hk);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP3B_release(&s3b);
+ }
+
+static void readbn(BIGNUM **bn, BIO *bconn)
+ {
+ char buf[10240];
+ int l;
+
+ l = BIO_gets(bconn, buf, sizeof buf);
+ assert(l > 0);
+ assert(buf[l-1] == '\n');
+ buf[l-1] = '\0';
+ BN_hex2bn(bn, buf);
+ }
+
+static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
+ {
+ readbn(&p->gx, bconn);
+ readbn(&p->zkpx.gr, bconn);
+ readbn(&p->zkpx.b, bconn);
+ }
+
+static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
+ {
+ JPAKE_STEP1 s1;
+
+ JPAKE_STEP1_init(&s1);
+ jpake_receive_part(&s1.p1, bconn);
+ jpake_receive_part(&s1.p2, bconn);
+ if(!JPAKE_STEP1_process(ctx, &s1))
+ {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP1_release(&s1);
+ }
+
+static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
+ {
+ JPAKE_STEP2 s2;
+
+ JPAKE_STEP2_init(&s2);
+ jpake_receive_part(&s2, bconn);
+ if(!JPAKE_STEP2_process(ctx, &s2))
+ {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP2_release(&s2);
+ }
+
+static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
+ {
+ JPAKE_STEP3A s3a;
+ int l;
+
+ JPAKE_STEP3A_init(&s3a);
+ l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
+ assert(l == sizeof s3a.hhk);
+ if(!JPAKE_STEP3A_process(ctx, &s3a))
+ {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP3A_release(&s3a);
+ }
+
+static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
+ {
+ JPAKE_STEP3B s3b;
+ int l;
+
+ JPAKE_STEP3B_init(&s3b);
+ l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
+ assert(l == sizeof s3b.hk);
+ if(!JPAKE_STEP3B_process(ctx, &s3b))
+ {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP3B_release(&s3b);
+ }
+
+void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
+ {
+ JPAKE_CTX *ctx;
+ BIO *bconn;
+
+ BIO_puts(out, "Authenticating with JPAKE\n");
+
+ ctx = jpake_init("client", "server", secret);
+
+ bconn = BIO_new(BIO_f_buffer());
+ BIO_push(bconn, conn);
+
+ jpake_send_step1(bconn, ctx);
+ jpake_receive_step1(ctx, bconn);
+ jpake_send_step2(bconn, ctx);
+ jpake_receive_step2(ctx, bconn);
+ jpake_send_step3a(bconn, ctx);
+ jpake_receive_step3b(ctx, bconn);
+
+ /*
+ * The problem is that you must use the derived key in the
+ * session key or you are subject to man-in-the-middle
+ * attacks.
+ */
+ BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
+ " be MitMed. See the version in HEAD for how to do it"
+ " properly)\n");
+
+ BIO_pop(bconn);
+ BIO_free(bconn);
+ }
+
+void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
+ {
+ JPAKE_CTX *ctx;
+ BIO *bconn;
+
+ BIO_puts(out, "Authenticating with JPAKE\n");
+
+ ctx = jpake_init("server", "client", secret);
+
+ bconn = BIO_new(BIO_f_buffer());
+ BIO_push(bconn, conn);
+
+ jpake_receive_step1(ctx, bconn);
+ jpake_send_step1(bconn, ctx);
+ jpake_receive_step2(ctx, bconn);
+ jpake_send_step2(bconn, ctx);
+ jpake_receive_step3a(ctx, bconn);
+ jpake_send_step3b(bconn, ctx);
+
+ /*
+ * The problem is that you must use the derived key in the
+ * session key or you are subject to man-in-the-middle
+ * attacks.
+ */
+ BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
+ " be MitMed. See the version in HEAD for how to do it"
+ " properly)\n");
+
+ BIO_pop(bconn);
+ BIO_free(bconn);
+ }
+
+#endif
diff --git a/apps/apps.h b/apps/apps.h
index 0df1708..8857909 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -149,9 +149,11 @@
#ifndef NON_MAIN
CONF *config=NULL;
BIO *bio_err=NULL;
+int in_FIPS_mode=0;
#else
extern CONF *config;
extern BIO *bio_err;
+extern int in_FIPS_mode;
#endif
#else
@@ -160,6 +162,7 @@
extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
+extern int in_FIPS_mode;
#endif
@@ -335,6 +338,10 @@
int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
+#ifndef OPENSSL_NO_JPAKE
+void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
+void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
+#endif
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index b1a7c8e..bde61d0 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to
+/* A nice addition from Dr Stephen Henson <steve@openssl.org> to
* add the -strparse option which parses nested binary structures
*/
diff --git a/apps/ca.c b/apps/ca.c
index 87f0405..68516ee 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -83,7 +83,7 @@
# else
# include <unixlib.h>
# endif
-# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
+# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(__TANDEM)
# include <sys/file.h>
# endif
#endif
diff --git a/apps/crl.c b/apps/crl.c
index a0040fb..c395b2a 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -85,6 +85,7 @@
" -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n",
" -nextupdate - nextUpdate field\n",
+" -crlnumber - print CRL number\n",
" -noout - no CRL output\n",
" -CAfile name - verify CRL using certificates in file \"name\"\n",
" -CApath dir - verify CRL using certificates in \"dir\"\n",
@@ -107,7 +108,7 @@
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
- int fingerprint = 0;
+ int fingerprint = 0, crlnumber = 0;
const char **pp;
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
@@ -206,6 +207,8 @@
noout= ++num;
else if (strcmp(*argv,"-fingerprint") == 0)
fingerprint= ++num;
+ else if (strcmp(*argv,"-crlnumber") == 0)
+ crlnumber= ++num;
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
@@ -281,7 +284,21 @@
{
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
}
-
+ if (crlnumber == i)
+ {
+ ASN1_INTEGER *crlnum;
+ crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number,
+ NULL, NULL);
+ BIO_printf(bio_out,"crlNumber=");
+ if (crlnum)
+ {
+ i2a_ASN1_INTEGER(bio_out, crlnum);
+ ASN1_INTEGER_free(crlnum);
+ }
+ else
+ BIO_puts(bio_out, "<NONE>");
+ BIO_printf(bio_out,"\n");
+ }
if (hash == i)
{
BIO_printf(bio_out,"%08lx\n",
diff --git a/apps/dgst.c b/apps/dgst.c
index c5ecf93..9ebfc22 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -76,7 +76,7 @@
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
- const char *file,BIO *bmd,const char *hmac_key);
+ const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
int MAIN(int, char **);
@@ -84,7 +84,7 @@
{
ENGINE *e = NULL;
unsigned char *buf=NULL;
- int i,err=0;
+ int i,err=1;
const EVP_MD *md=NULL,*m;
BIO *in=NULL,*inp;
BIO *bmd=NULL;
@@ -101,14 +101,16 @@
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
+ unsigned int sig_flags = 0;
char *passargin = NULL, *passin = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
char *hmac_key=NULL;
+ int non_fips_allow = 0;
apps_startup();
-
+ERR_load_crypto_strings();
if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
{
BIO_printf(bio_err,"out of memory\n");
@@ -167,6 +169,27 @@
keyfile=*(++argv);
do_verify = 1;
}
+ else if (strcmp(*argv,"-x931") == 0)
+ sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
+ else if (strcmp(*argv,"-pss_saltlen") == 0)
+ {
+ int saltlen;
+ if (--argc < 1) break;
+ saltlen=atoi(*(++argv));
+ if (saltlen == -1)
+ sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
+ else if (saltlen == -2)
+ sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
+ else if (saltlen < -2 || saltlen >= 0xFFFE)
+ {
+ BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen);
+ goto end;
+ }
+ else
+ sig_flags = saltlen;
+ sig_flags <<= 16;
+ sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
+ }
else if (strcmp(*argv,"-signature") == 0)
{
if (--argc < 1) break;
@@ -190,6 +213,8 @@
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
+ else if (strcmp(*argv,"-non-fips-allow") == 0)
+ non_fips_allow=1;
else if (!strcmp(*argv,"-fips-fingerprint"))
hmac_key = "etaonrishdlcupfm";
else if (!strcmp(*argv,"-hmac"))
@@ -356,8 +381,20 @@
goto end;
}
}
-
+ if (non_fips_allow)
+ {
+ EVP_MD_CTX *md_ctx;
+ BIO_get_md_ctx(bmd,&md_ctx);
+ EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
+
+ if (sig_flags)
+ {
+ EVP_MD_CTX *md_ctx;
+ BIO_get_md_ctx(bmd,&md_ctx);
+ EVP_MD_CTX_set_flags(md_ctx, sig_flags);
+ }
/* we use md as a filter, reading from 'in' */
if (!BIO_set_md(bmd,md))
@@ -373,11 +410,12 @@
{
BIO_set_fp(in,stdin,BIO_NOCLOSE);
err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
- siglen,"","(stdin)",bmd,hmac_key);
+ siglen,"","(stdin)",bmd,hmac_key,non_fips_allow);
}
else
{
name=OBJ_nid2sn(md->type);
+ err = 0;
for (i=0; i<argc; i++)
{
char *tmp,*tofree=NULL;
@@ -399,7 +437,7 @@
else
tmp="";
r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
- siglen,tmp,argv[i],bmd,hmac_key);
+ siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
if(r)
err=r;
if(tofree)
@@ -426,7 +464,7 @@
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
- const char *file,BIO *bmd,const char *hmac_key)
+ const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow)
{
unsigned int len;
int i;
diff --git a/apps/dsa.c b/apps/dsa.c
index 9e10303..cbc1fe3 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -96,9 +96,7 @@
int MAIN(int argc, char **argv)
{
-#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
-#endif
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
@@ -240,37 +238,27 @@
goto end;
}
- in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
+ if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
BIO_printf(bio_err,"read DSA key\n");
- if (informat == FORMAT_ASN1) {
- if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
- else dsa=d2i_DSAPrivateKey_bio(in,NULL);
- } else if (informat == FORMAT_PEM) {
- if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
- else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
- } else
- {
- BIO_printf(bio_err,"bad input format specified for key\n");
- goto end;
- }
+ {
+ EVP_PKEY *pkey;
+ if (pubin)
+ pkey = load_pubkey(bio_err, infile, informat, 1,
+ passin, e, "Public Key");
+ else
+ pkey = load_key(bio_err, infile, informat, 1,
+ passin, e, "Private Key");
+
+ if (pkey != NULL)
+ dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
+ EVP_PKEY_free(pkey);
+ }
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load Key\n");
diff --git a/apps/enc.c b/apps/enc.c
index a41ea80..f4f9a4c 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -127,6 +127,7 @@
char *engine = NULL;
#endif
const EVP_MD *dgst=NULL;
+ int non_fips_allow = 0;
apps_startup();
@@ -261,6 +262,8 @@
if (--argc < 1) goto bad;
md= *(++argv);
}
+ else if (strcmp(*argv,"-non-fips-allow") == 0)
+ non_fips_allow = 1;
else if ((argv[0][0] == '-') &&
((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
{
@@ -314,7 +317,10 @@
if (dgst == NULL)
{
- dgst = EVP_md5();
+ if (in_FIPS_mode)
+ dgst = EVP_sha1();
+ else
+ dgst = EVP_md5();
}
if (bufsize != NULL)
@@ -527,7 +533,8 @@
BIO_printf(bio_err,"invalid hex iv value\n");
goto end;
}
- if ((hiv == NULL) && (str == NULL))
+ if ((hiv == NULL) && (str == NULL)
+ && EVP_CIPHER_iv_length(cipher) != 0)
{
/* No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
@@ -549,6 +556,11 @@
*/
BIO_get_cipher_ctx(benc, &ctx);
+
+ if (non_fips_allow)
+ EVP_CIPHER_CTX_set_flags(ctx,
+ EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
{
BIO_printf(bio_err, "Error setting cipher %s\n",
diff --git a/apps/engine.c b/apps/engine.c
index 25c8617..17bd81f 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -56,7 +56,6 @@
*
*/
-#ifndef OPENSSL_NO_ENGINE
#include <stdio.h>
#include <stdlib.h>
@@ -66,6 +65,7 @@
#endif
#include "apps.h"
#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#include <openssl/ssl.h>
@@ -252,7 +252,7 @@
/* Now decide on the output */
if(xpos == 0)
/* Do an indent */
- xpos = BIO_printf(bio_out, indent);
+ xpos = BIO_puts(bio_out, indent);
else
/* Otherwise prepend a ", " */
xpos += BIO_printf(bio_out, ", ");
@@ -263,7 +263,7 @@
(xpos + (int)strlen(name) > line_wrap))
{
BIO_printf(bio_out, "\n");
- xpos = BIO_printf(bio_out, indent);
+ xpos = BIO_puts(bio_out, indent);
}
xpos += BIO_printf(bio_out, "%s", name);
}
diff --git a/apps/genpkey.c b/apps/genpkey.c
new file mode 100644
index 0000000..6dfda08
--- /dev/null
+++ b/apps/genpkey.c
@@ -0,0 +1,440 @@
+/* apps/genpkey.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
+ const char *file, ENGINE *e);
+static int genpkey_cb(EVP_PKEY_CTX *ctx);
+
+#define PROG genpkey_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ char **args, *outfile = NULL;
+ char *passarg = NULL;
+ BIO *in = NULL, *out = NULL;
+ const EVP_CIPHER *cipher = NULL;
+ int outformat;
+ int text = 0;
+ EVP_PKEY *pkey=NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ char *pass = NULL;
+ int badarg = 0;
+ int ret = 1, rv;
+
+ int do_param = 0;
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ outformat=FORMAT_PEM;
+
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ args = argv + 1;
+ while (!badarg && *args && *args[0] == '-')
+ {
+ if (!strcmp(*args,"-outform"))
+ {
+ if (args[1])
+ {
+ args++;
+ outformat=str2fmt(*args);
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args,"-pass"))
+ {
+ if (!args[1]) goto bad;
+ passarg= *(++args);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*args,"-engine") == 0)
+ {
+ if (!args[1])
+ goto bad;
+ e = setup_engine(bio_err, *(++args), 0);
+ }
+#endif
+ else if (!strcmp (*args, "-paramfile"))
+ {
+ if (!args[1])
+ goto bad;
+ args++;
+ if (do_param == 1)
+ goto bad;
+ if (!init_keygen_file(bio_err, &ctx, *args, e))
+ goto end;
+ }
+ else if (!strcmp (*args, "-out"))
+ {
+ if (args[1])
+ {
+ args++;
+ outfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (strcmp(*args,"-algorithm") == 0)
+ {
+ if (!args[1])
+ goto bad;
+ if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param))
+ goto end;
+ }
+ else if (strcmp(*args,"-pkeyopt") == 0)
+ {
+ if (!args[1])
+ goto bad;
+ if (!ctx)
+ {
+ BIO_puts(bio_err, "No keytype specified\n");
+ goto bad;
+ }
+ else if (pkey_ctrl_string(ctx, *(++args)) <= 0)
+ {
+ BIO_puts(bio_err, "parameter setting error\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ else if (strcmp(*args,"-genparam") == 0)
+ {
+ if (ctx)
+ goto bad;
+ do_param = 1;
+ }
+ else if (strcmp(*args,"-text") == 0)
+ text=1;
+ else
+ {
+ cipher = EVP_get_cipherbyname(*args + 1);
+ if (!cipher)
+ {
+ BIO_printf(bio_err, "Unknown cipher %s\n",
+ *args + 1);
+ badarg = 1;
+ }
+ if (do_param == 1)
+ badarg = 1;
+ }
+ args++;
+ }
+
+ if (!ctx)
+ badarg = 1;
+
+ if (badarg)
+ {
+ bad:
+ BIO_printf(bio_err, "Usage: genpkey [options]\n");
+ BIO_printf(bio_err, "where options may be\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
+ BIO_printf(bio_err, "-pass arg output file pass phrase source\n");
+ BIO_printf(bio_err, "-<cipher> use cipher <cipher> to encrypt the key\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err, "-paramfile file parameters file\n");
+ BIO_printf(bio_err, "-algorithm alg the public key algorithm\n");
+ BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n"
+ " to value <value>\n");
+ BIO_printf(bio_err, "-genparam generate parameters, not key\n");
+ BIO_printf(bio_err, "-text print the in text\n");
+ BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n");
+ goto end;
+ }
+
+ if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
+ {
+ BIO_puts(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (outfile)
+ {
+ if (!(out = BIO_new_file (outfile, "wb")))
+ {
+ BIO_printf(bio_err,
+ "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ }
+ else
+ {
+ out = BIO_new_fp (stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
+ EVP_PKEY_CTX_set_app_data(ctx, bio_err);
+
+ if (do_param)
+ {
+ if (EVP_PKEY_paramgen(ctx, &pkey) <= 0)
+ {
+ BIO_puts(bio_err, "Error generating parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ else
+ {
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+ {
+ BIO_puts(bio_err, "Error generating key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (do_param)
+ rv = PEM_write_bio_Parameters(out, pkey);
+ else if (outformat == FORMAT_PEM)
+ rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
+ NULL, pass);
+ else if (outformat == FORMAT_ASN1)
+ rv = i2d_PrivateKey_bio(out, pkey);
+ else
+ {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ goto end;
+ }
+
+ if (rv <= 0)
+ {
+ BIO_puts(bio_err, "Error writing key\n");
+ ERR_print_errors(bio_err);
+ }
+
+ if (text)
+ {
+ if (do_param)
+ rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
+ else
+ rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
+
+ if (rv <= 0)
+ {
+ BIO_puts(bio_err, "Error printing key\n");
+ ERR_print_errors(bio_err);
+ }
+ }
+
+ ret = 0;
+
+ end:
+ if (pkey)
+ EVP_PKEY_free(pkey);
+ if (ctx)
+ EVP_PKEY_CTX_free(ctx);
+ if (out)
+ BIO_free_all(out);
+ BIO_free(in);
+ if (pass)
+ OPENSSL_free(pass);
+
+ return ret;
+ }
+
+static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
+ const char *file, ENGINE *e)
+ {
+ BIO *pbio;
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ if (*pctx)
+ {
+ BIO_puts(err, "Parameters already set!\n");
+ return 0;
+ }
+
+ pbio = BIO_new_file(file, "r");
+ if (!pbio)
+ {
+ BIO_printf(err, "Can't open parameter file %s\n", file);
+ return 0;
+ }
+
+ pkey = PEM_read_bio_Parameters(pbio, NULL);
+ BIO_free(pbio);
+
+ if (!pkey)
+ {
+ BIO_printf(bio_err, "Error reading parameter file %s\n", file);
+ return 0;
+ }
+
+ ctx = EVP_PKEY_CTX_new(pkey, e);
+ if (!ctx)
+ goto err;
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+ goto err;
+ EVP_PKEY_free(pkey);
+ *pctx = ctx;
+ return 1;
+
+ err:
+ BIO_puts(err, "Error initializing context\n");
+ ERR_print_errors(err);
+ if (ctx)
+ EVP_PKEY_CTX_free(ctx);
+ if (pkey)
+ EVP_PKEY_free(pkey);
+ return 0;
+
+ }
+
+int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
+ const char *algname, ENGINE *e, int do_param)
+ {
+ EVP_PKEY_CTX *ctx = NULL;
+ const EVP_PKEY_ASN1_METHOD *ameth;
+ ENGINE *tmpeng = NULL;
+ int pkey_id;
+
+ if (*pctx)
+ {
+ BIO_puts(err, "Algorithm already set!\n");
+ return 0;
+ }
+
+ ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
+
+#ifndef OPENSSL_NO_ENGINE
+ if (!ameth && e)
+ ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
+#endif
+
+ if (!ameth)
+ {
+ BIO_printf(bio_err, "Algorithm %s not found\n", algname);
+ return 0;
+ }
+
+ ERR_clear_error();
+
+ EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+#ifndef OPENSSL_NO_ENGINE
+ if (tmpeng)
+ ENGINE_finish(tmpeng);
+#endif
+ ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
+
+ if (!ctx)
+ goto err;
+ if (do_param)
+ {
+ if (EVP_PKEY_paramgen_init(ctx) <= 0)
+ goto err;
+ }
+ else
+ {
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+ goto err;
+ }
+
+ *pctx = ctx;
+ return 1;
+
+ err:
+ BIO_printf(err, "Error initializing %s context\n", algname);
+ ERR_print_errors(err);
+ if (ctx)
+ EVP_PKEY_CTX_free(ctx);
+ return 0;
+
+ }
+
+static int genpkey_cb(EVP_PKEY_CTX *ctx)
+ {
+ char c='*';
+ BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+ int p;
+ p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(b,&c,1);
+ (void)BIO_flush(b);
+#ifdef LINT
+ p=n;
+#endif
+ return 1;
+ }
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 1599bb7..fdc0d4a 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -95,6 +95,7 @@
int ret=1;
int i,num=DEFBITS;
long l;
+ int use_x931 = 0;
const EVP_CIPHER *enc=NULL;
unsigned long f4=RSA_F4;
char *outfile=NULL;
@@ -138,6 +139,8 @@
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
+ else if (strcmp(*argv,"-x931") == 0)
+ use_x931 = 1;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
@@ -266,7 +269,17 @@
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
num);
- if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
+ if (use_x931)
+ {
+ BIGNUM *pubexp;
+ pubexp = BN_new();
+ if (!BN_set_word(pubexp, f4))
+ goto err;
+ if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb))
+ goto err;
+ BN_free(pubexp);
+ }
+ else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
app_RAND_write_file(NULL, bio_err);
diff --git a/apps/makeapps.com b/apps/makeapps.com
index 826ab5b..0580a1f 100644
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -142,7 +142,7 @@
"RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+-
"X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
"S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
- "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;CMS;RAND;ENGINE;OCSP;PRIME"
+ "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP;PRIME"
$ TCPIP_PROGRAMS = ",,"
$ IF COMPILER .EQS. "VAXC" THEN -
TCPIP_PROGRAMS = ",OPENSSL,"
diff --git a/apps/nseq.c b/apps/nseq.c
index dc71d45..e3c4dba 100644
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -1,5 +1,5 @@
/* nseq.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 1001f3b..251044d 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1,5 +1,5 @@
/* ocsp.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/apps/openssl.c b/apps/openssl.c
index 47aee5b..7d2b476 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -147,6 +147,7 @@
#ifdef MONOLITH
CONF *config=NULL;
BIO *bio_err=NULL;
+int in_FIPS_mode=0;
#endif
@@ -232,6 +233,19 @@
arg.data=NULL;
arg.count=0;
+ in_FIPS_mode = 0;
+
+#ifdef OPENSSL_FIPS
+ if(getenv("OPENSSL_FIPS")) {
+ if (!FIPS_mode_set(1)) {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+ in_FIPS_mode = 1;
+ }
+#endif
+
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 7c71b1a..248bc11 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,5 +1,5 @@
/* pkcs12.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
@@ -100,6 +100,7 @@
char **args;
char *name = NULL;
char *csp_name = NULL;
+ int add_lmk = 0;
PKCS12 *p12 = NULL;
char pass[50], macpass[50];
int export_cert = 0;
@@ -110,7 +111,7 @@
int maciter = PKCS12_DEFAULT_ITER;
int twopass = 0;
int keytype = 0;
- int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+ int cert_pbe;
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1;
int macver = 1;
@@ -127,6 +128,13 @@
apps_startup();
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+#endif
+ cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
enc = EVP_des_ede3_cbc();
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
@@ -224,7 +232,9 @@
args++;
name = *args;
} else badarg = 1;
- } else if (!strcmp (*args, "-CSP")) {
+ } else if (!strcmp (*args, "-LMK"))
+ add_lmk = 1;
+ else if (!strcmp (*args, "-CSP")) {
if (args[1]) {
args++;
csp_name = *args;
@@ -338,6 +348,8 @@
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
+ BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
goto end;
}
@@ -562,7 +574,9 @@
if (csp_name && key)
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
MBSTRING_ASC, (unsigned char *)csp_name, -1);
-
+
+ if (add_lmk && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index d508544..9633a14 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -1,5 +1,5 @@
/* pkcs8.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999-2004.
*/
/* ====================================================================
diff --git a/apps/pkey.c b/apps/pkey.c
new file mode 100644
index 0000000..17e6702
--- /dev/null
+++ b/apps/pkey.c
@@ -0,0 +1,284 @@
+/* apps/pkey.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+#define PROG pkey_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ char **args, *infile = NULL, *outfile = NULL;
+ char *passargin = NULL, *passargout = NULL;
+ BIO *in = NULL, *out = NULL;
+ const EVP_CIPHER *cipher = NULL;
+ int informat, outformat;
+ int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
+ EVP_PKEY *pkey=NULL;
+ char *passin = NULL, *passout = NULL;
+ int badarg = 0;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+ int ret = 1;
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ args = argv + 1;
+ while (!badarg && *args && *args[0] == '-')
+ {
+ if (!strcmp(*args,"-inform"))
+ {
+ if (args[1])
+ {
+ args++;
+ informat=str2fmt(*args);
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args,"-outform"))
+ {
+ if (args[1])
+ {
+ args++;
+ outformat=str2fmt(*args);
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp(*args,"-passin"))
+ {
+ if (!args[1]) goto bad;
+ passargin= *(++args);
+ }
+ else if (!strcmp(*args,"-passout"))
+ {
+ if (!args[1]) goto bad;
+ passargout= *(++args);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*args,"-engine") == 0)
+ {
+ if (!args[1]) goto bad;
+ engine= *(++args);
+ }
+#endif
+ else if (!strcmp (*args, "-in"))
+ {
+ if (args[1])
+ {
+ args++;
+ infile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-out"))
+ {
+ if (args[1])
+ {
+ args++;
+ outfile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (strcmp(*args,"-pubin") == 0)
+ {
+ pubin=1;
+ pubout=1;
+ pubtext=1;
+ }
+ else if (strcmp(*args,"-pubout") == 0)
+ pubout=1;
+ else if (strcmp(*args,"-text_pub") == 0)
+ {
+ pubtext=1;
+ text=1;
+ }
+ else if (strcmp(*args,"-text") == 0)
+ text=1;
+ else if (strcmp(*args,"-noout") == 0)
+ noout=1;
+ else
+ {
+ cipher = EVP_get_cipherbyname(*args + 1);
+ if (!cipher)
+ {
+ BIO_printf(bio_err, "Unknown cipher %s\n",
+ *args + 1);
+ badarg = 1;
+ }
+ }
+ args++;
+ }
+
+ if (badarg)
+ {
+ bad:
+ BIO_printf(bio_err, "Usage pkey [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
+ BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
+ return 1;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+ {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ if (outfile)
+ {
+ if (!(out = BIO_new_file (outfile, "wb")))
+ {
+ BIO_printf(bio_err,
+ "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ }
+ else
+ {
+ out = BIO_new_fp (stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if (pubin)
+ pkey = load_pubkey(bio_err, infile, informat, 1,
+ passin, e, "Public Key");
+ else
+ pkey = load_key(bio_err, infile, informat, 1,
+ passin, e, "key");
+ if (!pkey)
+ goto end;
+
+ if (!noout)
+ {
+ if (outformat == FORMAT_PEM)
+ {
+ if (pubout)
+ PEM_write_bio_PUBKEY(out,pkey);
+ else
+ PEM_write_bio_PrivateKey(out, pkey, cipher,
+ NULL, 0, NULL, passout);
+ }
+ else if (outformat == FORMAT_ASN1)
+ {
+ if (pubout)
+ i2d_PUBKEY_bio(out, pkey);
+ else
+ i2d_PrivateKey_bio(out, pkey);
+ }
+ else
+ {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ goto end;
+ }
+
+ }
+
+ if (text)
+ {
+ if (pubtext)
+ EVP_PKEY_print_public(out, pkey, 0, NULL);
+ else
+ EVP_PKEY_print_private(out, pkey, 0, NULL);
+ }
+
+ ret = 0;
+
+ end:
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ BIO_free(in);
+ if (passin)
+ OPENSSL_free(passin);
+ if (passout)
+ OPENSSL_free(passout);
+
+ return ret;
+ }
diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
new file mode 100644
index 0000000..4319eb4
--- /dev/null
+++ b/apps/pkeyparam.c
@@ -0,0 +1,201 @@
+/* apps/pkeyparam.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+#define PROG pkeyparam_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ char **args, *infile = NULL, *outfile = NULL;
+ BIO *in = NULL, *out = NULL;
+ int text = 0, noout = 0;
+ EVP_PKEY *pkey=NULL;
+ int badarg = 0;
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *e = NULL;
+ char *engine=NULL;
+#endif
+ int ret = 1;
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ args = argv + 1;
+ while (!badarg && *args && *args[0] == '-')
+ {
+ if (!strcmp (*args, "-in"))
+ {
+ if (args[1])
+ {
+ args++;
+ infile = *args;
+ }
+ else badarg = 1;
+ }
+ else if (!strcmp (*args, "-out"))
+ {
+ if (args[1])
+ {
+ args++;
+ outfile = *args;
+ }
+ else badarg = 1;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*args,"-engine") == 0)
+ {
+ if (!args[1]) goto bad;
+ engine= *(++args);
+ }
+#endif
+
+ else if (strcmp(*args,"-text") == 0)
+ text=1;
+ else if (strcmp(*args,"-noout") == 0)
+ noout=1;
+ args++;
+ }
+
+ if (badarg)
+ {
+#ifndef OPENSSL_NO_ENGINE
+ bad:
+#endif
+ BIO_printf(bio_err, "Usage pkeyparam [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-text print parameters as text\n");
+ BIO_printf(bio_err, "-noout don't output encoded parameters\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
+ return 1;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (infile)
+ {
+ if (!(in = BIO_new_file (infile, "r")))
+ {
+ BIO_printf(bio_err,
+ "Can't open input file %s\n", infile);
+ goto end;
+ }
+ }
+ else
+ in = BIO_new_fp (stdin, BIO_NOCLOSE);
+
+ if (outfile)
+ {
+ if (!(out = BIO_new_file (outfile, "w")))
+ {
+ BIO_printf(bio_err,
+ "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ }
+ else
+ {
+ out = BIO_new_fp (stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ pkey = PEM_read_bio_Parameters(in, NULL);
+ if (!pkey)
+ {
+ BIO_printf(bio_err, "Error reading paramters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (!noout)
+ PEM_write_bio_Parameters(out,pkey);
+
+ if (text)
+ EVP_PKEY_print_params(out, pkey, 0, NULL);
+
+ ret = 0;
+
+ end:
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ BIO_free(in);
+
+ return ret;
+ }
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
new file mode 100644
index 0000000..b808e1e
--- /dev/null
+++ b/apps/pkeyutl.c
@@ -0,0 +1,570 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include "apps.h"
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+
+#define KEY_PRIVKEY 1
+#define KEY_PUBKEY 2
+#define KEY_CERT 3
+
+static void usage(void);
+
+#undef PROG
+
+#define PROG pkeyutl_main
+
+static EVP_PKEY_CTX *init_ctx(int *pkeysize,
+ char *keyfile, int keyform, int key_type,
+ char *passargin, int pkey_op, ENGINE *e);
+
+static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
+ const char *file);
+
+static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
+ unsigned char *out, size_t *poutlen,
+ unsigned char *in, size_t inlen);
+
+int MAIN(int argc, char **);
+
+int MAIN(int argc, char **argv)
+{
+ BIO *in = NULL, *out = NULL;
+ char *infile = NULL, *outfile = NULL, *sigfile = NULL;
+ ENGINE *e = NULL;
+ int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
+ int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
+ char badarg = 0, rev = 0;
+ char hexdump = 0, asn1parse = 0;
+ EVP_PKEY_CTX *ctx = NULL;
+ char *passargin = NULL;
+ int keysize = -1;
+
+ unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
+ size_t buf_outlen;
+ int buf_inlen = 0, siglen = -1;
+
+ int ret = 1, rv = -1;
+
+ argc--;
+ argv++;
+
+ if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+
+ while(argc >= 1)
+ {
+ if (!strcmp(*argv,"-in"))
+ {
+ if (--argc < 1) badarg = 1;
+ infile= *(++argv);
+ }
+ else if (!strcmp(*argv,"-out"))
+ {
+ if (--argc < 1) badarg = 1;
+ outfile= *(++argv);
+ }
+ else if (!strcmp(*argv,"-sigfile"))
+ {
+ if (--argc < 1) badarg = 1;
+ sigfile= *(++argv);
+ }
+ else if(!strcmp(*argv, "-inkey"))
+ {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ {
+ ctx = init_ctx(&keysize,
+ *(++argv), keyform, key_type,
+ passargin, pkey_op, e);
+ if (!ctx)
+ {
+ BIO_puts(bio_err,
+ "Error initializing context\n");
+ ERR_print_errors(bio_err);
+ badarg = 1;
+ }
+ }
+ }
+ else if (!strcmp(*argv,"-peerkey"))
+ {
+ if (--argc < 1)
+ badarg = 1;
+ else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
+ badarg = 1;
+ }
+ else if (!strcmp(*argv,"-passin"))
+ {
+ if (--argc < 1) badarg = 1;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-peerform") == 0)
+ {
+ if (--argc < 1) badarg = 1;
+ peerform=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) badarg = 1;
+ keyform=str2fmt(*(++argv));
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if(!strcmp(*argv, "-engine"))
+ {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ e = setup_engine(bio_err, *(++argv), 0);
+ }
+#endif
+ else if(!strcmp(*argv, "-pubin"))
+ key_type = KEY_PUBKEY;
+ else if(!strcmp(*argv, "-certin"))
+ key_type = KEY_CERT;
+ else if(!strcmp(*argv, "-asn1parse"))
+ asn1parse = 1;
+ else if(!strcmp(*argv, "-hexdump"))
+ hexdump = 1;
+ else if(!strcmp(*argv, "-sign"))
+ pkey_op = EVP_PKEY_OP_SIGN;
+ else if(!strcmp(*argv, "-verify"))
+ pkey_op = EVP_PKEY_OP_VERIFY;
+ else if(!strcmp(*argv, "-verifyrecover"))
+ pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
+ else if(!strcmp(*argv, "-rev"))
+ rev = 1;
+ else if(!strcmp(*argv, "-encrypt"))
+ pkey_op = EVP_PKEY_OP_ENCRYPT;
+ else if(!strcmp(*argv, "-decrypt"))
+ pkey_op = EVP_PKEY_OP_DECRYPT;
+ else if(!strcmp(*argv, "-derive"))
+ pkey_op = EVP_PKEY_OP_DERIVE;
+ else if (strcmp(*argv,"-pkeyopt") == 0)
+ {
+ if (--argc < 1)
+ badarg = 1;
+ else if (!ctx)
+ {
+ BIO_puts(bio_err,
+ "-pkeyopt command before -inkey\n");
+ badarg = 1;
+ }
+ else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
+ {
+ BIO_puts(bio_err, "parameter setting error\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ else badarg = 1;
+ if(badarg)
+ {
+ usage();
+ goto end;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (!ctx)
+ {
+ usage();
+ goto end;
+ }
+
+ if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY))
+ {
+ BIO_puts(bio_err, "Signature file specified for non verify\n");
+ goto end;
+ }
+
+ if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY))
+ {
+ BIO_puts(bio_err, "No signature file specified for verify\n");
+ goto end;
+ }
+
+/* FIXME: seed PRNG only if needed */
+ app_RAND_load_file(NULL, bio_err, 0);
+
+ if (pkey_op != EVP_PKEY_OP_DERIVE)
+ {
+ if(infile)
+ {
+ if(!(in = BIO_new_file(infile, "rb")))
+ {
+ BIO_puts(bio_err,
+ "Error Opening Input File\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ }
+
+ if(outfile)
+ {
+ if(!(out = BIO_new_file(outfile, "wb")))
+ {
+ BIO_printf(bio_err, "Error Creating Output File\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ else
+ {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if (sigfile)
+ {
+ BIO *sigbio = BIO_new_file(sigfile, "rb");
+ if (!sigbio)
+ {
+ BIO_printf(bio_err, "Can't open signature file %s\n",
+ sigfile);
+ goto end;
+ }
+ siglen = bio_to_mem(&sig, keysize * 10, sigbio);
+ BIO_free(sigbio);
+ if (siglen <= 0)
+ {
+ BIO_printf(bio_err, "Error reading signature data\n");
+ goto end;
+ }
+ }
+
+ if (in)
+ {
+ /* Read the input data */
+ buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
+ if(buf_inlen <= 0)
+ {
+ BIO_printf(bio_err, "Error reading input Data\n");
+ exit(1);
+ }
+ if(rev)
+ {
+ size_t i;
+ unsigned char ctmp;
+ size_t l = (size_t)buf_inlen;
+ for(i = 0; i < l/2; i++)
+ {
+ ctmp = buf_in[i];
+ buf_in[i] = buf_in[l - 1 - i];
+ buf_in[l - 1 - i] = ctmp;
+ }
+ }
+ }
+
+ if(pkey_op == EVP_PKEY_OP_VERIFY)
+ {
+ rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
+ buf_in, (size_t)buf_inlen);
+ if (rv == 0)
+ BIO_puts(out, "Signature Verification Failure\n");
+ else if (rv == 1)
+ BIO_puts(out, "Signature Verified Successfully\n");
+ if (rv >= 0)
+ goto end;
+ }
+ else
+ {
+ rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
+ buf_in, (size_t)buf_inlen);
+ if (rv > 0)
+ {
+ buf_out = OPENSSL_malloc(buf_outlen);
+ if (!buf_out)
+ rv = -1;
+ else
+ rv = do_keyop(ctx, pkey_op,
+ buf_out, (size_t *)&buf_outlen,
+ buf_in, (size_t)buf_inlen);
+ }
+ }
+
+ if(rv <= 0)
+ {
+ BIO_printf(bio_err, "Public Key operation error\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret = 0;
+ if(asn1parse)
+ {
+ if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
+ ERR_print_errors(bio_err);
+ }
+ else if(hexdump)
+ BIO_dump(out, (char *)buf_out, buf_outlen);
+ else
+ BIO_write(out, buf_out, buf_outlen);
+
+ end:
+ if (ctx)
+ EVP_PKEY_CTX_free(ctx);
+ BIO_free(in);
+ BIO_free_all(out);
+ if (buf_in)
+ OPENSSL_free(buf_in);
+ if (buf_out)
+ OPENSSL_free(buf_out);
+ if (sig)
+ OPENSSL_free(sig);
+ return ret;
+}
+
+static void usage()
+{
+ BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-signature file signature file (verify operation only)\n");
+ BIO_printf(bio_err, "-inkey file input key\n");
+ BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
+ BIO_printf(bio_err, "-pubin input is a public key\n");
+ BIO_printf(bio_err, "-certin input is a certificate carrying a public key\n");
+ BIO_printf(bio_err, "-pkeyopt X:Y public key options\n");
+ BIO_printf(bio_err, "-sign sign with private key\n");
+ BIO_printf(bio_err, "-verify verify with public key\n");
+ BIO_printf(bio_err, "-verifyrecover verify with public key, recover original data\n");
+ BIO_printf(bio_err, "-encrypt encrypt with public key\n");
+ BIO_printf(bio_err, "-decrypt decrypt with private key\n");
+ BIO_printf(bio_err, "-derive derive shared secret\n");
+ BIO_printf(bio_err, "-hexdump hex dump output\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err, "-passin arg pass phrase source\n");
+
+}
+
+static EVP_PKEY_CTX *init_ctx(int *pkeysize,
+ char *keyfile, int keyform, int key_type,
+ char *passargin, int pkey_op, ENGINE *e)
+ {
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ char *passin = NULL;
+ int rv = -1;
+ X509 *x;
+ if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
+ || (pkey_op == EVP_PKEY_OP_DERIVE))
+ && (key_type != KEY_PRIVKEY))
+ {
+ BIO_printf(bio_err, "A private key is needed for this operation\n");
+ goto end;
+ }
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+ switch(key_type)
+ {
+ case KEY_PRIVKEY:
+ pkey = load_key(bio_err, keyfile, keyform, 0,
+ passin, e, "Private Key");
+ break;
+
+ case KEY_PUBKEY:
+ pkey = load_pubkey(bio_err, keyfile, keyform, 0,
+ NULL, e, "Public Key");
+ break;
+
+ case KEY_CERT:
+ x = load_cert(bio_err, keyfile, keyform,
+ NULL, e, "Certificate");
+ if(x)
+ {
+ pkey = X509_get_pubkey(x);
+ X509_free(x);
+ }
+ break;
+
+ }
+
+ *pkeysize = EVP_PKEY_size(pkey);
+
+ if (!pkey)
+ goto end;
+
+ ctx = EVP_PKEY_CTX_new(pkey, e);
+
+ EVP_PKEY_free(pkey);
+
+ if (!ctx)
+ goto end;
+
+ switch(pkey_op)
+ {
+ case EVP_PKEY_OP_SIGN:
+ rv = EVP_PKEY_sign_init(ctx);
+ break;
+
+ case EVP_PKEY_OP_VERIFY:
+ rv = EVP_PKEY_verify_init(ctx);
+ break;
+
+ case EVP_PKEY_OP_VERIFYRECOVER:
+ rv = EVP_PKEY_verify_recover_init(ctx);
+ break;
+
+ case EVP_PKEY_OP_ENCRYPT:
+ rv = EVP_PKEY_encrypt_init(ctx);
+ break;
+
+ case EVP_PKEY_OP_DECRYPT:
+ rv = EVP_PKEY_decrypt_init(ctx);
+ break;
+
+ case EVP_PKEY_OP_DERIVE:
+ rv = EVP_PKEY_derive_init(ctx);
+ break;
+ }
+
+ if (rv <= 0)
+ {
+ EVP_PKEY_CTX_free(ctx);
+ ctx = NULL;
+ }
+
+ end:
+
+ if (passin)
+ OPENSSL_free(passin);
+
+ return ctx;
+
+
+ }
+
+static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
+ const char *file)
+ {
+ EVP_PKEY *peer = NULL;
+ int ret;
+ if (!ctx)
+ {
+ BIO_puts(err, "-peerkey command before -inkey\n");
+ return 0;
+ }
+
+ peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
+
+ if (!peer)
+ {
+ BIO_printf(bio_err, "Error reading peer key %s\n", file);
+ ERR_print_errors(err);
+ return 0;
+ }
+
+ ret = EVP_PKEY_derive_set_peer(ctx, peer);
+
+ EVP_PKEY_free(peer);
+ if (ret <= 0)
+ ERR_print_errors(err);
+ return ret;
+ }
+
+static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
+ unsigned char *out, size_t *poutlen,
+ unsigned char *in, size_t inlen)
+ {
+ int rv = 0;
+ switch(pkey_op)
+ {
+ case EVP_PKEY_OP_VERIFYRECOVER:
+ rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
+ break;
+
+ case EVP_PKEY_OP_SIGN:
+ rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
+ break;
+
+ case EVP_PKEY_OP_ENCRYPT:
+ rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
+ break;
+
+ case EVP_PKEY_OP_DECRYPT:
+ rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
+ break;
+
+ case EVP_PKEY_OP_DERIVE:
+ rv = EVP_PKEY_derive(ctx, out, poutlen);
+ break;
+
+ }
+ return rv;
+ }
diff --git a/apps/progs.h b/apps/progs.h
index 6b07c4b..4e7d32a 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -41,7 +41,9 @@
extern int smime_main(int argc,char *argv[]);
extern int rand_main(int argc,char *argv[]);
extern int engine_main(int argc,char *argv[]);
+#ifndef OPENSSL_NO_OCSP
extern int ocsp_main(int argc,char *argv[]);
+#endif
extern int prime_main(int argc,char *argv[]);
#define FUNC_TYPE_GENERAL 1
diff --git a/apps/rand.c b/apps/rand.c
index c3b26c4..44a1d46 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -68,7 +68,8 @@
/* -out file - write to file
* -rand file:file - PRNG seed files
- * -base64 - encode output
+ * -base64 - base64 encode output
+ * -hex - hex encode output
* num - write 'num' bytes
*/
@@ -84,6 +85,7 @@
char *outfile = NULL;
char *inrand = NULL;
int base64 = 0;
+ int hex = 0;
BIO *out = NULL;
int num = -1;
#ifndef OPENSSL_NO_ENGINE
@@ -133,6 +135,13 @@
else
badopt = 1;
}
+ else if (strcmp(argv[i], "-hex") == 0)
+ {
+ if (!hex)
+ hex = 1;
+ else
+ badopt = 1;
+ }
else if (isdigit((unsigned char)argv[i][0]))
{
if (num < 0)
@@ -148,6 +157,9 @@
badopt = 1;
}
+ if (hex && base64)
+ badopt = 1;
+
if (num < 0)
badopt = 1;
@@ -160,7 +172,8 @@
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, "-base64 - encode output\n");
+ BIO_printf(bio_err, "-base64 - base64 encode output\n");
+ BIO_printf(bio_err, "-hex - hex encode output\n");
goto err;
}
@@ -210,9 +223,17 @@
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto err;
- BIO_write(out, buf, chunk);
+ if (!hex)
+ BIO_write(out, buf, chunk);
+ else
+ {
+ for (i = 0; i < chunk; i++)
+ BIO_printf(out, "%02x", buf[i]);
+ }
num -= chunk;
}
+ if (hex)
+ BIO_puts(out, "\n");
(void)BIO_flush(out);
app_RAND_write_file(NULL, bio_err);
diff --git a/apps/rsautl.c b/apps/rsautl.c
index f3c458e..923e2b6 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -1,5 +1,5 @@
/* rsautl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/apps/s_client.c b/apps/s_client.c
index 4ab3cba..4974f5f 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -221,6 +221,7 @@
BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
BIO_printf(bio_err," -quiet - no s_client output\n");
BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
+ BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n");
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
@@ -234,7 +235,8 @@
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
BIO_printf(bio_err," for those protocols that support it, where\n");
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
- BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n");
+ BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
+ BIO_printf(bio_err," are supported.\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
#endif
@@ -276,7 +278,8 @@
PROTO_SMTP,
PROTO_POP3,
PROTO_IMAP,
- PROTO_FTP
+ PROTO_FTP,
+ PROTO_XMPP
};
int MAIN(int, char **);
@@ -315,7 +318,11 @@
BIO *sbio;
char *inrand=NULL;
int mbuf_len=0;
+#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
+ char *ssl_client_engine_id=NULL;
+ ENGINE *ssl_client_engine=NULL;
+#endif
ENGINE *e=NULL;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
@@ -332,6 +339,9 @@
int peerlen = sizeof(peer);
int enable_timeouts = 0 ;
long mtu = 0;
+#ifndef OPENSSL_NO_JPAKE
+ char *jpake_secret = NULL;
+#endif
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_client_method();
@@ -432,6 +442,8 @@
}
else if (strcmp(*argv,"-ign_eof") == 0)
c_ign_eof=1;
+ else if (strcmp(*argv,"-no_ign_eof") == 0)
+ c_ign_eof=0;
else if (strcmp(*argv,"-pause") == 0)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)
@@ -544,6 +556,8 @@
starttls_proto = PROTO_IMAP;
else if (strcmp(*argv,"ftp") == 0)
starttls_proto = PROTO_FTP;
+ else if (strcmp(*argv, "xmpp") == 0)
+ starttls_proto = PROTO_XMPP;
else
goto bad;
}
@@ -553,6 +567,11 @@
if (--argc < 1) goto bad;
engine_id = *(++argv);
}
+ else if (strcmp(*argv,"-ssl_client_engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ssl_client_engine_id = *(++argv);
+ }
#endif
else if (strcmp(*argv,"-rand") == 0)
{
@@ -567,6 +586,13 @@
/* meth=TLSv1_client_method(); */
}
#endif
+#ifndef OPENSSL_NO_JPAKE
+ else if (strcmp(*argv,"-jpake") == 0)
+ {
+ if (--argc < 1) goto bad;
+ jpake_secret = *++argv;
+ }
+#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -588,6 +614,16 @@
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+ if (ssl_client_engine_id)
+ {
+ ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
+ if (!ssl_client_engine)
+ {
+ BIO_printf(bio_err,
+ "Error getting client auth engine\n");
+ goto end;
+ }
+ }
#endif
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
{
@@ -655,6 +691,20 @@
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
+ if (ssl_client_engine)
+ {
+ if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
+ {
+ BIO_puts(bio_err, "Error setting client auth engine\n");
+ ERR_print_errors(bio_err);
+ ENGINE_free(ssl_client_engine);
+ goto end;
+ }
+ ENGINE_free(ssl_client_engine);
+ }
+#endif
+
if (bugs)
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else
@@ -805,8 +855,6 @@
else
sbio=BIO_new_socket(s,BIO_NOCLOSE);
-
-
if (nbio_test)
{
BIO *test;
@@ -850,6 +898,10 @@
#endif
}
#endif
+#ifndef OPENSSL_NO_JPAKE
+ if (jpake_secret)
+ jpake_client_auth(bio_c_out, sbio, jpake_secret);
+#endif
SSL_set_bio(con,sbio,sbio);
SSL_set_connect_state(con);
@@ -956,6 +1008,28 @@
BIO_printf(sbio,"AUTH TLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
+ if (starttls_proto == PROTO_XMPP)
+ {
+ int seen = 0;
+ BIO_printf(sbio,"<stream:stream "
+ "xmlns:stream='http://etherx.jabber.org/streams' "
+ "xmlns='jabber:client' to='%s' version='1.0'>", host);
+ seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ mbuf[seen] = 0;
+ while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
+ {
+ if (strstr(mbuf, "/stream:features>"))
+ goto shut;
+ seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ mbuf[seen] = 0;
+ }
+ BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
+ seen = BIO_read(sbio,sbuf,BUFSIZZ);
+ sbuf[seen] = 0;
+ if (!strstr(sbuf, "<proceed"))
+ goto shut;
+ mbuf[0] = 0;
+ }
for (;;)
{
diff --git a/apps/s_server.c b/apps/s_server.c
index 7919c43..84b1b28 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -742,6 +742,10 @@
#endif
int MAIN(int, char **);
+#ifndef OPENSSL_NO_JPAKE
+static char *jpake_secret = NULL;
+#endif
+
int MAIN(int argc, char *argv[])
{
X509_STORE *store = NULL;
@@ -760,9 +764,7 @@
int state=0;
SSL_METHOD *meth=NULL;
int socket_type=SOCK_STREAM;
-#ifndef OPENSSL_NO_ENGINE
ENGINE *e=NULL;
-#endif
char *inrand=NULL;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
@@ -774,7 +776,6 @@
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
#endif
-
#ifndef OPENSSL_NO_TLSEXT
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
#endif
@@ -1071,6 +1072,14 @@
if (--argc < 1) goto bad;
s_key_file2= *(++argv);
}
+
+#endif
+#ifndef OPENSSL_NO_JPAKE
+ else if (strcmp(*argv,"-jpake") == 0)
+ {
+ if (--argc < 1) goto bad;
+ jpake_secret = *(++argv);
+ }
#endif
else
{
@@ -1673,6 +1682,11 @@
test=BIO_new(BIO_f_nbio_test());
sbio=BIO_push(test,sbio);
}
+#ifndef OPENSSL_NO_JPAKE
+ if(jpake_secret)
+ jpake_server_auth(bio_s_out, sbio, jpake_secret);
+#endif
+
SSL_set_bio(con,sbio,sbio);
SSL_set_accept_state(con);
/* SSL_set_fd(con,s); */
diff --git a/apps/smime.c b/apps/smime.c
index ce8a1cb..75804b8 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -1,5 +1,5 @@
/* smime.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
diff --git a/apps/speed.c b/apps/speed.c
index 65b8483..6b135fb 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2762,6 +2762,8 @@
for(n=0 ; n < multi ; ++n)
{
pipe(fd);
+ fflush(stdout);
+ fflush(stderr);
if(fork())
{
close(fd[1]);
diff --git a/apps/spkac.c b/apps/spkac.c
index 01fe406..0e01ea9 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -1,6 +1,6 @@
/* apps/spkac.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999. Based on an original idea by Massimiliano Pala
* (madwolf@openca.org).
*/
diff --git a/apps/ts.c b/apps/ts.c
new file mode 100644
index 0000000..74e7e93
--- /dev/null
+++ b/apps/ts.c
@@ -0,0 +1,1144 @@
+/* apps/ts.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/ts.h>
+#include <openssl/bn.h>
+
+#undef PROG
+#define PROG ts_main
+
+/* Length of the nonce of the request in bits (must be a multiple of 8). */
+#define NONCE_LENGTH 64
+
+/* Macro definitions for the configuration file. */
+#define ENV_OID_FILE "oid_file"
+
+/* Local function declarations. */
+
+static ASN1_OBJECT *txt2obj(const char *oid);
+static CONF *load_config_file(const char *configfile);
+
+/* Query related functions. */
+static int query_command(const char *data, char *digest,
+ const EVP_MD *md, const char *policy, int no_nonce,
+ int cert, const char *in, const char *out, int text);
+static BIO *BIO_open_with_default(const char *file, const char *mode,
+ FILE *default_fp);
+static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
+ const char *policy, int no_nonce, int cert);
+static int create_digest(BIO *input, char *digest,
+ const EVP_MD *md, unsigned char **md_value);
+static ASN1_INTEGER *create_nonce(int bits);
+
+/* Reply related functions. */
+static int reply_command(CONF *conf, char *section, char *engine,
+ char *queryfile, char *passin, char *inkey,
+ char *signer, char *chain, const char *policy,
+ char *in, int token_in, char *out, int token_out,
+ int text);
+static TS_RESP *read_PKCS7(BIO *in_bio);
+static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
+ char *queryfile, char *passin, char *inkey,
+ char *signer, char *chain, const char *policy);
+static ASN1_INTEGER * MS_CALLBACK serial_cb(TS_RESP_CTX *ctx, void *data);
+static ASN1_INTEGER *next_serial(const char *serialfile);
+static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
+
+/* Verify related functions. */
+static int verify_command(char *data, char *digest, char *queryfile,
+ char *in, int token_in,
+ char *ca_path, char *ca_file, char *untrusted);
+static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
+ char *queryfile,
+ char *ca_path, char *ca_file,
+ char *untrusted);
+static X509_STORE *create_cert_store(char *ca_path, char *ca_file);
+static int MS_CALLBACK verify_cb(int ok, X509_STORE_CTX *ctx);
+
+/* Main function definition. */
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int ret = 1;
+ char *configfile = NULL;
+ char *section = NULL;
+ CONF *conf = NULL;
+ enum mode {
+ CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY
+ } mode = CMD_NONE;
+ char *data = NULL;
+ char *digest = NULL;
+ const EVP_MD *md = NULL;
+ char *rnd = NULL;
+ char *policy = NULL;
+ int no_nonce = 0;
+ int cert = 0;
+ char *in = NULL;
+ char *out = NULL;
+ int text = 0;
+ char *queryfile = NULL;
+ char *passin = NULL; /* Password source. */
+ char *password =NULL; /* Password itself. */
+ char *inkey = NULL;
+ char *signer = NULL;
+ char *chain = NULL;
+ char *ca_path = NULL;
+ char *ca_file = NULL;
+ char *untrusted = NULL;
+ char *engine = NULL;
+ /* Input is ContentInfo instead of TimeStampResp. */
+ int token_in = 0;
+ /* Output is ContentInfo instead of TimeStampResp. */
+ int token_out = 0;
+ int free_bio_err = 0;
+
+ ERR_load_crypto_strings();
+ apps_startup();
+
+ if (bio_err == NULL && (bio_err = BIO_new(BIO_s_file())) != NULL)
+ {
+ free_bio_err = 1;
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ }
+
+ for (argc--, argv++; argc > 0; argc--, argv++)
+ {
+ if (strcmp(*argv, "-config") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ configfile = *++argv;
+ }
+ else if (strcmp(*argv, "-section") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ section = *++argv;
+ }
+ else if (strcmp(*argv, "-query") == 0)
+ {
+ if (mode != CMD_NONE) goto usage;
+ mode = CMD_QUERY;
+ }
+ else if (strcmp(*argv, "-data") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ data = *++argv;
+ }
+ else if (strcmp(*argv, "-digest") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ digest = *++argv;
+ }
+ else if (strcmp(*argv, "-rand") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ rnd = *++argv;
+ }
+ else if (strcmp(*argv, "-policy") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ policy = *++argv;
+ }
+ else if (strcmp(*argv, "-no_nonce") == 0)
+ {
+ no_nonce = 1;
+ }
+ else if (strcmp(*argv, "-cert") == 0)
+ {
+ cert = 1;
+ }
+ else if (strcmp(*argv, "-in") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ in = *++argv;
+ }
+ else if (strcmp(*argv, "-token_in") == 0)
+ {
+ token_in = 1;
+ }
+ else if (strcmp(*argv, "-out") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ out = *++argv;
+ }
+ else if (strcmp(*argv, "-token_out") == 0)
+ {
+ token_out = 1;
+ }
+ else if (strcmp(*argv, "-text") == 0)
+ {
+ text = 1;
+ }
+ else if (strcmp(*argv, "-reply") == 0)
+ {
+ if (mode != CMD_NONE) goto usage;
+ mode = CMD_REPLY;
+ }
+ else if (strcmp(*argv, "-queryfile") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ queryfile = *++argv;
+ }
+ else if (strcmp(*argv, "-passin") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ passin = *++argv;
+ }
+ else if (strcmp(*argv, "-inkey") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ inkey = *++argv;
+ }
+ else if (strcmp(*argv, "-signer") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ signer = *++argv;
+ }
+ else if (strcmp(*argv, "-chain") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ chain = *++argv;
+ }
+ else if (strcmp(*argv, "-verify") == 0)
+ {
+ if (mode != CMD_NONE) goto usage;
+ mode = CMD_VERIFY;
+ }
+ else if (strcmp(*argv, "-CApath") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ ca_path = *++argv;
+ }
+ else if (strcmp(*argv, "-CAfile") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ ca_file = *++argv;
+ }
+ else if (strcmp(*argv, "-untrusted") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ untrusted = *++argv;
+ }
+ else if (strcmp(*argv, "-engine") == 0)
+ {
+ if (argc-- < 1) goto usage;
+ engine = *++argv;
+ }
+ else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL)
+ {
+ /* empty. */
+ }
+ else
+ goto usage;
+ }
+
+ /* Seed the random number generator if it is going to be used. */
+ if (mode == CMD_QUERY && !no_nonce)
+ {
+ if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL)
+ BIO_printf(bio_err, "warning, not much extra random "
+ "data, consider using the -rand option\n");
+ if (rnd != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(rnd));
+ }
+
+ /* Get the password if required. */
+ if(mode == CMD_REPLY && passin &&
+ !app_passwd(bio_err, passin, NULL, &password, NULL))
+ {
+ BIO_printf(bio_err,"Error getting password.\n");
+ goto cleanup;
+ }
+
+ /* Check consistency of parameters and execute
+ the appropriate function. */
+ switch (mode)
+ {
+ case CMD_NONE:
+ goto usage;
+ case CMD_QUERY:
+ /* Data file and message imprint cannot be specified
+ at the same time. */
+ ret = data != NULL && digest != NULL;
+ if (ret) goto usage;
+ /* Load the config file for possible policy OIDs. */
+ conf = load_config_file(configfile);
+ ret = !query_command(data, digest, md, policy, no_nonce, cert,
+ in, out, text);
+ break;
+ case CMD_REPLY:
+ conf = load_config_file(configfile);
+ if (in == NULL)
+ {
+ ret = !(queryfile != NULL && conf != NULL && !token_in);
+ if (ret) goto usage;
+ }
+ else
+ {
+ /* 'in' and 'queryfile' are exclusive. */
+ ret = !(queryfile == NULL);
+ if (ret) goto usage;
+ }
+
+ ret = !reply_command(conf, section, engine, queryfile,
+ password, inkey, signer, chain, policy,
+ in, token_in, out, token_out, text);
+ break;
+ case CMD_VERIFY:
+ ret = !(((queryfile && !data && !digest)
+ || (!queryfile && data && !digest)
+ || (!queryfile && !data && digest))
+ && in != NULL);
+ if (ret) goto usage;
+
+ ret = !verify_command(data, digest, queryfile, in, token_in,
+ ca_path, ca_file, untrusted);
+ }
+
+ goto cleanup;
+
+ usage:
+ BIO_printf(bio_err, "usage:\n"
+ "ts -query [-rand file%cfile%c...] [-config configfile] "
+ "[-data file_to_hash] [-digest digest_bytes]"
+ "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
+ "[-policy object_id] [-no_nonce] [-cert] "
+ "[-in request.tsq] [-out request.tsq] [-text]\n",
+ LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, "or\n"
+ "ts -reply [-config configfile] [-section tsa_section] "
+ "[-queryfile request.tsq] [-passin password] "
+ "[-signer tsa_cert.pem] [-inkey private_key.pem] "
+ "[-chain certs_file.pem] [-policy object_id] "
+ "[-in response.tsr] [-token_in] "
+ "[-out response.tsr] [-token_out] [-text] [-engine id]\n");
+ BIO_printf(bio_err, "or\n"
+ "ts -verify [-data file_to_hash] [-digest digest_bytes] "
+ "[-queryfile request.tsq] "
+ "-in response.tsr [-token_in] "
+ "-CApath ca_path -CAfile ca_file.pem "
+ "-untrusted cert_file.pem\n");
+ cleanup:
+ /* Clean up. */
+ app_RAND_write_file(NULL, bio_err);
+ NCONF_free(conf);
+ OPENSSL_free(password);
+ OBJ_cleanup();
+ if (free_bio_err)
+ {
+ BIO_free_all(bio_err);
+ bio_err = NULL;
+ }
+
+ OPENSSL_EXIT(ret);
+ }
+
+/*
+ * Configuration file-related function definitions.
+ */
+
+static ASN1_OBJECT *txt2obj(const char *oid)
+ {
+ ASN1_OBJECT *oid_obj = NULL;
+
+ if (!(oid_obj = OBJ_txt2obj(oid, 0)))
+ BIO_printf(bio_err, "cannot convert %s to OID\n", oid);
+
+ return oid_obj;
+ }
+
+static CONF *load_config_file(const char *configfile)
+ {
+ CONF *conf = NULL;
+ long errorline = -1;
+
+ if (!configfile) configfile = getenv("OPENSSL_CONF");
+ if (!configfile) configfile = getenv("SSLEAY_CONF");
+
+ if (configfile &&
+ (!(conf = NCONF_new(NULL)) ||
+ NCONF_load(conf, configfile, &errorline) <= 0))
+ {
+ if (errorline <= 0)
+ BIO_printf(bio_err, "error loading the config file "
+ "'%s'\n", configfile);
+ else
+ BIO_printf(bio_err, "error on line %ld of config file "
+ "'%s'\n", errorline, configfile);
+ }
+
+ if (conf != NULL)
+ {
+ const char *p;
+
+ BIO_printf(bio_err,"Using configuration from %s\n", configfile);
+ p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
+ if (p != NULL)
+ {
+ BIO *oid_bio = BIO_new_file(p, "r");
+ if (!oid_bio)
+ ERR_print_errors(bio_err);
+ else
+ {
+ OBJ_create_objects(oid_bio);
+ BIO_free_all(oid_bio);
+ }
+ }
+ else
+ ERR_clear_error();
+ if(!add_oid_section(bio_err, conf))
+ ERR_print_errors(bio_err);
+ }
+ return conf;
+ }
+
+/*
+ * Query-related method definitions.
+ */
+
+static int query_command(const char *data, char *digest, const EVP_MD *md,
+ const char *policy, int no_nonce,
+ int cert, const char *in, const char *out, int text)
+ {
+ int ret = 0;
+ TS_REQ *query = NULL;
+ BIO *in_bio = NULL;
+ BIO *data_bio = NULL;
+ BIO *out_bio = NULL;
+
+ /* Build query object either from file or from scratch. */
+ if (in != NULL)
+ {
+ if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end;
+ query = d2i_TS_REQ_bio(in_bio, NULL);
+ }
+ else
+ {
+ /* Open the file if no explicit digest bytes were specified. */
+ if (!digest
+ && !(data_bio = BIO_open_with_default(data, "rb", stdin)))
+ goto end;
+ /* Creating the query object. */
+ query = create_query(data_bio, digest, md,
+ policy, no_nonce, cert);
+ /* Saving the random number generator state. */
+ }
+ if (query == NULL) goto end;
+
+ /* Write query either in ASN.1 or in text format. */
+ if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
+ goto end;
+ if (text)
+ {
+ /* Text output. */
+ if (!TS_REQ_print_bio(out_bio, query))
+ goto end;
+ }
+ else
+ {
+ /* ASN.1 output. */
+ if (!i2d_TS_REQ_bio(out_bio, query))
+ goto end;
+ }
+
+ ret = 1;
+
+ end:
+ ERR_print_errors(bio_err);
+
+ /* Clean up. */
+ BIO_free_all(in_bio);
+ BIO_free_all(data_bio);
+ BIO_free_all(out_bio);
+ TS_REQ_free(query);
+
+ return ret;
+ }
+
+static BIO *BIO_open_with_default(const char *file, const char *mode,
+ FILE *default_fp)
+ {
+ return file == NULL ?
+ BIO_new_fp(default_fp, BIO_NOCLOSE)
+ : BIO_new_file(file, mode);
+ }
+
+static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
+ const char *policy, int no_nonce, int cert)
+ {
+ int ret = 0;
+ TS_REQ *ts_req = NULL;
+ int len;
+ TS_MSG_IMPRINT *msg_imprint = NULL;
+ X509_ALGOR *algo = NULL;
+ unsigned char *data = NULL;
+ ASN1_OBJECT *policy_obj = NULL;
+ ASN1_INTEGER *nonce_asn1 = NULL;
+
+ /* Setting default message digest. */
+ if (!md && !(md = EVP_get_digestbyname("sha1"))) goto err;
+
+ /* Creating request object. */
+ if (!(ts_req = TS_REQ_new())) goto err;
+
+ /* Setting version. */
+ if (!TS_REQ_set_version(ts_req, 1)) goto err;
+
+ /* Creating and adding MSG_IMPRINT object. */
+ if (!(msg_imprint = TS_MSG_IMPRINT_new())) goto err;
+
+ /* Adding algorithm. */
+ if (!(algo = X509_ALGOR_new())) goto err;
+ if (!(algo->algorithm = OBJ_nid2obj(EVP_MD_type(md)))) goto err;
+ if (!(algo->parameter = ASN1_TYPE_new())) goto err;
+ algo->parameter->type = V_ASN1_NULL;
+ if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) goto err;
+
+ /* Adding message digest. */
+ if ((len = create_digest(data_bio, digest, md, &data)) == 0)
+ goto err;
+ if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len)) goto err;
+
+ if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint)) goto err;
+
+ /* Setting policy if requested. */
+ if (policy && !(policy_obj = txt2obj(policy))) goto err;
+ if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj)) goto err;
+
+ /* Setting nonce if requested. */
+ if (!no_nonce && !(nonce_asn1 = create_nonce(NONCE_LENGTH))) goto err;
+ if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1)) goto err;
+
+ /* Setting certificate request flag if requested. */
+ if (!TS_REQ_set_cert_req(ts_req, cert)) goto err;
+
+ ret = 1;
+ err:
+ if (!ret)
+ {
+ TS_REQ_free(ts_req);
+ ts_req = NULL;
+ BIO_printf(bio_err, "could not create query\n");
+ }
+ TS_MSG_IMPRINT_free(msg_imprint);
+ X509_ALGOR_free(algo);
+ OPENSSL_free(data);
+ ASN1_OBJECT_free(policy_obj);
+ ASN1_INTEGER_free(nonce_asn1);
+ return ts_req;
+ }
+
+static int create_digest(BIO *input, char *digest, const EVP_MD *md,
+ unsigned char **md_value)
+ {
+ int md_value_len;
+
+ md_value_len = EVP_MD_size(md);
+ if (md_value_len < 0)
+ goto err;
+ if (input)
+ {
+ /* Digest must be computed from an input file. */
+ EVP_MD_CTX md_ctx;
+ unsigned char buffer[4096];
+ int length;
+
+ *md_value = OPENSSL_malloc(md_value_len);
+ if (*md_value == 0) goto err;
+
+ EVP_DigestInit(&md_ctx, md);
+ while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0)
+ {
+ EVP_DigestUpdate(&md_ctx, buffer, length);
+ }
+ EVP_DigestFinal(&md_ctx, *md_value, NULL);
+ }
+ else
+ {
+ /* Digest bytes are specified with digest. */
+ long digest_len;
+ *md_value = string_to_hex(digest, &digest_len);
+ if (!*md_value || md_value_len != digest_len)
+ {
+ OPENSSL_free(*md_value);
+ *md_value = NULL;
+ BIO_printf(bio_err, "bad digest, %d bytes "
+ "must be specified\n", md_value_len);
+ goto err;
+ }
+ }
+
+ return md_value_len;
+ err:
+ return 0;
+ }
+
+static ASN1_INTEGER *create_nonce(int bits)
+ {
+ unsigned char buf[20];
+ ASN1_INTEGER *nonce = NULL;
+ int len = (bits - 1) / 8 + 1;
+ int i;
+
+ /* Generating random byte sequence. */
+ if (len > (int)sizeof(buf)) goto err;
+ if (!RAND_bytes(buf, len)) goto err;
+
+ /* Find the first non-zero byte and creating ASN1_INTEGER object. */
+ for (i = 0; i < len && !buf[i]; ++i);
+ if (!(nonce = ASN1_INTEGER_new())) goto err;
+ OPENSSL_free(nonce->data);
+ /* Allocate at least one byte. */
+ nonce->length = len - i;
+ if (!(nonce->data = OPENSSL_malloc(nonce->length + 1))) goto err;
+ memcpy(nonce->data, buf + i, nonce->length);
+
+ return nonce;
+ err:
+ BIO_printf(bio_err, "could not create nonce\n");
+ ASN1_INTEGER_free(nonce);
+ return NULL;
+ }
+/*
+ * Reply-related method definitions.
+ */
+
+static int reply_command(CONF *conf, char *section, char *engine,
+ char *queryfile, char *passin, char *inkey,
+ char *signer, char *chain, const char *policy,
+ char *in, int token_in,
+ char *out, int token_out, int text)
+ {
+ int ret = 0;
+ TS_RESP *response = NULL;
+ BIO *in_bio = NULL;
+ BIO *query_bio = NULL;
+ BIO *inkey_bio = NULL;
+ BIO *signer_bio = NULL;
+ BIO *out_bio = NULL;
+
+ /* Build response object either from response or query. */
+ if (in != NULL)
+ {
+ if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end;
+ if (token_in)
+ {
+ /* We have a ContentInfo (PKCS7) object, add
+ 'granted' status info around it. */
+ response = read_PKCS7(in_bio);
+ }
+ else
+ {
+ /* We have a ready-made TS_RESP object. */
+ response = d2i_TS_RESP_bio(in_bio, NULL);
+ }
+ }
+ else
+ {
+ response = create_response(conf, section, engine, queryfile,
+ passin, inkey, signer, chain,
+ policy);
+ if (response)
+ BIO_printf(bio_err, "Response has been generated.\n");
+ else
+ BIO_printf(bio_err, "Response is not generated.\n");
+ }
+ if (response == NULL) goto end;
+
+ /* Write response either in ASN.1 or text format. */
+ if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL)
+ goto end;
+ if (text)
+ {
+ /* Text output. */
+ if (token_out)
+ {
+ TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
+ if (!TS_TST_INFO_print_bio(out_bio, tst_info)) goto end;
+ }
+ else
+ {
+ if (!TS_RESP_print_bio(out_bio, response)) goto end;
+ }
+ }
+ else
+ {
+ /* ASN.1 DER output. */
+ if (token_out)
+ {
+ PKCS7 *token = TS_RESP_get_token(response);
+ if (!i2d_PKCS7_bio(out_bio, token)) goto end;
+ }
+ else
+ {
+ if (!i2d_TS_RESP_bio(out_bio, response)) goto end;
+ }
+ }
+
+ ret = 1;
+
+ end:
+ ERR_print_errors(bio_err);
+
+ /* Clean up. */
+ BIO_free_all(in_bio);
+ BIO_free_all(query_bio);
+ BIO_free_all(inkey_bio);
+ BIO_free_all(signer_bio);
+ BIO_free_all(out_bio);
+ TS_RESP_free(response);
+
+ return ret;
+ }
+
+/* Reads a PKCS7 token and adds default 'granted' status info to it. */
+static TS_RESP *read_PKCS7(BIO *in_bio)
+ {
+ int ret = 0;
+ PKCS7 *token = NULL;
+ TS_TST_INFO *tst_info = NULL;
+ TS_RESP *resp = NULL;
+ TS_STATUS_INFO *si = NULL;
+
+ /* Read PKCS7 object and extract the signed time stamp info. */
+ if (!(token = d2i_PKCS7_bio(in_bio, NULL))) goto end;
+ if (!(tst_info = PKCS7_to_TS_TST_INFO(token))) goto end;
+
+ /* Creating response object. */
+ if (!(resp = TS_RESP_new())) goto end;
+
+ /* Create granted status info. */
+ if (!(si = TS_STATUS_INFO_new())) goto end;
+ if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED))) goto end;
+ if (!TS_RESP_set_status_info(resp, si)) goto end;
+
+ /* Setting encapsulated token. */
+ TS_RESP_set_tst_info(resp, token, tst_info);
+ token = NULL; /* Ownership is lost. */
+ tst_info = NULL; /* Ownership is lost. */
+
+ ret = 1;
+ end:
+ PKCS7_free(token);
+ TS_TST_INFO_free(tst_info);
+ if (!ret)
+ {
+ TS_RESP_free(resp);
+ resp = NULL;
+ }
+ TS_STATUS_INFO_free(si);
+ return resp;
+ }
+
+static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
+ char *queryfile, char *passin, char *inkey,
+ char *signer, char *chain, const char *policy)
+ {
+ int ret = 0;
+ TS_RESP *response = NULL;
+ BIO *query_bio = NULL;
+ TS_RESP_CTX *resp_ctx = NULL;
+
+ if (!(query_bio = BIO_new_file(queryfile, "rb")))
+ goto end;
+
+ /* Getting TSA configuration section. */
+ if (!(section = TS_CONF_get_tsa_section(conf, section)))
+ goto end;
+
+ /* Setting up response generation context. */
+ if (!(resp_ctx = TS_RESP_CTX_new())) goto end;
+
+ /* Setting serial number provider callback. */
+ if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) goto end;
+#ifndef OPENSSL_NO_ENGINE
+ /* Setting default OpenSSL engine. */
+ if (!TS_CONF_set_crypto_device(conf, section, engine)) goto end;
+#endif
+
+ /* Setting TSA signer certificate. */
+ if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) goto end;
+
+ /* Setting TSA signer certificate chain. */
+ if (!TS_CONF_set_certs(conf, section, chain, resp_ctx)) goto end;
+
+ /* Setting TSA signer private key. */
+ if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
+ goto end;
+
+ /* Setting default policy OID. */
+ if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx)) goto end;
+
+ /* Setting acceptable policy OIDs. */
+ if (!TS_CONF_set_policies(conf, section, resp_ctx)) goto end;
+
+ /* Setting the acceptable one-way hash algorithms. */
+ if (!TS_CONF_set_digests(conf, section, resp_ctx)) goto end;
+
+ /* Setting guaranteed time stamp accuracy. */
+ if (!TS_CONF_set_accuracy(conf, section, resp_ctx)) goto end;
+
+ /* Setting the precision of the time. */
+ if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx))
+ goto end;
+
+ /* Setting the ordering flaf if requested. */
+ if (!TS_CONF_set_ordering(conf, section, resp_ctx)) goto end;
+
+ /* Setting the TSA name required flag if requested. */
+ if (!TS_CONF_set_tsa_name(conf, section, resp_ctx)) goto end;
+
+ /* Setting the ESS cert id chain flag if requested. */
+ if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx)) goto end;
+
+ /* Creating the response. */
+ if (!(response = TS_RESP_create_response(resp_ctx, query_bio)))
+ goto end;
+
+ ret = 1;
+ end:
+ if (!ret)
+ {
+ TS_RESP_free(response);
+ response = NULL;
+ }
+ TS_RESP_CTX_free(resp_ctx);
+ BIO_free_all(query_bio);
+
+ return response;
+ }
+
+static ASN1_INTEGER * MS_CALLBACK serial_cb(TS_RESP_CTX *ctx, void *data)
+ {
+ const char *serial_file = (const char *) data;
+ ASN1_INTEGER *serial = next_serial(serial_file);
+
+ if (!serial)
+ {
+ TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+ "Error during serial number "
+ "generation.");
+ TS_RESP_CTX_add_failure_info(ctx,
+ TS_INFO_ADD_INFO_NOT_AVAILABLE);
+ }
+ else
+ save_ts_serial(serial_file, serial);
+
+ return serial;
+ }
+
+static ASN1_INTEGER *next_serial(const char *serialfile)
+ {
+ int ret = 0;
+ BIO *in = NULL;
+ ASN1_INTEGER *serial = NULL;
+ BIGNUM *bn = NULL;
+
+ if (!(serial = ASN1_INTEGER_new())) goto err;
+
+ if (!(in = BIO_new_file(serialfile, "r")))
+ {
+ ERR_clear_error();
+ BIO_printf(bio_err, "Warning: could not open file %s for "
+ "reading, using serial number: 1\n", serialfile);
+ if (!ASN1_INTEGER_set(serial, 1)) goto err;
+ }
+ else
+ {
+ char buf[1024];
+ if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf)))
+ {
+ BIO_printf(bio_err, "unable to load number from %s\n",
+ serialfile);
+ goto err;
+ }
+ if (!(bn = ASN1_INTEGER_to_BN(serial, NULL))) goto err;
+ ASN1_INTEGER_free(serial);
+ serial = NULL;
+ if (!BN_add_word(bn, 1)) goto err;
+ if (!(serial = BN_to_ASN1_INTEGER(bn, NULL))) goto err;
+ }
+ ret = 1;
+ err:
+ if (!ret)
+ {
+ ASN1_INTEGER_free(serial);
+ serial = NULL;
+ }
+ BIO_free_all(in);
+ BN_free(bn);
+ return serial;
+ }
+
+static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial)
+ {
+ int ret = 0;
+ BIO *out = NULL;
+
+ if (!(out = BIO_new_file(serialfile, "w"))) goto err;
+ if (i2a_ASN1_INTEGER(out, serial) <= 0) goto err;
+ if (BIO_puts(out, "\n") <= 0) goto err;
+ ret = 1;
+ err:
+ if (!ret)
+ BIO_printf(bio_err, "could not save serial number to %s\n",
+ serialfile);
+ BIO_free_all(out);
+ return ret;
+ }
+
+/*
+ * Verify-related method definitions.
+ */
+
+static int verify_command(char *data, char *digest, char *queryfile,
+ char *in, int token_in,
+ char *ca_path, char *ca_file, char *untrusted)
+ {
+ BIO *in_bio = NULL;
+ PKCS7 *token = NULL;
+ TS_RESP *response = NULL;
+ TS_VERIFY_CTX *verify_ctx = NULL;
+ int ret = 0;
+
+ /* Decode the token (PKCS7) or response (TS_RESP) files. */
+ if (!(in_bio = BIO_new_file(in, "rb"))) goto end;
+ if (token_in)
+ {
+ if (!(token = d2i_PKCS7_bio(in_bio, NULL))) goto end;
+ }
+ else
+ {
+ if (!(response = d2i_TS_RESP_bio(in_bio, NULL))) goto end;
+ }
+
+ if (!(verify_ctx = create_verify_ctx(data, digest, queryfile,
+ ca_path, ca_file, untrusted)))
+ goto end;
+
+ /* Checking the token or response against the request. */
+ ret = token_in ?
+ TS_RESP_verify_token(verify_ctx, token) :
+ TS_RESP_verify_response(verify_ctx, response);
+
+ end:
+ printf("Verification: ");
+ if (ret)
+ printf("OK\n");
+ else
+ {
+ printf("FAILED\n");
+ /* Print errors, if there are any. */
+ ERR_print_errors(bio_err);
+ }
+
+ /* Clean up. */
+ BIO_free_all(in_bio);
+ PKCS7_free(token);
+ TS_RESP_free(response);
+ TS_VERIFY_CTX_free(verify_ctx);
+ return ret;
+ }
+
+static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
+ char *queryfile,
+ char *ca_path, char *ca_file,
+ char *untrusted)
+ {
+ TS_VERIFY_CTX *ctx = NULL;
+ BIO *input = NULL;
+ TS_REQ *request = NULL;
+ int ret = 0;
+
+ if (data != NULL || digest != NULL)
+ {
+ if (!(ctx = TS_VERIFY_CTX_new())) goto err;
+ ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER;
+ if (data != NULL)
+ {
+ ctx->flags |= TS_VFY_DATA;
+ if (!(ctx->data = BIO_new_file(data, "rb"))) goto err;
+ }
+ else if (digest != NULL)
+ {
+ long imprint_len;
+ ctx->flags |= TS_VFY_IMPRINT;
+ if (!(ctx->imprint = string_to_hex(digest,
+ &imprint_len)))
+ {
+ BIO_printf(bio_err, "invalid digest string\n");
+ goto err;
+ }
+ ctx->imprint_len = imprint_len;
+ }
+
+ }
+ else if (queryfile != NULL)
+ {
+ /* The request has just to be read, decoded and converted to
+ a verify context object. */
+ if (!(input = BIO_new_file(queryfile, "rb"))) goto err;
+ if (!(request = d2i_TS_REQ_bio(input, NULL))) goto err;
+ if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL))) goto err;
+ }
+ else
+ return NULL;
+
+ /* Add the signature verification flag and arguments. */
+ ctx->flags |= TS_VFY_SIGNATURE;
+
+ /* Initialising the X509_STORE object. */
+ if (!(ctx->store = create_cert_store(ca_path, ca_file))) goto err;
+
+ /* Loading untrusted certificates. */
+ if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted)))
+ goto err;
+
+ ret = 1;
+ err:
+ if (!ret)
+ {
+ TS_VERIFY_CTX_free(ctx);
+ ctx = NULL;
+ }
+ BIO_free_all(input);
+ TS_REQ_free(request);
+ return ctx;
+ }
+
+static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
+ {
+ X509_STORE *cert_ctx = NULL;
+ X509_LOOKUP *lookup = NULL;
+ int i;
+
+ /* Creating the X509_STORE object. */
+ cert_ctx = X509_STORE_new();
+
+ /* Setting the callback for certificate chain verification. */
+ X509_STORE_set_verify_cb_func(cert_ctx, verify_cb);
+
+ /* Adding a trusted certificate directory source. */
+ if (ca_path)
+ {
+ lookup = X509_STORE_add_lookup(cert_ctx,
+ X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
+ i = X509_LOOKUP_add_dir(lookup, ca_path, X509_FILETYPE_PEM);
+ if (!i)
+ {
+ BIO_printf(bio_err, "Error loading directory %s\n",
+ ca_path);
+ goto err;
+ }
+ }
+
+ /* Adding a trusted certificate file source. */
+ if (ca_file)
+ {
+ lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
+ if (lookup == NULL)
+ {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
+ i = X509_LOOKUP_load_file(lookup, ca_file, X509_FILETYPE_PEM);
+ if (!i)
+ {
+ BIO_printf(bio_err, "Error loading file %s\n", ca_file);
+ goto err;
+ }
+ }
+
+ return cert_ctx;
+ err:
+ X509_STORE_free(cert_ctx);
+ return NULL;
+ }
+
+static int MS_CALLBACK verify_cb(int ok, X509_STORE_CTX *ctx)
+ {
+ /*
+ char buf[256];
+
+ if (!ok)
+ {
+ X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
+ buf, sizeof(buf));
+ printf("%s\n", buf);
+ printf("error %d at %d depth lookup: %s\n",
+ ctx->error, ctx->error_depth,
+ X509_verify_cert_error_string(ctx->error));
+ }
+ */
+
+ return ok;
+ }
diff --git a/apps/tsget b/apps/tsget
new file mode 100644
index 0000000..ddae803
--- /dev/null
+++ b/apps/tsget
@@ -0,0 +1,195 @@
+#!/usr/bin/perl -w
+# Written by Zoltan Glozik <zglozik@stones.com>.
+# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
+$::version = '$Id: tsget,v 1.1 2006/02/12 23:11:21 ulf Exp $';
+
+use strict;
+use IO::Handle;
+use Getopt::Std;
+use File::Basename;
+use WWW::Curl::easy;
+
+use vars qw(%options);
+
+# Callback for reading the body.
+sub read_body {
+ my ($maxlength, $state) = @_;
+ my $return_data = "";
+ my $data_len = length ${$state->{data}};
+ if ($state->{bytes} < $data_len) {
+ $data_len = $data_len - $state->{bytes};
+ $data_len = $maxlength if $data_len > $maxlength;
+ $return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
+ $state->{bytes} += $data_len;
+ }
+ return $return_data;
+}
+
+# Callback for writing the body into a variable.
+sub write_body {
+ my ($data, $pointer) = @_;
+ ${$pointer} .= $data;
+ return length($data);
+}
+
+# Initialise a new Curl object.
+sub create_curl {
+ my $url = shift;
+
+ # Create Curl object.
+ my $curl = WWW::Curl::easy::new();
+
+ # Error-handling related options.
+ $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
+ $curl->setopt(CURLOPT_FAILONERROR, 1);
+ $curl->setopt(CURLOPT_USERAGENT, "OpenTSA tsget.pl/" . (split / /, $::version)[2]);
+
+ # Options for POST method.
+ $curl->setopt(CURLOPT_UPLOAD, 1);
+ $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
+ $curl->setopt(CURLOPT_HTTPHEADER,
+ ["Content-Type: application/timestamp-query",
+ "Accept: application/timestamp-reply"]);
+ $curl->setopt(CURLOPT_READFUNCTION, \&read_body);
+ $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
+
+ # Options for getting the result.
+ $curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
+
+ # SSL related options.
+ $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
+ $curl->setopt(CURLOPT_SSL_VERIFYPEER, 1); # Verify server's certificate.
+ $curl->setopt(CURLOPT_SSL_VERIFYHOST, 2); # Check server's CN.
+ $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
+ $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
+ $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
+ $curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
+ $curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
+ $curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
+ $curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
+
+ # Setting destination.
+ $curl->setopt(CURLOPT_URL, $url);
+
+ return $curl;
+}
+
+# Send a request and returns the body back.
+sub get_timestamp {
+ my $curl = shift;
+ my $body = shift;
+ my $ts_body;
+ local $::error_buf;
+
+ # Error-handling related options.
+ $curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
+
+ # Options for POST method.
+ $curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
+ $curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
+
+ # Options for getting the result.
+ $curl->setopt(CURLOPT_FILE, \$ts_body);
+
+ # Send the request...
+ my $error_code = $curl->perform();
+ my $error_string;
+ if ($error_code != 0) {
+ my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
+ $error_string = "could not get timestamp";
+ $error_string .= ", http code: $http_code" unless $http_code == 0;
+ $error_string .= ", curl code: $error_code";
+ $error_string .= " ($::error_buf)" if defined($::error_buf);
+ } else {
+ my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
+ if (lc($ct) ne "application/timestamp-reply") {
+ $error_string = "unexpected content type returned: $ct";
+ }
+ }
+ return ($ts_body, $error_string);
+
+}
+
+# Print usage information and exists.
+sub usage {
+
+ print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
+ print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
+ print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
+ print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
+ exit 1;
+}
+
+# ----------------------------------------------------------------------
+# Main program
+# ----------------------------------------------------------------------
+
+# Getting command-line options (default comes from TSGET environment variable).
+my $getopt_arg = "h:e:o:vdk:p:c:C:P:r:g:";
+if (exists $ENV{TSGET}) {
+ my @old_argv = @ARGV;
+ @ARGV = split /\s+/, $ENV{TSGET};
+ getopts($getopt_arg, \%options) or usage;
+ @ARGV = @old_argv;
+}
+getopts($getopt_arg, \%options) or usage;
+
+# Checking argument consistency.
+if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
+ || (@ARGV > 1 && exists($options{o}))) {
+ print STDERR "Inconsistent command line options.\n";
+ usage;
+}
+# Setting defaults.
+@ARGV = ("-") unless @ARGV != 0;
+$options{e} = ".tsr" unless defined($options{e});
+
+# Processing requests.
+my $curl = create_curl $options{h};
+undef $/; # For reading whole files.
+REQUEST: foreach (@ARGV) {
+ my $input = $_;
+ my ($base, $path) = fileparse($input, '\.[^.]*');
+ my $output_base = $base . $options{e};
+ my $output = defined($options{o}) ? $options{o} : $path . $output_base;
+
+ STDERR->printflush("$input: ") if $options{v};
+ # Read request.
+ my $body;
+ if ($input eq "-") {
+ # Read the request from STDIN;
+ $body = <STDIN>;
+ } else {
+ # Read the request from file.
+ open INPUT, "<" . $input
+ or warn("$input: could not open input file: $!\n"), next REQUEST;
+ $body = <INPUT>;
+ close INPUT
+ or warn("$input: could not close input file: $!\n"), next REQUEST;
+ }
+
+ # Send request.
+ STDERR->printflush("sending request") if $options{v};
+
+ my ($ts_body, $error) = get_timestamp $curl, \$body;
+ if (defined($error)) {
+ die "$input: fatal error: $error\n";
+ }
+ STDERR->printflush(", reply received") if $options{v};
+
+ # Write response.
+ if ($output eq "-") {
+ # Write to STDOUT.
+ print $ts_body;
+ } else {
+ # Write to file.
+ open OUTPUT, ">", $output
+ or warn("$output: could not open output file: $!\n"), next REQUEST;
+ print OUTPUT $ts_body;
+ close OUTPUT
+ or warn("$output: could not close output file: $!\n"), next REQUEST;
+ }
+ STDERR->printflush(", $output written.\n") if $options{v};
+}
+$curl->cleanup();
+WWW::Curl::easy::global_cleanup();
diff --git a/apps/version.c b/apps/version.c
index 69ef3e1..e9555cb 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -167,7 +167,7 @@
date=version=cflags=options=platform=dir=1;
else
{
- BIO_printf(bio_err,"usage:version -[avbofp]\n");
+ BIO_printf(bio_err,"usage:version -[avbofpd]\n");
ret=1;
goto end;
}
diff --git a/apps/x509.c b/apps/x509.c
index d904d34..6debce4 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -114,7 +114,7 @@
" -alias - output certificate alias\n",
" -noout - no certificate output\n",
" -ocspid - print OCSP hash values for the subject name and public key\n",
-" -ocspurl - print OCSP Responder URL(s)\n",
+" -ocsp_uri - print OCSP Responder URL(s)\n",
" -trustout - output a \"trusted\" certificate\n",
" -clrtrust - clear all trusted purposes\n",
" -clrreject - clear all rejected purposes\n",