Import of old SSLeay release: SSLeay 0.8.1b
diff --git a/apps/CA.sh b/apps/CA.sh
new file mode 100644
index 0000000..1942b98
--- /dev/null
+++ b/apps/CA.sh
@@ -0,0 +1,132 @@
+#!/bin/sh
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+# some setup stuff to be done before you can use it and this makes
+# things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request
+# CA -sign ... will sign the generated request and output
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh Added more things ... including CA -signcert which
+# converts a certificate to a request and then signs it.
+# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+# environment variable so this can be driven from
+# a script.
+# 25-Jul-96 eay Cleaned up filenames some more.
+# 11-Jun-96 eay Fixed a few filename missmatches.
+# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# default ssleay.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+DAYS="-days 365"
+REQ="ssleay req $SSLEAY_CONFIG"
+CA="ssleay ca $SSLEAY_CONFIG"
+VERIFY="ssleay verify"
+X509="ssleay x509"
+
+CATOP=./demoCA
+CAKEY=./cakey.pem
+CACERT=./cacert.pem
+
+for i
+do
+case $i in
+-\?|-h|-help)
+ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2
+ exit 0
+ ;;
+-newcert)
+ # create a certificate
+ $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+ RET=$?
+ echo "Certificate (and private key) is in newreq.pem"
+ ;;
+-newreq)
+ # create a certificate request
+ $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+ RET=$?
+ echo "Request (and private key) is in newreq.pem"
+ ;;
+-newca)
+ # if explictly asked for or it doesn't exist then setup the directory
+ # structure that Eric likes to manage things
+ NEW="1"
+ if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
+ # create the directory hierarchy
+ mkdir ${CATOP}
+ mkdir ${CATOP}/certs
+ mkdir ${CATOP}/crl
+ mkdir ${CATOP}/newcerts
+ mkdir ${CATOP}/private
+ echo "01" > ${CATOP}/serial
+ touch ${CATOP}/index.txt
+ fi
+ if [ ! -f ${CATOP}/private/$CAKEY ]; then
+ echo "CA certificate filename (or enter to create)"
+ read FILE
+
+ # ask user for existing CA certificate
+ if [ "$FILE" ]; then
+ cp $FILE ${CATOP}/private/$CAKEY
+ RET=$?
+ else
+ echo "Making CA certificate ..."
+ $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \
+ -out ${CATOP}/$CACERT $DAYS
+ RET=$?
+ fi
+ fi
+ ;;
+-xsign)
+ $CA -policy policy_anything -infiles newreq.pem
+ RET=$?
+ ;;
+-sign|-signreq)
+ $CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+ RET=$?
+ cat newcert.pem
+ echo "Signed certificate is in newcert.pem"
+ ;;
+-signcert)
+ echo "Cert passphrase will be requested twice - bug?"
+ $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+ $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+ cat newcert.pem
+ echo "Signed certificate is in newcert.pem"
+ ;;
+-verify)
+ shift
+ if [ -z "$1" ]; then
+ $VERIFY -CAfile $CATOP/$CACERT newcert.pem
+ RET=$?
+ else
+ for j
+ do
+ $VERIFY -CAfile $CATOP/$CACERT $j
+ if [ $? != 0 ]; then
+ RET=$?
+ fi
+ done
+ fi
+ exit 0
+ ;;
+*)
+ echo "Unknown arg $i";
+ exit 1
+ ;;
+esac
+done
+exit $RET
+
diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl
new file mode 100644
index 0000000..4fac51f
--- /dev/null
+++ b/apps/Makefile.ssl
@@ -0,0 +1,144 @@
+#
+# SSLeay/apps/Makefile.ssl
+#
+
+DIR= apps
+TOP= ..
+CC= cc
+INCLUDES= -I../include
+CFLAG= -g -static
+INSTALLTOP= /usr/local/ssl
+MAKE= make -f Makefile.ssl
+MAKEDEPEND= makedepend -f Makefile.ssl
+MAKEFILE= Makefile.ssl
+RM= /bin/rm -f
+
+PEX_LIBS=
+EX_LIBS=
+
+CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+
+DLIBCRYPTO=../libcrypto.a
+DLIBSSL=../libssl.a
+LIBCRYPTO=-L.. -lcrypto
+LIBSSL=-L.. -lssl
+
+SSLEAY= ssleay
+
+SCRIPTS=CA.sh der_chop
+
+EXE= $(SSLEAY)
+
+E_EXE= verify asn1pars req dgst dh enc gendh gendsa errstr ca crl \
+ rsa dsa dsaparam \
+ x509 genrsa s_server s_client speed \
+ s_time version pkcs7 crl2pkcs7 sess_id ciphers
+
+PROGS= $(SSLEAY).c
+
+A_OBJ=apps.o
+A_SRC=apps.c
+S_OBJ= s_cb.o s_socket.o
+S_SRC= s_cb.c s_socket.c
+
+E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
+ gendsa.o pkcs7.o crl2p7.o crl.o \
+ rsa.o dsa.o dsaparam.o \
+ x509.o genrsa.o s_server.o s_client.o speed.o \
+ s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
+ ciphers.o
+
+# pem_mail.o
+
+E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
+ gendsa.c pkcs7.c crl2p7.c crl.c \
+ rsa.c dsa.c dsaparam.c \
+ x509.c genrsa.c s_server.c s_client.c speed.c \
+ s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
+ ciphers.c
+
+# pem_mail.c
+
+SRC=$(E_SRC)
+
+EXHEADER=
+HEADER= apps.h progs.h s_apps.h \
+ testdsa.h testrsa.h \
+ $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: exe
+
+exe: $(EXE)
+
+req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
+ $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+sreq.o: req.c
+ $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+
+files:
+ perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+install: mklinks
+ @for i in $(EXE) $(SCRIPTS) mklinks; \
+ do \
+ (echo installing $$i; \
+ cp $$i $(INSTALLTOP)/bin/$$i; \
+ chmod 755 $(INSTALLTOP)/bin/$$i ); \
+ done; \
+ cp ssleay.cnf $(INSTALLTOP)/lib
+ chmod 644 $(INSTALLTOP)/lib/ssleay.cnf
+ cd $(INSTALLTOP)/bin; \
+ /bin/sh ./mklinks; \
+ /bin/rm -f ./mklinks
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+links:
+ /bin/rm -f Makefile
+ $(TOP)/util/point.sh Makefile.ssl Makefile ;
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+
+dclean:
+ perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+errors:
+
+clean:
+ /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+ /bin/rm -f req
+
+$(DLIBSSL):
+ (cd ../ssl; $(MAKE))
+
+$(DLIBCRYPTO):
+ (cd ../crypto; $(MAKE))
+
+$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL)
+ $(RM) $(SSLEAY)
+ $(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+
+progs.h:
+ perl ./g_ssleay.pl $(E_EXE) >progs.h
+ $(RM) $(SSLEAY).o
+
+mklinks:
+ perl ./g_ssleay.pl $(E_EXE) >progs.h
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/apps/apps.c b/apps/apps.c
new file mode 100644
index 0000000..7c9510e
--- /dev/null
+++ b/apps/apps.c
@@ -0,0 +1,325 @@
+/* apps/apps.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+
+#ifdef WIN16
+#define APPS_WIN16
+#ifdef FLAT_BUILD
+#include "bss_file.c"
+#else
+#include "../crypto/bio/bss_file.c"
+#endif
+#endif
+
+#ifndef NOPROTO
+int app_init(long mesgwin);
+#else
+int app_init();
+#endif
+
+#ifdef undef /* never finished - probably never will be :-) */
+int args_from_file(file,argc,argv)
+char *file;
+int *argc;
+char **argv[];
+ {
+ FILE *fp;
+ int num,i;
+ unsigned int len;
+ static char *buf=NULL;
+ static char **arg=NULL;
+ char *p;
+ struct stat stbuf;
+
+ if (stat(file,&stbuf) < 0) return(0);
+
+ fp=fopen(file,"r");
+ if (fp == NULL)
+ return(0);
+
+ *argc=0;
+ *argv=NULL;
+
+ len=(unsigned int)stbuf.st_size;
+ if (buf != NULL) Free(buf);
+ buf=(char *)Malloc(len+1);
+ if (buf == NULL) return(0);
+
+ len=fread(buf,1,len,fp);
+ if (len <= 1) return(0);
+ buf[len]='\0';
+
+ i=0;
+ for (p=buf; *p; p++)
+ if (*p == '\n') i++;
+ if (arg != NULL) Free(arg);
+ arg=(char **)Malloc(sizeof(char *)*(i*2));
+
+ *argv=arg;
+ num=0;
+ p=buf;
+ for (;;)
+ {
+ if (!*p) break;
+ if (*p == '#') /* comment line */
+ {
+ while (*p && (*p != '\n')) p++;
+ continue;
+ }
+ /* else we have a line */
+ *(arg++)=p;
+ num++;
+ while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+ p++;
+ if (!*p) break;
+ if (*p == '\n')
+ {
+ *(p++)='\0';
+ continue;
+ }
+ /* else it is a tab or space */
+ p++;
+ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ p++;
+ if (!*p) break;
+ if (*p == '\n')
+ {
+ p++;
+ continue;
+ }
+ *(arg++)=p++;
+ num++;
+ while (*p && (*p != '\n')) p++;
+ if (!*p) break;
+ /* else *p == '\n' */
+ *(p++)='\0';
+ }
+ *argc=num;
+ return(1);
+ }
+#endif
+
+int str2fmt(s)
+char *s;
+ {
+ if ((*s == 'D') || (*s == 'd'))
+ return(FORMAT_ASN1);
+ else if ((*s == 'T') || (*s == 't'))
+ return(FORMAT_TEXT);
+ else if ((*s == 'P') || (*s == 'p'))
+ return(FORMAT_PEM);
+ else if ((*s == 'N') || (*s == 'n'))
+ return(FORMAT_NETSCAPE);
+ else
+ return(FORMAT_UNDEF);
+ }
+
+#if defined(MSDOS) || defined(WIN32) || defined(WIN16)
+void program_name(in,out,size)
+char *in;
+char *out;
+int size;
+ {
+ int i,n;
+ char *p=NULL;
+
+ n=strlen(in);
+ /* find the last '/', '\' or ':' */
+ for (i=n-1; i>0; i--)
+ {
+ if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
+ {
+ p= &(in[i+1]);
+ break;
+ }
+ }
+ if (p == NULL)
+ p=in;
+ n=strlen(p);
+ /* strip off trailing .exe if present. */
+ if ((n > 4) && (p[n-4] == '.') &&
+ ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
+ ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
+ ((p[n-1] == 'e') || (p[n-1] == 'E')))
+ n-=4;
+ if (n > size-1)
+ n=size-1;
+
+ for (i=0; i<n; i++)
+ {
+ if ((p[i] >= 'A') && (p[i] <= 'Z'))
+ out[i]=p[i]-'A'+'a';
+ else
+ out[i]=p[i];
+ }
+ out[n]='\0';
+ }
+#else
+void program_name(in,out,size)
+char *in;
+char *out;
+int size;
+ {
+ char *p;
+
+ p=strrchr(in,'/');
+ if (p != NULL)
+ p++;
+ else
+ p=in;
+ strncpy(out,p,size-1);
+ out[size-1]='\0';
+ }
+#endif
+
+#ifdef WIN32
+int WIN32_rename(from,to)
+char *from;
+char *to;
+ {
+ int ret;
+
+ ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
+ return(ret?0:-1);
+ }
+#endif
+
+int chopup_args(arg,buf,argc,argv)
+ARGS *arg;
+char *buf;
+int *argc;
+char **argv[];
+ {
+ int num,len,i;
+ char *p;
+
+ *argc=0;
+ *argv=NULL;
+
+ len=strlen(buf);
+ i=0;
+ if (arg->count == 0)
+ {
+ arg->count=20;
+ arg->data=(char **)Malloc(sizeof(char *)*arg->count);
+ }
+ for (i=0; i<arg->count; i++)
+ arg->data[i]=NULL;
+
+ num=0;
+ p=buf;
+ for (;;)
+ {
+ /* first scan over white space */
+ if (!*p) break;
+ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ p++;
+ if (!*p) break;
+
+ /* The start of something good :-) */
+ if (num >= arg->count)
+ {
+ arg->count+=20;
+ arg->data=(char **)Realloc(arg->data,
+ sizeof(char *)*arg->count);
+ if (argc == 0) return(0);
+ }
+ arg->data[num++]=p;
+
+ /* now look for the end of this */
+ if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
+ {
+ i= *(p++);
+ arg->data[num-1]++; /* jump over quote */
+ while (*p && (*p != i))
+ p++;
+ *p='\0';
+ }
+ else
+ {
+ while (*p && ((*p != ' ') &&
+ (*p != '\t') && (*p != '\n')))
+ p++;
+
+ if (*p == '\0')
+ p--;
+ else
+ *p='\0';
+ }
+ p++;
+ }
+ *argc=num;
+ *argv=arg->data;
+ return(1);
+ }
+
+#ifndef APP_INIT
+int app_init(mesgwin)
+long mesgwin;
+ {
+ return(1);
+ }
+#endif
diff --git a/apps/apps.h b/apps/apps.h
new file mode 100644
index 0000000..528828c
--- /dev/null
+++ b/apps/apps.h
@@ -0,0 +1,154 @@
+/* apps/apps.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_APPS_H
+#define HEADER_APPS_H
+
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
+
+#include "buffer.h"
+#include "bio.h"
+#include "crypto.h"
+#include "progs.h"
+
+#ifdef WIN16
+BIO_METHOD *BIO_s_file();
+#endif
+
+#ifdef WIN32
+#define rename(from,to) WIN32_rename((from),(to))
+int WIN32_rename(char *oldname,char *newname);
+#endif
+
+#ifndef MONOLITH
+
+#define MAIN(a,v) main(a,v)
+
+#ifndef NON_MAIN
+BIO *bio_err=NULL;
+#else
+extern BIO *bio_err;
+#endif
+
+#else
+
+#define MAIN(a,v) PROG(a,v)
+#include "conf.h"
+extern LHASH *config;
+extern char *default_config_file;
+extern BIO *bio_err;
+
+#endif
+
+#include <signal.h>
+
+#ifdef SIGPIPE
+#define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
+#else
+#define do_pipe_sig()
+#endif
+
+#if defined(MONOLITH) && !defined(SSLEAY)
+# define apps_startup() do_pipe_sig()
+#else
+# if defined(MSDOS) || defined(WIN16) || defined(WIN32)
+# ifdef _O_BINARY
+# define apps_startup() \
+ _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ SSLeay_add_all_algorithms()
+# else
+# define apps_startup() \
+ _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ SSLeay_add_all_algorithms()
+# endif
+# else
+# define apps_startup() do_pipe_sig(); SSLeay_add_all_algorithms();
+# endif
+#endif
+
+typedef struct args_st
+ {
+ char **data;
+ int count;
+ } ARGS;
+
+#ifndef NOPROTO
+int should_retry(int i);
+int args_from_file(char *file, int *argc, char **argv[]);
+int str2fmt(char *s);
+void program_name(char *in,char *out,int size);
+int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
+#else
+int should_retry();
+int args_from_file();
+int str2fmt();
+void program_name();
+int chopup_args();
+#endif
+
+#define FORMAT_UNDEF 0
+#define FORMAT_ASN1 1
+#define FORMAT_TEXT 2
+#define FORMAT_PEM 3
+#define FORMAT_NETSCAPE 4
+
+#endif
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
new file mode 100644
index 0000000..111e282
--- /dev/null
+++ b/apps/asn1pars.c
@@ -0,0 +1,219 @@
+/* apps/asn1pars.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "err.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+
+#define FORMAT_UNDEF 0
+#define FORMAT_ASN1 1
+#define FORMAT_TEXT 2
+#define FORMAT_PEM 3
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -in arg - input file - default stdin
+ * -i - indent the details by depth
+ * -offset - where in the file to start
+ * -length - how many bytes to use
+ */
+
+#undef PROG
+#define PROG asn1parse_main
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int i,badops=0,offset=0,ret=1;
+ unsigned int length=0;
+ long num;
+ BIO *in=NULL,*out=NULL,*b64=NULL;
+ int informat,indent=0;
+ char *infile,*str=NULL,*prog;
+ BUF_MEM *buf=NULL;
+
+ infile=NULL;
+ informat=FORMAT_PEM;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-i") == 0)
+ {
+ indent=1;
+ }
+ else if (strcmp(*argv,"-offset") == 0)
+ {
+ if (--argc < 1) goto bad;
+ offset= atoi(*(++argv));
+ }
+ else if (strcmp(*argv,"-length") == 0)
+ {
+ if (--argc < 1) goto bad;
+ length= atoi(*(++argv));
+ if (length == 0) goto bad;
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -in arg inout file\n");
+ BIO_printf(bio_err," -offset arg offset into file\n");
+ BIO_printf(bio_err," -length arg lenth of section in file\n");
+ BIO_printf(bio_err," -i indent entries\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if ((buf=BUF_MEM_new()) == NULL) goto end;
+ if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
+
+ if (informat == FORMAT_PEM)
+ {
+ BIO *tmp;
+
+ if ((b64=BIO_new(BIO_f_base64())) == NULL)
+ goto end;
+ BIO_push(b64,in);
+ tmp=in;
+ in=b64;
+ b64=tmp;
+ }
+
+ num=0;
+ for (;;)
+ {
+ if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
+ i=BIO_read(in,&(buf->data[num]),BUFSIZ);
+ if (i <= 0) break;
+ num+=i;
+ }
+ str=buf->data;
+
+ if (length == 0) length=(unsigned int)num;
+ if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (b64 != NULL) BIO_free(b64);
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (buf != NULL) BUF_MEM_free(buf);
+ EXIT(ret);
+ }
+
diff --git a/apps/bss_file.c b/apps/bss_file.c
new file mode 100644
index 0000000..9aa71f9
--- /dev/null
+++ b/apps/bss_file.c
@@ -0,0 +1,324 @@
+/* crypto/bio/bss_file.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define APPS_WIN16
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "bio.h"
+#include "err.h"
+
+#ifndef NOPROTO
+static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
+static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
+static int MS_CALLBACK file_puts(BIO *h,char *str);
+static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
+static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int MS_CALLBACK file_new(BIO *h);
+static int MS_CALLBACK file_free(BIO *data);
+#else
+static int MS_CALLBACK file_write();
+static int MS_CALLBACK file_read();
+static int MS_CALLBACK file_puts();
+static int MS_CALLBACK file_gets();
+static long MS_CALLBACK file_ctrl();
+static int MS_CALLBACK file_new();
+static int MS_CALLBACK file_free();
+#endif
+
+static BIO_METHOD methods_filep=
+ {
+ BIO_TYPE_FILE,"FILE pointer",
+ file_write,
+ file_read,
+ file_puts,
+ file_gets,
+ file_ctrl,
+ file_new,
+ file_free,
+ };
+
+BIO *BIO_new_file(filename,mode)
+char *filename;
+char *mode;
+ {
+ BIO *ret;
+ FILE *file;
+
+ if ((file=fopen(filename,mode)) == NULL)
+ {
+ SYSerr(SYS_F_FOPEN,errno);
+ BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+ return(NULL);
+ }
+ if ((ret=BIO_new_fp(file,BIO_CLOSE)) == NULL)
+ {
+ fclose(file);
+ return(NULL);
+ }
+ return(ret);
+ }
+
+BIO *BIO_new_fp(stream,close_flag)
+FILE *stream;
+int close_flag;
+ {
+ BIO *ret;
+
+ if ((ret=BIO_new(BIO_s_file())) == NULL)
+ return(NULL);
+ BIO_set_fp(ret,stream,close_flag);
+ return(ret);
+ }
+
+#if !defined(WIN16) || defined(APPS_WIN16)
+
+BIO_METHOD *BIO_s_file()
+ {
+ return(&methods_filep);
+ }
+
+#else
+
+BIO_METHOD *BIO_s_file_internal_w16()
+ {
+ return(&methods_filep);
+ }
+
+#endif
+
+static int MS_CALLBACK file_new(bi)
+BIO *bi;
+ {
+ bi->init=0;
+ bi->num=0;
+ bi->ptr=NULL;
+ return(1);
+ }
+
+static int MS_CALLBACK file_free(a)
+BIO *a;
+ {
+ if (a == NULL) return(0);
+ if (a->shutdown)
+ {
+ if ((a->init) && (a->ptr != NULL))
+ {
+ fclose((FILE *)a->ptr);
+ a->ptr=NULL;
+ }
+ a->init=0;
+ }
+ return(1);
+ }
+
+static int MS_CALLBACK file_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+ {
+ int ret=0;
+
+ if (b->init && (out != NULL))
+ {
+ ret=fread(out,1,(int)outl,(FILE *)b->ptr);
+ }
+ return(ret);
+ }
+
+static int MS_CALLBACK file_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+ {
+ int ret=0;
+
+ if (b->init && (in != NULL))
+ {
+ if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
+ ret=inl;
+ /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+ /* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
+ * out version above can cause 'inl' write calls under
+ * some stupid stdio implementations (VMS) */
+ }
+ return(ret);
+ }
+
+static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+ {
+ long ret=1;
+ FILE *fp=(FILE *)b->ptr;
+ FILE **fpp;
+ char p[4];
+
+ switch (cmd)
+ {
+ case BIO_CTRL_RESET:
+ ret=(long)fseek(fp,num,0);
+ break;
+ case BIO_CTRL_EOF:
+ ret=(long)feof(fp);
+ break;
+ case BIO_CTRL_INFO:
+ ret=ftell(fp);
+ break;
+ case BIO_C_SET_FILE_PTR:
+ file_free(b);
+ b->shutdown=(int)num;
+ b->ptr=(char *)ptr;
+ b->init=1;
+ break;
+ case BIO_C_SET_FILENAME:
+ file_free(b);
+ b->shutdown=(int)num&BIO_CLOSE;
+ if (num & BIO_FP_APPEND)
+ {
+ if (num & BIO_FP_READ)
+ strcpy(p,"a+");
+ else strcpy(p,"a");
+ }
+ else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+ strcpy(p,"r+");
+ else if (num & BIO_FP_WRITE)
+ strcpy(p,"w");
+ else if (num & BIO_FP_READ)
+ strcpy(p,"r");
+ else
+ {
+ BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
+ ret=0;
+ break;
+ }
+#if defined(MSDOS) || defined(WINDOWS)
+ if (!(num & BIO_FP_TEXT))
+ strcat(p,"b");
+ else
+ strcat(p,"t");
+#endif
+ fp=fopen(ptr,p);
+ if (fp == NULL)
+ {
+ SYSerr(SYS_F_FOPEN,errno);
+ BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
+ ret=0;
+ break;
+ }
+ b->ptr=(char *)fp;
+ b->init=1;
+ break;
+ case BIO_C_GET_FILE_PTR:
+ /* the ptr parameter is actually a FILE ** in this case. */
+ if (ptr != NULL)
+ {
+ fpp=(FILE **)ptr;
+ *fpp=(FILE *)b->ptr;
+ }
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret=(long)b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown=(int)num;
+ break;
+ case BIO_CTRL_FLUSH:
+ fflush((FILE *)b->ptr);
+ break;
+ case BIO_CTRL_DUP:
+ ret=1;
+ break;
+
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_PUSH:
+ case BIO_CTRL_POP:
+ default:
+ ret=0;
+ break;
+ }
+ return(ret);
+ }
+
+static int MS_CALLBACK file_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+ {
+ int ret=0;
+
+ buf[0]='\0';
+ fgets(buf,size,(FILE *)bp->ptr);
+ if (buf[0] != '\0')
+ ret=strlen(buf);
+ return(ret);
+ }
+
+static int MS_CALLBACK file_puts(bp,str)
+BIO *bp;
+char *str;
+ {
+ int n,ret;
+
+ n=strlen(str);
+ ret=file_write(bp,str,n);
+ return(ret);
+ }
+
diff --git a/apps/c512-key.pem b/apps/c512-key.pem
new file mode 100644
index 0000000..a1ea82e
--- /dev/null
+++ b/apps/c512-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
+q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
+/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
+HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
+ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
+nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
+ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
+-----END RSA PRIVATE KEY-----
diff --git a/apps/c512-req.pem b/apps/c512-req.pem
new file mode 100644
index 0000000..e8d0fea
--- /dev/null
+++ b/apps/c512-req.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
+MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0
+IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i
+2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs6
+2NNtXrT8odkCAwEAATANBgkqhkiG9w0BAQQFAANBAC5JBTeji7RosqMaUIDzIW13
+oO6+kPhx9fXSpMFHIsY3aH92Milkov/2A4SuZTcnv/P6+8klmS0EaiUKcRzak4E=
+-----END CERTIFICATE REQUEST-----
diff --git a/apps/ca-cert.srl b/apps/ca-cert.srl
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/apps/ca-cert.srl
@@ -0,0 +1 @@
+03
diff --git a/apps/ca-key.pem b/apps/ca-key.pem
new file mode 100644
index 0000000..3a520b2
--- /dev/null
+++ b/apps/ca-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
diff --git a/apps/ca-req.pem b/apps/ca-req.pem
new file mode 100644
index 0000000..77bf7ec
--- /dev/null
+++ b/apps/ca-req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
+MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
+bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
+FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
+cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
+cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
+5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
+kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
+-----END CERTIFICATE REQUEST-----
diff --git a/apps/ca.c b/apps/ca.c
new file mode 100644
index 0000000..3e10d6c
--- /dev/null
+++ b/apps/ca.c
@@ -0,0 +1,1916 @@
+/* apps/ca.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "bn.h"
+#include "txt_db.h"
+#include "evp.h"
+#include "x509.h"
+#include "objects.h"
+#include "pem.h"
+#include "conf.h"
+
+#ifndef W_OK
+#include <sys/file.h>
+#endif
+
+#undef PROG
+#define PROG ca_main
+
+#define BASE_SECTION "ca"
+#define CONFIG_FILE "lib/ssleay.cnf"
+
+#define ENV_DEFAULT_CA "default_ca"
+
+#define ENV_DIR "dir"
+#define ENV_CERTS "certs"
+#define ENV_CRL_DIR "crl_dir"
+#define ENV_CA_DB "CA_DB"
+#define ENV_NEW_CERTS_DIR "new_certs_dir"
+#define ENV_CERTIFICATE "certificate"
+#define ENV_SERIAL "serial"
+#define ENV_CRL "crl"
+#define ENV_PRIVATE_KEY "private_key"
+#define ENV_RANDFILE "RANDFILE"
+#define ENV_DEFAULT_DAYS "default_days"
+#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
+#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
+#define ENV_DEFAULT_MD "default_md"
+#define ENV_PRESERVE "preserve"
+#define ENV_POLICY "policy"
+#define ENV_EXTENSIONS "x509_extensions"
+#define ENV_MSIE_HACK "msie_hack"
+
+#define ENV_DATABASE "database"
+
+#define DB_type 0
+#define DB_exp_date 1
+#define DB_rev_date 2
+#define DB_serial 3 /* index - unique */
+#define DB_file 4
+#define DB_name 5 /* index - unique for active */
+#define DB_NUMBER 6
+
+#define DB_TYPE_REV 'R'
+#define DB_TYPE_EXP 'E'
+#define DB_TYPE_VAL 'V'
+
+static char *ca_usage[]={
+"usage: ca args\n",
+"\n",
+" -verbose - Talk alot while doing things\n",
+" -config file - A config file\n",
+" -name arg - The particular CA definition to use\n",
+" -gencrl - Generate a new CRL\n",
+" -crldays days - Days is when the next CRL is due\n",
+" -crlhours hours - Hours is when the next CRL is due\n",
+" -days arg - number of days to certify the certificate for\n",
+" -md arg - md to use, one of md2, md5, sha or sha1\n",
+" -policy arg - The CA 'policy' to support\n",
+" -keyfile arg - PEM private key file\n",
+" -key arg - key to decode the private key if it is encrypted\n",
+" -cert - The CA certificate\n",
+" -in file - The input PEM encoded certificate request(s)\n",
+" -out file - Where to put the output file(s)\n",
+" -outdir dir - Where to put output certificates\n",
+" -infiles .... - The last argument, requests to process\n",
+" -spkac file - File contains DN and signed public key and challenge\n",
+" -preserveDN - Don't re-order the DN\n",
+" -batch - Don't ask questions\n",
+" -msie_hack - msie modifications to handle all thos universal strings\n",
+NULL
+};
+
+#ifdef EFENCE
+extern int EF_PROTECT_FREE;
+extern int EF_PROTECT_BELOW;
+extern int EF_ALIGNMENT;
+#endif
+
+#ifndef NOPROTO
+static STACK *load_extensions(char *section);
+static void lookup_fail(char *name,char *tag);
+static int MS_CALLBACK key_callback(char *buf,int len,int verify);
+static unsigned long index_serial_hash(char **a);
+static int index_serial_cmp(char **a, char **b);
+static unsigned long index_name_hash(char **a);
+static int index_name_qual(char **a);
+static int index_name_cmp(char **a,char **b);
+static BIGNUM *load_serial(char *serialfile);
+static int save_serial(char *serialfile, BIGNUM *serial);
+static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+ EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,int days,
+ int batch, STACK *extensions,int verbose);
+static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
+ EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,int days,
+ STACK *extensions,int verbose);
+static int fix_data(int nid, int *type);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
+ STACK *policy, TXT_DB *db, BIGNUM *serial, int days, int batch,
+ int verbose, X509_REQ *req, STACK *extensions);
+static int check_time_format(char *str);
+#else
+static STACK *load_extensions();
+static void lookup_fail();
+static int MS_CALLBACK key_callback();
+static unsigned long index_serial_hash();
+static int index_serial_cmp();
+static unsigned long index_name_hash();
+static int index_name_qual();
+static int index_name_cmp();
+static int fix_data();
+static BIGNUM *load_serial();
+static int save_serial();
+static int certify();
+static int certify_spkac();
+static void write_new_certificate();
+static int do_body();
+static int check_time_format();
+#endif
+
+static LHASH *conf;
+static char *key=NULL;
+static char *section=NULL;
+
+static int preserve=0;
+static int msie_hack=0;
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int total=0;
+ int total_done=0;
+ int badops=0;
+ int ret=1;
+ int req=0;
+ int verbose=0;
+ int gencrl=0;
+ long crldays=0;
+ long crlhours=0;
+ long errorline= -1;
+ char *configfile=NULL;
+ char *md=NULL;
+ char *policy=NULL;
+ char *keyfile=NULL;
+ char *certfile=NULL;
+ char *infile=NULL;
+ char *spkac_file=NULL;
+ EVP_PKEY *pkey=NULL;
+ int output_der = 0;
+ char *outfile=NULL;
+ char *outdir=NULL;
+ char *serialfile=NULL;
+ char *extensions=NULL;
+ BIGNUM *serial=NULL;
+ int days=0;
+ int batch=0;
+ X509 *x509=NULL;
+ X509 *x=NULL;
+ BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
+ char *dbfile=NULL;
+ TXT_DB *db=NULL;
+ X509_CRL *crl=NULL;
+ X509_CRL_INFO *ci=NULL;
+ X509_REVOKED *r=NULL;
+ char **pp,*p,*f;
+ int i,j;
+ long l;
+ EVP_MD *dgst=NULL;
+ STACK *attribs=NULL;
+ STACK *extensions_sk=NULL;
+ STACK *cert_sk=NULL;
+ BIO *hex=NULL;
+#undef BSIZE
+#define BSIZE 256
+ MS_STATIC char buf[3][BSIZE];
+
+#ifdef EFENCE
+EF_PROTECT_FREE=1;
+EF_PROTECT_BELOW=1;
+EF_ALIGNMENT=0;
+#endif
+
+ apps_startup();
+
+ X509v3_add_netscape_extensions();
+
+ preserve=0;
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-verbose") == 0)
+ verbose=1;
+ else if (strcmp(*argv,"-config") == 0)
+ {
+ if (--argc < 1) goto bad;
+ configfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-name") == 0)
+ {
+ if (--argc < 1) goto bad;
+ section= *(++argv);
+ }
+ else if (strcmp(*argv,"-days") == 0)
+ {
+ if (--argc < 1) goto bad;
+ days=atoi(*(++argv));
+ }
+ else if (strcmp(*argv,"-md") == 0)
+ {
+ if (--argc < 1) goto bad;
+ md= *(++argv);
+ }
+ else if (strcmp(*argv,"-policy") == 0)
+ {
+ if (--argc < 1) goto bad;
+ policy= *(++argv);
+ }
+ else if (strcmp(*argv,"-keyfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ key= *(++argv);
+ }
+ else if (strcmp(*argv,"-cert") == 0)
+ {
+ if (--argc < 1) goto bad;
+ certfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ req=1;
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-outdir") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outdir= *(++argv);
+ }
+ else if (strcmp(*argv,"-batch") == 0)
+ batch=1;
+ else if (strcmp(*argv,"-preserveDN") == 0)
+ preserve=1;
+ else if (strcmp(*argv,"-gencrl") == 0)
+ gencrl=1;
+ else if (strcmp(*argv,"-msie_hack") == 0)
+ msie_hack=1;
+ else if (strcmp(*argv,"-crldays") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crldays= atol(*(++argv));
+ }
+ else if (strcmp(*argv,"-crlhours") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crlhours= atol(*(++argv));
+ }
+ else if (strcmp(*argv,"-infiles") == 0)
+ {
+ argc--;
+ argv++;
+ req=1;
+ break;
+ }
+ else if (strcmp(*argv, "-spkac") == 0)
+ {
+ if (--argc < 1) goto bad;
+ spkac_file = *(++argv);
+ req=1;
+ }
+ else
+ {
+bad:
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+ for (pp=ca_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,*pp);
+ goto err;
+ }
+
+ ERR_load_crypto_strings();
+
+ /*****************************************************************/
+ if (configfile == NULL)
+ {
+ /* We will just use 'buf[0]' as a temporary buffer. */
+ strncpy(buf[0],X509_get_default_cert_area(),
+ sizeof(buf[0])-2-sizeof(CONFIG_FILE));
+ strcat(buf[0],"/");
+ strcat(buf[0],CONFIG_FILE);
+ configfile=buf[0];
+ }
+
+ BIO_printf(bio_err,"Using configuration from %s\n",configfile);
+ if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+ {
+ if (errorline <= 0)
+ BIO_printf(bio_err,"error loading the config file '%s'\n",
+ configfile);
+ else
+ BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
+ ,errorline,configfile);
+ goto err;
+ }
+
+ /* Lets get the config section we are using */
+ if (section == NULL)
+ {
+ section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+ if (section == NULL)
+ {
+ lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
+ goto err;
+ }
+ }
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ Sout=BIO_new(BIO_s_file());
+ Cout=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we definitly need an public key, so lets get it */
+
+ if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+ section,ENV_PRIVATE_KEY)) == NULL))
+ {
+ lookup_fail(section,ENV_PRIVATE_KEY);
+ goto err;
+ }
+ if (BIO_read_filename(in,keyfile) <= 0)
+ {
+ perror(keyfile);
+ BIO_printf(bio_err,"trying to load CA private key\n");
+ goto err;
+ }
+ if (key == NULL)
+ pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
+ else
+ {
+ pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback);
+ memset(key,0,strlen(key));
+ }
+ if (pkey == NULL)
+ {
+ BIO_printf(bio_err,"unable to load CA private key\n");
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we need a certificate */
+ if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+ section,ENV_CERTIFICATE)) == NULL))
+ {
+ lookup_fail(section,ENV_CERTIFICATE);
+ goto err;
+ }
+ if (BIO_read_filename(in,certfile) <= 0)
+ {
+ perror(certfile);
+ BIO_printf(bio_err,"trying to load CA certificate\n");
+ goto err;
+ }
+ x509=PEM_read_bio_X509(in,NULL,NULL);
+ if (x509 == NULL)
+ {
+ BIO_printf(bio_err,"unable to load CA certificate\n");
+ goto err;
+ }
+
+ f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+ if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+ preserve=1;
+ f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+ if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+ msie_hack=1;
+
+ /*****************************************************************/
+ /* lookup where to write new certificates */
+ if ((outdir == NULL) && (req))
+ {
+ struct stat sb;
+
+ if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+ == NULL)
+ {
+ BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
+ goto err;
+ }
+ if (access(outdir,R_OK|W_OK|X_OK) != 0)
+ {
+ BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir);
+ perror(outdir);
+ goto err;
+ }
+
+ if (stat(outdir,&sb) != 0)
+ {
+ BIO_printf(bio_err,"unable to stat(%s)\n",outdir);
+ perror(outdir);
+ goto err;
+ }
+ if (!(sb.st_mode & S_IFDIR))
+ {
+ BIO_printf(bio_err,"%s need to be a directory\n",outdir);
+ perror(outdir);
+ goto err;
+ }
+ }
+
+ /*****************************************************************/
+ /* we need to load the database file */
+ if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ {
+ lookup_fail(section,ENV_DATABASE);
+ goto err;
+ }
+ if (BIO_read_filename(in,dbfile) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+ goto err;
+ }
+ db=TXT_DB_read(in,DB_NUMBER);
+ if (db == NULL) goto err;
+
+ /* Lets check some fields */
+ for (i=0; i<sk_num(db->data); i++)
+ {
+ pp=(char **)sk_value(db->data,i);
+ if ((pp[DB_type][0] != DB_TYPE_REV) &&
+ (pp[DB_rev_date][0] != '\0'))
+ {
+ BIO_printf(bio_err,"entry %d: not, revoked yet has a revokation date\n",i+1);
+ goto err;
+ }
+ if ((pp[DB_type][0] == DB_TYPE_REV) &&
+ !check_time_format(pp[DB_rev_date]))
+ {
+ BIO_printf(bio_err,"entry %d: invalid revokation date\n",
+ i+1);
+ goto err;
+ }
+ if (!check_time_format(pp[DB_exp_date]))
+ {
+ BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
+ goto err;
+ }
+ p=pp[DB_serial];
+ j=strlen(p);
+ if ((j&1) || (j < 2))
+ {
+ BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
+ goto err;
+ }
+ while (*p)
+ {
+ if (!( ((*p >= '0') && (*p <= '9')) ||
+ ((*p >= 'A') && (*p <= 'F')) ||
+ ((*p >= 'a') && (*p <= 'f'))) )
+ {
+ BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p);
+ goto err;
+ }
+ p++;
+ }
+ }
+ if (verbose)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE); /* cannot fail */
+ TXT_DB_write(out,db);
+ BIO_printf(bio_err,"%d entries loaded from the database\n",
+ db->data->num);
+ BIO_printf(bio_err,"generating indexs\n");
+ }
+
+ if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
+ index_serial_cmp))
+ {
+ BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2);
+ goto err;
+ }
+
+ if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash,
+ index_name_cmp))
+ {
+ BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
+ db->error,db->arg1,db->arg2);
+ goto err;
+ }
+
+ /*****************************************************************/
+ if (req || gencrl)
+ {
+ if (outfile != NULL)
+ {
+
+ if (BIO_write_filename(Sout,outfile) <= 0)
+ {
+ perror(outfile);
+ goto err;
+ }
+ }
+ else
+ BIO_set_fp(Sout,stdout,BIO_NOCLOSE);
+ }
+
+ if (req)
+ {
+ if ((md == NULL) && ((md=CONF_get_string(conf,
+ section,ENV_DEFAULT_MD)) == NULL))
+ {
+ lookup_fail(section,ENV_DEFAULT_MD);
+ goto err;
+ }
+ if ((dgst=EVP_get_digestbyname(md)) == NULL)
+ {
+ BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+ goto err;
+ }
+ if (verbose)
+ BIO_printf(bio_err,"message digest is %s\n",
+ OBJ_nid2ln(dgst->type));
+ if ((policy == NULL) && ((policy=CONF_get_string(conf,
+ section,ENV_POLICY)) == NULL))
+ {
+ lookup_fail(section,ENV_POLICY);
+ goto err;
+ }
+ if (verbose)
+ BIO_printf(bio_err,"policy is %s\n",policy);
+
+ if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+ == NULL)
+ {
+ lookup_fail(section,ENV_SERIAL);
+ goto err;
+ }
+
+ if ((extensions=CONF_get_string(conf,section,ENV_EXTENSIONS))
+ != NULL)
+ {
+ if ((extensions_sk=load_extensions(extensions)) == NULL)
+ goto err;
+ }
+
+ if (days == 0)
+ {
+ days=(int)CONF_get_number(conf,section,
+ ENV_DEFAULT_DAYS);
+ }
+ if (days == 0)
+ {
+ BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
+ goto err;
+ }
+
+ if ((serial=load_serial(serialfile)) == NULL)
+ {
+ BIO_printf(bio_err,"error while loading serial number\n");
+ goto err;
+ }
+ if (verbose)
+ {
+ if ((f=BN_bn2ascii(serial)) == NULL) goto err;
+ BIO_printf(bio_err,"next serial number is %s\n",f);
+ Free(f);
+ }
+
+ if ((attribs=CONF_get_section(conf,policy)) == NULL)
+ {
+ BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
+ goto err;
+ }
+
+ if ((cert_sk=sk_new_null()) == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ if (spkac_file != NULL)
+ {
+ total++;
+ j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
+ serial,days,extensions_sk,verbose);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_push(cert_sk,(char *)x))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ if (outfile)
+ {
+ output_der = 1;
+ batch = 1;
+ }
+ }
+ }
+ if (infile != NULL)
+ {
+ total++;
+ j=certify(&x,infile,pkey,x509,dgst,attribs,db,
+ serial,days,batch,extensions_sk,verbose);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_push(cert_sk,(char *)x))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ }
+ }
+ for (i=0; i<argc; i++)
+ {
+ total++;
+ j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
+ serial,days,batch,extensions_sk,verbose);
+ if (j < 0) goto err;
+ if (j > 0)
+ {
+ total_done++;
+ BIO_printf(bio_err,"\n");
+ if (!BN_add_word(serial,1)) goto err;
+ if (!sk_push(cert_sk,(char *)x))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ }
+ }
+ /* we have a stack of newly certified certificates
+ * and a data base and serial number that need
+ * updating */
+
+ if (sk_num(cert_sk) > 0)
+ {
+ if (!batch)
+ {
+ BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
+ BIO_flush(bio_err);
+ buf[0][0]='\0';
+ fgets(buf[0],10,stdin);
+ if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
+ {
+ BIO_printf(bio_err,"CERTIFICATION CANCELED\n");
+ ret=0;
+ goto err;
+ }
+ }
+
+ BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));
+
+ strncpy(buf[0],serialfile,BSIZE-4);
+ strcat(buf[0],".new");
+
+ if (!save_serial(buf[0],serial)) goto err;
+
+ strncpy(buf[1],dbfile,BSIZE-4);
+ strcat(buf[1],".new");
+ if (BIO_write_filename(out,buf[1]) <= 0)
+ {
+ perror(dbfile);
+ BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+ goto err;
+ }
+ l=TXT_DB_write(out,db);
+ if (l <= 0) goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err,"writing new certificates\n");
+ for (i=0; i<sk_num(cert_sk); i++)
+ {
+ int k;
+ unsigned char *n;
+
+ x=(X509 *)sk_value(cert_sk,i);
+
+ j=x->cert_info->serialNumber->length;
+ p=(char *)x->cert_info->serialNumber->data;
+
+ strncpy(buf[2],outdir,BSIZE-(j*2)-6);
+ strcat(buf[2],"/");
+ n=(unsigned char *)&(buf[2][strlen(buf[2])]);
+ if (j > 0)
+ {
+ for (k=0; k<j; k++)
+ {
+ sprintf((char *)n,"%02X",*(p++));
+ n+=2;
+ }
+ }
+ else
+ {
+ *(n++)='0';
+ *(n++)='0';
+ }
+ *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m';
+ *n='\0';
+ if (verbose)
+ BIO_printf(bio_err,"writing %s\n",buf[2]);
+
+ if (BIO_write_filename(Cout,buf[2]) <= 0)
+ {
+ perror(buf[2]);
+ goto err;
+ }
+ write_new_certificate(Cout,x, 0);
+ write_new_certificate(Sout,x, output_der);
+ }
+
+ if (sk_num(cert_sk))
+ {
+ /* Rename the database and the serial file */
+ strncpy(buf[2],serialfile,BSIZE-4);
+ strcat(buf[2],".old");
+ BIO_free(in);
+ BIO_free(out);
+ in=NULL;
+ out=NULL;
+ if (rename(serialfile,buf[2]) < 0)
+ {
+ BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ serialfile,buf[2]);
+ perror("reason");
+ goto err;
+ }
+ if (rename(buf[0],serialfile) < 0)
+ {
+ BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ buf[0],serialfile);
+ perror("reason");
+ rename(buf[2],serialfile);
+ goto err;
+ }
+
+ strncpy(buf[2],dbfile,BSIZE-4);
+ strcat(buf[2],".old");
+ if (rename(dbfile,buf[2]) < 0)
+ {
+ BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ dbfile,buf[2]);
+ perror("reason");
+ goto err;
+ }
+ if (rename(buf[1],dbfile) < 0)
+ {
+ BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ buf[1],dbfile);
+ perror("reason");
+ rename(buf[2],dbfile);
+ goto err;
+ }
+ BIO_printf(bio_err,"Data Base Updated\n");
+ }
+ }
+
+ /*****************************************************************/
+ if (gencrl)
+ {
+ if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err;
+
+ if (!crldays && !crlhours)
+ {
+ crldays=CONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_DAYS);
+ crlhours=CONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_HOURS);
+ }
+ if ((crldays == 0) && (crlhours == 0))
+ {
+ BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
+ goto err;
+ }
+
+ if (verbose) BIO_printf(bio_err,"making CRL\n");
+ if ((crl=X509_CRL_new()) == NULL) goto err;
+ ci=crl->crl;
+ X509_NAME_free(ci->issuer);
+ ci->issuer=X509_NAME_dup(x509->cert_info->subject);
+ if (ci->issuer == NULL) goto err;
+
+ X509_gmtime_adj(ci->lastUpdate,0);
+ X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
+
+ for (i=0; i<sk_num(db->data); i++)
+ {
+ pp=(char **)sk_value(db->data,i);
+ if (pp[DB_type][0] == DB_TYPE_REV)
+ {
+ if ((r=X509_REVOKED_new()) == NULL) goto err;
+ ASN1_STRING_set((ASN1_STRING *)
+ r->revocationDate,
+ (unsigned char *)pp[DB_rev_date],
+ strlen(pp[DB_rev_date]));
+ /* strcpy(r->revocationDate,pp[DB_rev_date]);*/
+
+ BIO_reset(hex);
+ if (!BIO_puts(hex,pp[DB_serial]))
+ goto err;
+ if (!a2i_ASN1_INTEGER(hex,r->serialNumber,
+ buf[0],BSIZE)) goto err;
+
+ sk_push(ci->revoked,(char *)r);
+ }
+ }
+ /* sort the data so it will be written in serial
+ * number order */
+ sk_find(ci->revoked,NULL);
+ for (i=0; i<sk_num(ci->revoked); i++)
+ {
+ r=(X509_REVOKED *)sk_value(ci->revoked,i);
+ r->sequence=i;
+ }
+
+ /* we how have a CRL */
+ if (verbose) BIO_printf(bio_err,"signing CRL\n");
+ if (md != NULL)
+ {
+ if ((dgst=EVP_get_digestbyname(md)) == NULL)
+ {
+ BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+ goto err;
+ }
+ }
+ else
+ dgst=EVP_md5();
+ if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
+
+ PEM_write_bio_X509_CRL(Sout,crl);
+ }
+ /*****************************************************************/
+ ret=0;
+err:
+ if (hex != NULL) BIO_free(hex);
+ if (Cout != NULL) BIO_free(Cout);
+ if (Sout != NULL) BIO_free(Sout);
+ if (out != NULL) BIO_free(out);
+ if (in != NULL) BIO_free(in);
+
+ if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free);
+ if (extensions_sk != NULL)
+ sk_pop_free(extensions_sk,X509_EXTENSION_free);
+
+ if (ret) ERR_print_errors(bio_err);
+ if (serial != NULL) BN_free(serial);
+ if (db != NULL) TXT_DB_free(db);
+ if (pkey != NULL) EVP_PKEY_free(pkey);
+ if (x509 != NULL) X509_free(x509);
+ if (crl != NULL) X509_CRL_free(crl);
+ if (conf != NULL) CONF_free(conf);
+ X509v3_cleanup_extensions();
+ EXIT(ret);
+ }
+
+static void lookup_fail(name,tag)
+char *name;
+char *tag;
+ {
+ BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
+ }
+
+static int MS_CALLBACK key_callback(buf,len,verify)
+char *buf;
+int len,verify;
+ {
+ int i;
+
+ if (key == NULL) return(0);
+ i=strlen(key);
+ i=(i > len)?len:i;
+ memcpy(buf,key,i);
+ return(i);
+ }
+
+static unsigned long index_serial_hash(a)
+char **a;
+ {
+ char *n;
+
+ n=a[DB_serial];
+ while (*n == '0') n++;
+ return(lh_strhash(n));
+ }
+
+static int index_serial_cmp(a,b)
+char **a;
+char **b;
+ {
+ char *aa,*bb;
+
+ for (aa=a[DB_serial]; *aa == '0'; aa++);
+ for (bb=b[DB_serial]; *bb == '0'; bb++);
+ return(strcmp(aa,bb));
+ }
+
+static unsigned long index_name_hash(a)
+char **a;
+ { return(lh_strhash(a[DB_name])); }
+
+static int index_name_qual(a)
+char **a;
+ { return(a[0][0] == 'V'); }
+
+static int index_name_cmp(a,b)
+char **a;
+char **b;
+ { return(strcmp(a[DB_name],b[DB_name])); }
+
+static BIGNUM *load_serial(serialfile)
+char *serialfile;
+ {
+ BIO *in=NULL;
+ BIGNUM *ret=NULL;
+ MS_STATIC char buf[1024];
+ ASN1_INTEGER *ai=NULL;
+
+ if ((in=BIO_new(BIO_s_file())) == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ if (BIO_read_filename(in,serialfile) <= 0)
+ {
+ perror(serialfile);
+ goto err;
+ }
+ ai=ASN1_INTEGER_new();
+ if (ai == NULL) goto err;
+ if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
+ {
+ BIO_printf(bio_err,"unable to load number from %s\n",
+ serialfile);
+ goto err;
+ }
+ ret=ASN1_INTEGER_to_BN(ai,NULL);
+ if (ret == NULL)
+ {
+ BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+ goto err;
+ }
+err:
+ if (in != NULL) BIO_free(in);
+ if (ai != NULL) ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
+static int save_serial(serialfile,serial)
+char *serialfile;
+BIGNUM *serial;
+ {
+ BIO *out;
+ int ret=0;
+ ASN1_INTEGER *ai=NULL;
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_write_filename(out,serialfile) <= 0)
+ {
+ perror(serialfile);
+ goto err;
+ }
+
+ if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
+ goto err;
+ }
+ i2a_ASN1_INTEGER(out,ai);
+ BIO_puts(out,"\n");
+ ret=1;
+err:
+ if (out != NULL) BIO_free(out);
+ if (ai != NULL) ASN1_INTEGER_free(ai);
+ return(ret);
+ }
+
+static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,days,
+ batch,extensions,verbose)
+X509 **xret;
+char *infile;
+EVP_PKEY *pkey;
+X509 *x509;
+EVP_MD *dgst;
+STACK *policy;
+TXT_DB *db;
+BIGNUM *serial;
+int days;
+int batch;
+STACK *extensions;
+int verbose;
+ {
+ X509_REQ *req=NULL;
+ BIO *in=NULL;
+ EVP_PKEY *pktmp=NULL;
+ int ok= -1,i;
+
+ in=BIO_new(BIO_s_file());
+
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto err;
+ }
+ if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"Error reading certificate request in %s\n",
+ infile);
+ goto err;
+ }
+ if (verbose)
+ X509_REQ_print(bio_err,req);
+
+ BIO_printf(bio_err,"Check that the request matches the signature\n");
+
+ if ( (req->req_info == NULL) ||
+ (req->req_info->pubkey == NULL) ||
+ (req->req_info->pubkey->public_key == NULL) ||
+ (req->req_info->pubkey->public_key->data == NULL))
+ {
+ BIO_printf(bio_err,"The certificate request appears to corrupted\n");
+ BIO_printf(bio_err,"It does not contain a public key\n");
+ goto err;
+ }
+ if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
+ {
+ BIO_printf(bio_err,"error unpacking public key\n");
+ goto err;
+ }
+ i=X509_REQ_verify(req,pktmp);
+ if (i < 0)
+ {
+ ok=0;
+ BIO_printf(bio_err,"Signature verification problems....\n");
+ goto err;
+ }
+ if (i == 0)
+ {
+ ok=0;
+ BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ goto err;
+ }
+ else
+ BIO_printf(bio_err,"Signature ok\n");
+
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,days,batch,verbose,req,
+ extensions);
+
+err:
+ if (req != NULL) X509_REQ_free(req);
+ if (in != NULL) BIO_free(in);
+ return(ok);
+ }
+
+static int do_body(xret,pkey,x509,dgst,policy,db,serial,days,batch,verbose,req,
+ extensions)
+X509 **xret;
+EVP_PKEY *pkey;
+X509 *x509;
+EVP_MD *dgst;
+STACK *policy;
+TXT_DB *db;
+BIGNUM *serial;
+int days;
+int batch;
+int verbose;
+X509_REQ *req;
+STACK *extensions;
+ {
+ X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
+ ASN1_UTCTIME *tm;
+ ASN1_STRING *str,*str2;
+ ASN1_OBJECT *obj;
+ X509 *ret=NULL;
+ X509_CINF *ci;
+ X509_NAME_ENTRY *ne;
+ X509_NAME_ENTRY *tne,*push;
+ X509_EXTENSION *ex=NULL;
+ EVP_PKEY *pktmp;
+ int ok= -1,i,j,last,nid;
+ char *p;
+ CONF_VALUE *cv;
+ char *row[DB_NUMBER],**rrow,**irow=NULL;
+ char buf[25],*pbuf;
+
+ for (i=0; i<DB_NUMBER; i++)
+ row[i]=NULL;
+
+ BIO_printf(bio_err,"The Subjects Distinguished Name is as follows\n");
+ name=X509_REQ_get_subject_name(req);
+ for (i=0; i<X509_NAME_entry_count(name); i++)
+ {
+ ne=(X509_NAME_ENTRY *)X509_NAME_get_entry(name,i);
+ obj=X509_NAME_ENTRY_get_object(ne);
+ j=i2a_ASN1_OBJECT(bio_err,obj);
+ str=X509_NAME_ENTRY_get_data(ne);
+ pbuf=buf;
+ for (j=22-j; j>0; j--)
+ *(pbuf++)=' ';
+ *(pbuf++)=':';
+ *(pbuf++)='\0';
+ BIO_puts(bio_err,buf);
+
+ if (msie_hack)
+ {
+ /* assume all type should be strings */
+ nid=OBJ_obj2nid(ne->object);
+
+ if (str->type == V_ASN1_UNIVERSALSTRING)
+ ASN1_UNIVERSALSTRING_to_string(str);
+
+ if ((str->type == V_ASN1_IA5STRING) &&
+ (nid != NID_pkcs9_emailAddress))
+ str->type=V_ASN1_T61STRING;
+
+ if ((nid == NID_pkcs9_emailAddress) &&
+ (str->type == V_ASN1_PRINTABLESTRING))
+ str->type=V_ASN1_IA5STRING;
+ }
+
+ if (str->type == V_ASN1_PRINTABLESTRING)
+ BIO_printf(bio_err,"PRINTABLE:'");
+ else if (str->type == V_ASN1_T61STRING)
+ BIO_printf(bio_err,"T61STRING:'");
+ else if (str->type == V_ASN1_IA5STRING)
+ BIO_printf(bio_err,"IA5STRING:'");
+ else if (str->type == V_ASN1_UNIVERSALSTRING)
+ BIO_printf(bio_err,"UNIVERSALSTRING:'");
+ else
+ BIO_printf(bio_err,"ASN.1 %2d:'",str->type);
+
+ /* check some things */
+ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
+ (str->type != V_ASN1_IA5STRING))
+ {
+ BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
+ goto err;
+ }
+ j=ASN1_PRINTABLE_type(str->data,str->length);
+ if ( ((j == V_ASN1_T61STRING) &&
+ (str->type != V_ASN1_T61STRING)) ||
+ ((j == V_ASN1_IA5STRING) &&
+ (str->type == V_ASN1_PRINTABLESTRING)))
+ {
+ BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
+ goto err;
+ }
+
+ p=(char *)str->data;
+ for (j=str->length; j>0; j--)
+ {
+ if ((*p >= ' ') && (*p <= '~'))
+ BIO_printf(bio_err,"%c",*p);
+ else if (*p & 0x80)
+ BIO_printf(bio_err,"\\0x%02X",*p);
+ else if ((unsigned char)*p == 0xf7)
+ BIO_printf(bio_err,"^?");
+ else BIO_printf(bio_err,"^%c",*p+'@');
+ p++;
+ }
+ BIO_printf(bio_err,"'\n");
+ }
+
+ /* Ok, now we check the 'policy' stuff. */
+ if ((subject=X509_NAME_new()) == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+
+ /* take a copy of the issuer name before we mess with it. */
+ CAname=X509_NAME_dup(x509->cert_info->subject);
+ if (CAname == NULL) goto err;
+ str=str2=NULL;
+
+ for (i=0; i<sk_num(policy); i++)
+ {
+ cv=(CONF_VALUE *)sk_value(policy,i); /* get the object id */
+ if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
+ {
+ BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
+ goto err;
+ }
+ obj=OBJ_nid2obj(j);
+
+ last= -1;
+ for (;;)
+ {
+ /* lookup the object in the supplied name list */
+ j=X509_NAME_get_index_by_OBJ(name,obj,last);
+ if (j < 0)
+ {
+ if (last != -1) break;
+ tne=NULL;
+ }
+ else
+ {
+ tne=X509_NAME_get_entry(name,j);
+ }
+ last=j;
+
+ /* depending on the 'policy', decide what to do. */
+ push=NULL;
+ if (strcmp(cv->value,"optional") == 0)
+ {
+ if (tne != NULL)
+ push=tne;
+ }
+ else if (strcmp(cv->value,"supplied") == 0)
+ {
+ if (tne == NULL)
+ {
+ BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name);
+ goto err;
+ }
+ else
+ push=tne;
+ }
+ else if (strcmp(cv->value,"match") == 0)
+ {
+ int last2;
+
+ if (tne == NULL)
+ {
+ BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name);
+ goto err;
+ }
+
+ last2= -1;
+
+again2:
+ j=X509_NAME_get_index_by_OBJ(CAname,obj,last2);
+ if ((j < 0) && (last2 == -1))
+ {
+ BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name);
+ goto err;
+ }
+ if (j >= 0)
+ {
+ push=X509_NAME_get_entry(CAname,j);
+ str=X509_NAME_ENTRY_get_data(tne);
+ str2=X509_NAME_ENTRY_get_data(push);
+ last2=j;
+ if (ASN1_STRING_cmp(str,str2) != 0)
+ goto again2;
+ }
+ if (j < 0)
+ {
+ BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data));
+ goto err;
+ }
+ }
+ else
+ {
+ BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value);
+ goto err;
+ }
+
+ if (push != NULL)
+ {
+ if (!X509_NAME_add_entry(subject,push,
+ X509_NAME_entry_count(subject),0))
+ {
+ if (push != NULL)
+ X509_NAME_ENTRY_free(push);
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ }
+ if (j < 0) break;
+ }
+ }
+
+ if (preserve)
+ {
+ X509_NAME_free(subject);
+ subject=X509_NAME_dup(X509_REQ_get_subject_name(req));
+ if (subject == NULL) goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
+
+ row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+ row[DB_serial]=BN_bn2ascii(serial);
+ if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+
+ rrow=TXT_DB_get_by_index(db,DB_name,row);
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n",
+ row[DB_name]);
+ }
+ else
+ {
+ rrow=TXT_DB_get_by_index(db,DB_serial,row);
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
+ row[DB_serial]);
+ BIO_printf(bio_err," check the database/serial_file for corruption\n");
+ }
+ }
+
+ if (rrow != NULL)
+ {
+ BIO_printf(bio_err,
+ "The matching entry has the following details\n");
+ if (rrow[DB_type][0] == 'E')
+ p="Expired";
+ else if (rrow[DB_type][0] == 'R')
+ p="Revoked";
+ else if (rrow[DB_type][0] == 'V')
+ p="Valid";
+ else
+ p="\ninvalid type, Data base error\n";
+ BIO_printf(bio_err,"Type :%s\n",p);;
+ if (rrow[DB_type][0] == 'R')
+ {
+ p=rrow[DB_exp_date]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Was revoked on:%s\n",p);
+ }
+ p=rrow[DB_exp_date]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Expires on :%s\n",p);
+ p=rrow[DB_serial]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Serial Number :%s\n",p);
+ p=rrow[DB_file]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"File name :%s\n",p);
+ p=rrow[DB_name]; if (p == NULL) p="undef";
+ BIO_printf(bio_err,"Subject Name :%s\n",p);
+ ok= -1; /* This is now a 'bad' error. */
+ goto err;
+ }
+
+ /* We are now totaly happy, lets make and sign the certificate */
+ if (verbose)
+ BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
+
+ if ((ret=X509_new()) == NULL) goto err;
+ ci=ret->cert_info;
+
+#ifdef X509_V3
+ /* Make it an X509 v3 certificate. */
+ if (!X509_set_version(x509,2)) goto err;
+#endif
+
+ if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
+ goto err;
+ if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
+ goto err;
+
+ BIO_printf(bio_err,"Certificate is to be certified until ");
+ X509_gmtime_adj(X509_get_notBefore(ret),0);
+ X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
+ ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+ BIO_printf(bio_err," (%d days)\n",days);
+
+ if (!X509_set_subject_name(ret,subject)) goto err;
+
+ pktmp=X509_REQ_get_pubkey(req);
+ if (!X509_set_pubkey(ret,pktmp)) goto err;
+
+ /* Lets add the extensions, if there are any */
+ if ((extensions != NULL) && (sk_num(extensions) > 0))
+ {
+ if (ci->version == NULL)
+ if ((ci->version=ASN1_INTEGER_new()) == NULL)
+ goto err;
+ ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
+
+ /* Free the current entries if any, there should not
+ * be any I belive */
+ if (ci->extensions != NULL)
+ sk_pop_free(ci->extensions,X509_EXTENSION_free);
+
+ if ((ci->extensions=sk_new_null()) == NULL)
+ goto err;
+
+ /* Lets 'copy' in the new ones */
+ for (i=0; i<sk_num(extensions); i++)
+ {
+ ex=X509_EXTENSION_dup((X509_EXTENSION *)
+ sk_value(extensions,i));
+ if (ex == NULL) goto err;
+ if (!sk_push(ci->extensions,(char *)ex)) goto err;
+ }
+ }
+
+
+ if (!batch)
+ {
+ BIO_printf(bio_err,"Sign the certificate? [y/n]:");
+ BIO_flush(bio_err);
+ buf[0]='\0';
+ fgets(buf,sizeof(buf)-1,stdin);
+ if (!((buf[0] == 'y') || (buf[0] == 'Y')))
+ {
+ BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
+ ok=0;
+ goto err;
+ }
+ }
+
+#ifndef NO_DSA
+ pktmp=X509_get_pubkey(ret);
+ if (EVP_PKEY_missing_parameters(pktmp) &&
+ !EVP_PKEY_missing_parameters(pkey))
+ EVP_PKEY_copy_parameters(pktmp,pkey);
+#endif
+
+ if (!X509_sign(ret,pkey,dgst))
+ goto err;
+
+ /* We now just add it to the database */
+ row[DB_type]=(char *)Malloc(2);
+
+ tm=X509_get_notAfter(ret);
+ row[DB_exp_date]=(char *)Malloc(tm->length+1);
+ memcpy(row[DB_exp_date],tm->data,tm->length);
+ row[DB_exp_date][tm->length]='\0';
+
+ row[DB_rev_date]=NULL;
+
+ /* row[DB_serial] done already */
+ row[DB_file]=(char *)Malloc(8);
+ /* row[DB_name] done already */
+
+ if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+ (row[DB_file] == NULL))
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ strcpy(row[DB_file],"unknown");
+ row[DB_type][0]='V';
+ row[DB_type][1]='\0';
+
+ if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+
+ for (i=0; i<DB_NUMBER; i++)
+ {
+ irow[i]=row[i];
+ row[i]=NULL;
+ }
+ irow[DB_NUMBER]=NULL;
+
+ if (!TXT_DB_insert(db,irow))
+ {
+ BIO_printf(bio_err,"failed to update database\n");
+ BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
+ goto err;
+ }
+ ok=1;
+err:
+ for (i=0; i<DB_NUMBER; i++)
+ if (row[i] != NULL) Free(row[i]);
+
+ if (CAname != NULL)
+ X509_NAME_free(CAname);
+ if (subject != NULL)
+ X509_NAME_free(subject);
+ if (ok <= 0)
+ {
+ if (ret != NULL) X509_free(ret);
+ ret=NULL;
+ }
+ else
+ *xret=ret;
+ return(ok);
+ }
+
+static void write_new_certificate(bp,x, output_der)
+BIO *bp;
+X509 *x;
+int output_der;
+ {
+ char *f;
+ char buf[256];
+
+ if (output_der)
+ {
+ (void)i2d_X509_bio(bp,x);
+ return;
+ }
+
+ f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+ BIO_printf(bp,"issuer :%s\n",f);
+
+ f=X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+ BIO_printf(bp,"subject:%s\n",f);
+
+ BIO_puts(bp,"serial :");
+ i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
+ BIO_puts(bp,"\n\n");
+ X509_print(bp,x);
+ BIO_puts(bp,"\n");
+ PEM_write_bio_X509(bp,x);
+ BIO_puts(bp,"\n");
+ }
+
+static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,days,
+ extensions,verbose)
+X509 **xret;
+char *infile;
+EVP_PKEY *pkey;
+X509 *x509;
+EVP_MD *dgst;
+STACK *policy;
+TXT_DB *db;
+BIGNUM *serial;
+int days;
+STACK *extensions;
+int verbose;
+ {
+ STACK *sk=NULL;
+ LHASH *parms=NULL;
+ X509_REQ *req=NULL;
+ CONF_VALUE *cv=NULL;
+ NETSCAPE_SPKI *spki = NULL;
+ unsigned char *spki_der = NULL,*p;
+ X509_REQ_INFO *ri;
+ char *type,*buf;
+ EVP_PKEY *pktmp=NULL;
+ X509_NAME *n=NULL;
+ X509_NAME_ENTRY *ne=NULL;
+ int ok= -1,i,j;
+ long errline;
+ int nid;
+
+ /*
+ * Load input file into a hash table. (This is just an easy
+ * way to read and parse the file, then put it into a convenient
+ * STACK format).
+ */
+ parms=CONF_load(NULL,infile,&errline);
+ if (parms == NULL)
+ {
+ BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile);
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ sk=CONF_get_section(parms, "default");
+ if (sk_num(sk) == 0)
+ {
+ BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
+ CONF_free(parms);
+ goto err;
+ }
+
+ /*
+ * Now create a dummy X509 request structure. We don't actually
+ * have an X509 request, but we have many of the components
+ * (a public key, various DN components). The idea is that we
+ * put these components into the right X509 request structure
+ * and we can use the same code as if you had a real X509 request.
+ */
+ req=X509_REQ_new();
+ if (req == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /*
+ * Build up the subject name set.
+ */
+ ri=req->req_info;
+ n = ri->subject;
+
+ for (i = 0; ; i++)
+ {
+ if ((int)sk_num(sk) <= i) break;
+
+ cv=(CONF_VALUE *)sk_value(sk,i);
+ type=cv->name;
+ buf=cv->value;
+
+ if ((nid=OBJ_txt2nid(type)) == NID_undef)
+ {
+ if (strcmp(type, "SPKAC") == 0)
+ {
+ spki_der=(unsigned char *)Malloc(
+ strlen(cv->value)+1);
+ if (spki_der == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto err;
+ }
+ j = EVP_DecodeBlock(spki_der, (unsigned char *)cv->value,
+ strlen(cv->value));
+ if (j <= 0)
+ {
+ BIO_printf(bio_err, "Can't b64 decode SPKAC structure\n");
+ goto err;
+ }
+
+ p=spki_der;
+ spki = d2i_NETSCAPE_SPKI(&spki, &p, j);
+ Free(spki_der);
+ spki_der = NULL;
+ if (spki == NULL)
+ {
+ BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ }
+ continue;
+ }
+
+ j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
+ if (fix_data(nid, &j) == 0)
+ {
+ BIO_printf(bio_err,
+ "invalid characters in string %s\n",buf);
+ goto err;
+ }
+
+ if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
+ (unsigned char *)buf,
+ strlen(buf))) == NULL)
+ goto err;
+
+ if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
+ goto err;
+ }
+ if (spki == NULL)
+ {
+ BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n",
+ infile);
+ goto err;
+ }
+
+ /*
+ * Now extract the key from the SPKI structure.
+ */
+
+ BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");
+
+ if ((pktmp=X509_PUBKEY_get(spki->spkac->pubkey)) == NULL)
+ {
+ BIO_printf(bio_err,"error unpacking SPKAC public key\n");
+ goto err;
+ }
+
+ j = NETSCAPE_SPKI_verify(spki, pktmp);
+ if (j <= 0)
+ {
+ BIO_printf(bio_err,"signature verification failed on SPKAC public key\n");
+ goto err;
+ }
+ BIO_printf(bio_err,"Signature ok\n");
+
+ X509_REQ_set_pubkey(req,pktmp);
+ ok=do_body(xret,pkey,x509,dgst,policy,db,serial,days,1,verbose,req,
+ extensions);
+err:
+ if (req != NULL) X509_REQ_free(req);
+ if (parms != NULL) CONF_free(parms);
+ if (spki_der != NULL) Free(spki_der);
+ if (spki != NULL) NETSCAPE_SPKI_free(spki);
+ if (ne != NULL) X509_NAME_ENTRY_free(ne);
+
+ return(ok);
+ }
+
+static int fix_data(nid,type)
+int nid;
+int *type;
+ {
+ if (nid == NID_pkcs9_emailAddress)
+ *type=V_ASN1_IA5STRING;
+ if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
+ *type=V_ASN1_T61STRING;
+ if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
+ *type=V_ASN1_T61STRING;
+ if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))
+ return(0);
+ if (nid == NID_pkcs9_unstructuredName)
+ *type=V_ASN1_IA5STRING;
+ return(1);
+ }
+
+
+static STACK *load_extensions(sec)
+char *sec;
+ {
+ STACK *ext;
+ STACK *ret=NULL;
+ CONF_VALUE *cv;
+ ASN1_OCTET_STRING *str=NULL;
+ ASN1_STRING *tmp=NULL;
+ X509_EXTENSION *x;
+ BIO *mem=NULL;
+ BUF_MEM *buf=NULL;
+ int i,nid,len;
+ unsigned char *ptr;
+ int pack_type;
+ int data_type;
+
+ if ((ext=CONF_get_section(conf,sec)) == NULL)
+ {
+ BIO_printf(bio_err,"unable to find extension section called '%s'\n",sec);
+ return(NULL);
+ }
+
+ if ((ret=sk_new_null()) == NULL) return(NULL);
+
+ for (i=0; i<sk_num(ext); i++)
+ {
+ cv=(CONF_VALUE *)sk_value(ext,i); /* get the object id */
+ if ((nid=OBJ_txt2nid(cv->name)) == NID_undef)
+ {
+ BIO_printf(bio_err,"%s:unknown object type in section, '%s'\n",sec,cv->name);
+ goto err;
+ }
+
+ pack_type=X509v3_pack_type_by_NID(nid);
+ data_type=X509v3_data_type_by_NID(nid);
+
+ /* pack up the input bytes */
+ ptr=(unsigned char *)cv->value;
+ len=strlen((char *)ptr);
+ if ((len > 2) && (cv->value[0] == '0') &&
+ (cv->value[1] == 'x'))
+ {
+ if (data_type == V_ASN1_UNDEF)
+ {
+ BIO_printf(bio_err,"data type for extension %s is unknown\n",cv->name);
+ goto err;
+ }
+ if (mem == NULL)
+ if ((mem=BIO_new(BIO_s_mem())) == NULL)
+ goto err;
+ if (((buf=BUF_MEM_new()) == NULL) ||
+ !BUF_MEM_grow(buf,128))
+ goto err;
+ if ((tmp=ASN1_STRING_new()) == NULL) goto err;
+
+ BIO_reset(mem);
+ BIO_write(mem,(char *)&(ptr[2]),len-2);
+ if (!a2i_ASN1_STRING(mem,tmp,buf->data,buf->max))
+ goto err;
+ len=tmp->length;
+ ptr=tmp->data;
+ }
+
+ switch (pack_type)
+ {
+ case X509_EXT_PACK_STRING:
+ if ((str=X509v3_pack_string(&str,
+ data_type,ptr,len)) == NULL)
+ goto err;
+ break;
+ case X509_EXT_PACK_UNKNOWN:
+ default:
+ BIO_printf(bio_err,"Don't know how to pack extension %s\n",cv->name);
+ goto err;
+ break;
+ }
+
+ if ((x=X509_EXTENSION_create_by_NID(NULL,nid,0,str)) == NULL)
+ goto err;
+ sk_push(ret,(char *)x);
+ }
+
+ if (0)
+ {
+err:
+ if (ret != NULL) sk_pop_free(ret,X509_EXTENSION_free);
+ ret=NULL;
+ }
+ if (str != NULL) ASN1_OCTET_STRING_free(str);
+ if (tmp != NULL) ASN1_STRING_free(tmp);
+ if (buf != NULL) BUF_MEM_free(buf);
+ if (mem != NULL) BIO_free(mem);
+ return(ret);
+ }
+
+static int check_time_format(str)
+char *str;
+ {
+ ASN1_UTCTIME tm;
+
+ tm.data=(unsigned char *)str;
+ tm.length=strlen(str);
+ tm.type=V_ASN1_UTCTIME;
+ return(ASN1_UTCTIME_check(&tm));
+ }
+
diff --git a/apps/ciphers.c b/apps/ciphers.c
new file mode 100644
index 0000000..16ff2b4
--- /dev/null
+++ b/apps/ciphers.c
@@ -0,0 +1,191 @@
+/* apps/ciphers.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include "err.h"
+#include "ssl.h"
+
+#undef PROG
+#define PROG ciphers_main
+
+static char *ciphers_usage[]={
+"usage: ciphers args\n",
+" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
+" -ssl2 - SSL2 mode\n",
+" -ssl3 - SSL3 mode\n",
+NULL
+};
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int ret=1,i;
+ int verbose=0;
+ char **pp,*p;
+ int badops=0;
+ SSL_CTX *ctx=NULL;
+ SSL *ssl=NULL;
+ char *ciphers=NULL;
+ SSL_METHOD *meth=NULL;
+ STACK *sk;
+ char buf[512];
+ BIO *STDout=NULL;
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+ meth=SSLv23_server_method();
+#elif !defined(NO_SSL3)
+ meth=SSLv3_server_method();
+#elif !defined(NO_SSL2)
+ meth=SSLv2_server_method();
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-v") == 0)
+ verbose=1;
+#ifndef NO_SSL2
+ else if (strcmp(*argv,"-ssl2") == 0)
+ meth=SSLv2_client_method();
+#endif
+#ifndef NO_SSL3
+ else if (strcmp(*argv,"-ssl3") == 0)
+ meth=SSLv3_client_method();
+#endif
+ else if ((strncmp(*argv,"-h",2) == 0) ||
+ (strcmp(*argv,"-?") == 0))
+ {
+ badops=1;
+ break;
+ }
+ else
+ {
+ ciphers= *argv;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+ for (pp=ciphers_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,*pp);
+ goto end;
+ }
+
+ SSLeay_add_ssl_algorithms();
+
+ ctx=SSL_CTX_new(meth);
+ if (ctx == NULL) goto err;
+ if (ciphers != NULL)
+ SSL_CTX_set_cipher_list(ctx,ciphers);
+ ssl=SSL_new(ctx);
+ if (ssl == NULL) goto err;
+
+
+ if (!verbose)
+ {
+ for (i=0; ; i++)
+ {
+ p=SSL_get_cipher_list(ssl,i);
+ if (p == NULL) break;
+ if (i != 0) BIO_printf(STDout,":");
+ BIO_printf(STDout,"%s",p);
+ }
+ BIO_printf(STDout,"\n");
+ }
+ else
+ {
+ sk=SSL_get_ciphers(ssl);
+
+ for (i=0; i<sk_num(sk); i++)
+ {
+ BIO_puts(STDout,SSL_CIPHER_description(
+ (SSL_CIPHER *)sk_value(sk,i),
+ buf,512));
+ }
+ }
+
+ ret=0;
+ if (0)
+ {
+err:
+ SSL_load_error_strings();
+ ERR_print_errors(bio_err);
+ }
+end:
+ if (ctx != NULL) SSL_CTX_free(ctx);
+ if (ssl != NULL) SSL_free(ssl);
+ if (STDout != NULL) BIO_free(STDout);
+ EXIT(ret);
+ }
+
diff --git a/apps/client.pem b/apps/client.pem
new file mode 100644
index 0000000..307910e
--- /dev/null
+++ b/apps/client.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5
+MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw
+Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt
+XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5
+NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3
+UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE
+9TKwhS4GlwbtCfxSKQ==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
+q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
+/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
+HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
+ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
+nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
+ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
+-----END RSA PRIVATE KEY-----
diff --git a/apps/crl.c b/apps/crl.c
new file mode 100644
index 0000000..9642ee5
--- /dev/null
+++ b/apps/crl.c
@@ -0,0 +1,330 @@
+/* apps/crl.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "x509.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG crl_main
+
+#undef POSTFIX
+#define POSTFIX ".rvk"
+
+#define FORMAT_UNDEF 0
+#define FORMAT_ASN1 1
+#define FORMAT_TEXT 2
+#define FORMAT_PEM 3
+
+static char *crl_usage[]={
+"usage: crl args\n",
+"\n",
+" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n",
+" -outform arg - output format - default PEM\n",
+" -text - print out a text format version\n",
+" -in arg - input file - default stdin\n",
+" -out arg - output file - default stdout\n",
+" -hash - print hash value\n",
+" -issuer - print issuer DN\n",
+" -lastupdate - lastUpdate field\n",
+" -nextupdate - nextUpdate field\n",
+" -noout - no CRL output\n",
+NULL
+};
+
+#ifndef NOPROTO
+static X509_CRL *load_crl(char *file, int format);
+#else
+static X509_CRL *load_crl();
+#endif
+
+static BIO *bio_out=NULL;
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ X509_CRL *x=NULL;
+ int ret=1,i,num,badops=0;
+ BIO *out=NULL;
+ int informat,outformat;
+ char *infile=NULL,*outfile=NULL;
+ char *str=NULL;
+ int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
+ char **pp,buf[256];
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ if (bio_out == NULL)
+ if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ argc--;
+ argv++;
+ num=0;
+ while (argc >= 1)
+ {
+#ifdef undef
+ if (strcmp(*argv,"-p") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
+ }
+#endif
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-text") == 0)
+ {
+ outformat=FORMAT_TEXT;
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-hash") == 0)
+ hash= ++num;
+ else if (strcmp(*argv,"-issuer") == 0)
+ issuer= ++num;
+ else if (strcmp(*argv,"-lastupdate") == 0)
+ lastupdate= ++num;
+ else if (strcmp(*argv,"-nextupdate") == 0)
+ nextupdate= ++num;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout= ++num;
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (outformat == FORMAT_TEXT)
+ {
+ num=0;
+ issuer= ++num;
+ lastupdate= ++num;
+ nextupdate= ++num;
+ }
+
+ if (badops)
+ {
+bad:
+ for (pp=crl_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,*pp);
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ x=load_crl(infile,informat);
+ if (x == NULL) { goto end; }
+
+ if (num)
+ {
+ for (i=1; i<=num; i++)
+ {
+ if (issuer == i)
+ {
+ X509_NAME_oneline(x->crl->issuer,buf,256);
+ fprintf(stdout,"issuer= %s\n",str);
+ }
+
+ if (hash == i)
+ {
+ fprintf(stdout,"%08lx\n",
+ X509_NAME_hash(x->crl->issuer));
+ }
+ if (lastupdate == i)
+ {
+ fprintf(stdout,"lastUpdate=");
+ ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
+ fprintf(stdout,"\n");
+ }
+ if (nextupdate == i)
+ {
+ fprintf(stdout,"nextUpdate=");
+ ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+ fprintf(stdout,"\n");
+ }
+ }
+ }
+
+ if (noout) goto end;
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (outformat == FORMAT_ASN1)
+ i=(int)i2d_X509_CRL_bio(out,x);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_X509_CRL(out,x);
+ else if (outformat == FORMAT_TEXT)
+ {
+ X509_REVOKED *r;
+
+ while ((r=(X509_REVOKED *)sk_pop(x->crl->revoked)) != NULL)
+ {
+ fprintf(stdout,"revoked: serialNumber=");
+ i2a_ASN1_INTEGER(out,r->serialNumber);
+ fprintf(stdout," revocationDate=");
+ ASN1_UTCTIME_print(bio_out,r->revocationDate);
+ fprintf(stdout,"\n");
+ }
+ i=1;
+ }
+ else
+ {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
+ ret=0;
+end:
+ if (out != NULL) BIO_free(out);
+ if (bio_out != NULL) BIO_free(bio_out);
+ if (x != NULL) X509_CRL_free(x);
+ EXIT(ret);
+ }
+
+static X509_CRL *load_crl(infile, format)
+char *infile;
+int format;
+ {
+ X509_CRL *x=NULL;
+ BIO *in=NULL;
+
+ in=BIO_new(BIO_s_file());
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (format == FORMAT_ASN1)
+ x=d2i_X509_CRL_bio(in,NULL);
+ else if (format == FORMAT_PEM)
+ x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+ else {
+ BIO_printf(bio_err,"bad input format specified for input crl\n");
+ goto end;
+ }
+ if (x == NULL)
+ {
+ BIO_printf(bio_err,"unable to load CRL\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+end:
+ if (in != NULL) BIO_free(in);
+ return(x);
+ }
+
diff --git a/apps/crl.out b/apps/crl.out
new file mode 100644
index 0000000..85d10e9
--- /dev/null
+++ b/apps/crl.out
@@ -0,0 +1,8 @@
+-----BEGIN X509 CRL-----
+MIIBDjCBuTANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD
+UUxEMRkwFwYDVQQKExBNaW5jb20gUHR5LiBMdGQuMQswCQYDVQQLEwJDUzEbMBkG
+A1UEAxMSU1NMZWF5IGRlbW8gc2VydmVyFw05NzA3MDkwMDAwMjJaFw05NzA4MDgw
+MDAwMjJaMCgwEgIBARcNOTUxMDA5MjMzMjA1WjASAgEDFw05NTEyMDEwMTAwMDBa
+MA0GCSqGSIb3DQEBBAUAA0EAcEBIWVZPXxSlLMPPLfBi4s0N3lzTgskZkgO6pjZi
+oQRwh5vi5zFqDNQteGx7RTHpUYntgyoAZ87FZE0GOJgBaQ==
+-----END X509 CRL-----
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
new file mode 100644
index 0000000..04bb1a1
--- /dev/null
+++ b/apps/crl2p7.c
@@ -0,0 +1,334 @@
+/* apps/crl2p7.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
+ * and donated 'to the cause' along with lots and lots of other fixes to
+ * the library. */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "err.h"
+#include "evp.h"
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+#include "objects.h"
+
+#ifndef NOPROTO
+static int add_certs_from_file(STACK *stack, char *certfile);
+#else
+static int add_certs_from_file();
+#endif
+
+#undef PROG
+#define PROG crl2pkcs7_main
+
+/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ */
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int i,badops=0;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat;
+ char *infile,*outfile,*prog,*certfile;
+ PKCS7 *p7 = NULL;
+ PKCS7_SIGNED *p7s = NULL;
+ X509_CRL *crl=NULL;
+ STACK *crl_stack=NULL;
+ STACK *cert_stack=NULL;
+ int ret=1,nocrl=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+ certfile=NULL;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-nocrl") == 0)
+ {
+ nocrl=1;
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-certfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ certfile= *(++argv);
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -in arg inout file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
+ BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
+ EXIT(1);
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (!nocrl)
+ {
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ crl=d2i_X509_CRL_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ crl=PEM_read_bio_X509_CRL(in,NULL,NULL);
+ else {
+ BIO_printf(bio_err,"bad input format specified for input crl\n");
+ goto end;
+ }
+ if (crl == NULL)
+ {
+ BIO_printf(bio_err,"unable to load CRL\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if ((p7=PKCS7_new()) == NULL) goto end;
+ if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
+ p7->type=OBJ_nid2obj(NID_pkcs7_signed);
+ p7->d.sign=p7s;
+ p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
+
+ if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
+ if ((crl_stack=sk_new(NULL)) == NULL) goto end;
+ p7s->crl=crl_stack;
+ if (crl != NULL)
+ {
+ sk_push(crl_stack,(char *)crl);
+ crl=NULL; /* now part of p7 for Freeing */
+ }
+
+ if ((cert_stack=sk_new(NULL)) == NULL) goto end;
+ p7s->cert=cert_stack;
+
+ if (certfile != NULL)
+ {
+ if (add_certs_from_file(cert_stack,certfile) < 0)
+ {
+ BIO_printf(bio_err,"error loading certificates\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (outformat == FORMAT_ASN1)
+ i=i2d_PKCS7_bio(out,p7);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_PKCS7(out,p7);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write pkcs7 object\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (p7 != NULL) PKCS7_free(p7);
+ if (crl != NULL) X509_CRL_free(crl);
+
+ EXIT(ret);
+ }
+
+/*
+ *----------------------------------------------------------------------
+ * int add_certs_from_file
+ *
+ * Read a list of certificates to be checked from a file.
+ *
+ * Results:
+ * number of certs added if successful, -1 if not.
+ *----------------------------------------------------------------------
+ */
+static int add_certs_from_file(stack,certfile)
+STACK *stack;
+char *certfile;
+ {
+ struct stat st;
+ BIO *in=NULL;
+ int count=0;
+ int ret= -1;
+ STACK *sk=NULL;
+ X509_INFO *xi;
+
+ if ((stat(certfile,&st) != 0))
+ {
+ BIO_printf(bio_err,"unable to file the file, %s\n",certfile);
+ goto end;
+ }
+
+ in=BIO_new(BIO_s_file());
+ if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
+ {
+ goto end;
+ }
+
+ /* This loads from a file, a stack of x509/crl/pkey sets */
+ sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
+ if (sk == NULL) goto end;
+
+ /* scan over it and pull out the CRL's */
+ while (sk_num(sk))
+ {
+ xi=(X509_INFO *)sk_shift(sk);
+ if (xi->x509 != NULL)
+ {
+ sk_push(stack,(char *)xi->x509);
+ xi->x509=NULL;
+ count++;
+ }
+ X509_INFO_free(xi);
+ }
+
+ ret=count;
+end:
+ /* never need to Free x */
+ if (in != NULL) BIO_free(in);
+ if (sk != NULL) sk_free(sk);
+ return(ret);
+ }
+
diff --git a/apps/demoCA/cacert.pem b/apps/demoCA/cacert.pem
new file mode 100644
index 0000000..affbce3
--- /dev/null
+++ b/apps/demoCA/cacert.pem
@@ -0,0 +1,14 @@
+subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+-----BEGIN X509 CERTIFICATE-----
+
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
diff --git a/apps/demoCA/index.txt b/apps/demoCA/index.txt
new file mode 100644
index 0000000..2cdd252
--- /dev/null
+++ b/apps/demoCA/index.txt
@@ -0,0 +1,39 @@
+R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young
+E 951009233205Z 02 certs/00000002 /CN=Duncan Young
+R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson
+V 980705233205Z 04 certs/00000004 /CN=Eric Young4
+V 980705233205Z 05 certs/00000004 /CN=Eric Young5
+V 980705233205Z 06 certs/00000004 /CN=Eric Young6
+V 980705233205Z 07 certs/00000004 /CN=Eric Young7
+V 980705233205Z 08 certs/00000004 /CN=Eric Young8
+V 980705233205Z 09 certs/00000004 /CN=Eric Young9
+V 980705233205Z 0A certs/00000004 /CN=Eric YoungA
+V 980705233205Z 0B certs/00000004 /CN=Eric YoungB
+V 980705233205Z 0C certs/00000004 /CN=Eric YoungC
+V 980705233205Z 0D certs/00000004 /CN=Eric YoungD
+V 980705233205Z 0E certs/00000004 /CN=Eric YoungE
+V 980705233205Z 0F certs/00000004 /CN=Eric YoungF
+V 980705233205Z 10 certs/00000004 /CN=Eric Young10
+V 980705233205Z 11 certs/00000004 /CN=Eric Young11
+V 980705233205Z 12 certs/00000004 /CN=Eric Young12
+V 980705233205Z 13 certs/00000004 /CN=Eric Young13
+V 980705233205Z 14 certs/00000004 /CN=Eric Young14
+V 980705233205Z 15 certs/00000004 /CN=Eric Young15
+V 980705233205Z 16 certs/00000004 /CN=Eric Young16
+V 980705233205Z 17 certs/00000004 /CN=Eric Young17
+V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
+V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
+V 970322074816Z 010E unknown /CN=Eric Young/Email=eay@mincom.oz.au
+V 970322075152Z 010F unknown /CN=Eric Young
+V 970322075906Z 0110 unknown /CN=Eric Youngg
+V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young
+V 970324221931Z 0112 unknown /CN=Fred
+V 970324224934Z 0113 unknown /C=AU/CN=eay
+V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
+V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3
+V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
+V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test
+V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2
+V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64
+V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr
+V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk
diff --git a/apps/demoCA/private/cakey.pem b/apps/demoCA/private/cakey.pem
new file mode 100644
index 0000000..48fb18c
--- /dev/null
+++ b/apps/demoCA/private/cakey.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+-----BEGIN X509 CERTIFICATE-----
+
+MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
+MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
+BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
+LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
+/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
+DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
+IMs6ZOZB
+-----END X509 CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+
+MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
+Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
+hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
+sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
+tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
+agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
+g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
+-----END RSA PRIVATE KEY-----
diff --git a/apps/demoCA/serial b/apps/demoCA/serial
new file mode 100644
index 0000000..69fa0ff
--- /dev/null
+++ b/apps/demoCA/serial
@@ -0,0 +1 @@
+011E
diff --git a/apps/der_chop b/apps/der_chop
new file mode 100644
index 0000000..4639330
--- /dev/null
+++ b/apps/der_chop
@@ -0,0 +1,305 @@
+#!/usr/local/bin/perl
+#
+# der_chop ... this is one total hack that Eric is really not proud of
+# so don't look at it and don't ask for support
+#
+# The "documentation" for this (i.e. all the comments) are my fault --tjh
+#
+# This program takes the "raw" output of derparse/asn1parse and
+# converts it into tokens and then runs regular expression matches
+# to try to figure out what to grab to get the things that are needed
+# and it is possible that this will do the wrong thing as it is a *hack*
+#
+# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
+# [I know ... promises promises :-)]
+#
+# To convert a Netscape Certificate:
+# der_chop < ServerCert.der > cert.pem
+# To convert a Netscape Key (and encrypt it again to protect it)
+# rsa -inform NET -in ServerKey.der -des > key.pem
+#
+# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this
+# is an evil hack. If nothing else the parsing should
+# be relative, not absolute.
+# 19-Apr-96 tjh hacked (with eay) into 0.5.x format
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+
+require 'getopts.pl';
+
+$debug=0;
+
+# this was the 0.4.x way of doing things ...
+$cmd="derparse";
+$x509_cmd="x509";
+$crl_cmd="crl";
+$rc4_cmd="rc4";
+$md2_cmd="md2";
+$md4_cmd="md4";
+$rsa_cmd="rsa -des -inform der ";
+
+# this was the 0.5.x way of doing things ...
+$cmd="ssleay asn1parse";
+$x509_cmd="ssleay x509";
+$crl_cmd="ssleay crl";
+$rc4_cmd="ssleay rc4";
+$md2_cmd="ssleay md2";
+$md4_cmd="ssleay md4";
+$rsa_cmd="ssleay rsa -des -inform der ";
+
+&Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
+$depth=($opt_d =~ /^\d+$/)?$opt_d:0;
+
+&init_der();
+
+if ($#ARGV != -1)
+ {
+ foreach $file (@ARGV)
+ {
+ print STDERR "doing $file\n";
+ &dofile($file);
+ }
+ }
+else
+ {
+ $file="/tmp/a$$.DER";
+ open(OUT,">$file") || die "unable to open $file:$!\n";
+ for (;;)
+ {
+ $i=sysread(STDIN,$b,1024*10);
+ last if ($i <= 0);
+ $i=syswrite(OUT,$b,$i);
+ }
+ &dofile($file);
+ unlink($file);
+ }
+
+sub dofile
+ {
+ local($file)=@_;
+ local(@p);
+
+ $b=&load_file($file);
+ @p=&load_file_parse($file);
+
+ foreach $_ (@p)
+ {
+ ($off,$d,$hl,$len)=&parse_line($_);
+ $d-=$depth;
+ next if ($d != 0);
+ next if ($len == 0);
+
+ $o=substr($b,$off,$len+$hl);
+ ($str,@data)=&der_str($o);
+ print "$str\n" if ($opt_v);
+ if ($str =~ /^$crl/)
+ {
+ open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
+ die "unable to run $crl_cmd:$!\n";
+ print OUT $o;
+ close(OUT);
+ }
+ elsif ($str =~ /^$x509/)
+ {
+ open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
+ || die "unable to run $x509_cmd:$!\n";
+ print OUT $o;
+ close(OUT);
+ }
+ elsif ($str =~ /^$rsa/)
+ {
+ ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
+ next unless ($type eq "rsaEncryption");
+ ($off,$d,$hl,$len)=&parse_line($data[5]);
+ $os=substr($o,$off+$hl,$len);
+ open(OUT,"|$rsa_cmd")
+ || die "unable to run $rsa_cmd:$!\n";
+ print OUT $os;
+ close(OUT);
+ }
+ elsif ($str =~ /^0G-1D-1G/)
+ {
+ ($off,$d,$hl,$len)=&parse_line($data[1]);
+ $os=substr($o,$off+$hl,$len);
+ print STDERR "<$os>\n" if $opt_v;
+ &do_certificate($o,@data)
+ if (($os eq "certificate") &&
+ ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
+ &do_private_key($o,@data)
+ if (($os eq "private-key") &&
+ ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
+ }
+ }
+ }
+
+sub der_str
+ {
+ local($str)=@_;
+ local(*OUT,*IN,@a,$t,$d,$ret);
+ local($file)="/tmp/b$$.DER";
+ local(@ret);
+
+ open(OUT,">$file");
+ print OUT $str;
+ close(OUT);
+ open(IN,"$cmd -inform 'd' -in $file |") ||
+ die "unable to run $cmd:$!\n";
+ $ret="";
+ while (<IN>)
+ {
+ chop;
+ push(@ret,$_);
+
+ print STDERR "$_\n" if ($debug);
+
+ @a=split(/\s*:\s*/);
+ ($d)=($a[1] =~ /d=\s*(\d+)/);
+ $a[2] =~ s/\s+$//;
+ $t=$DER_s2i{$a[2]};
+ $ret.="$d$t-";
+ }
+ close(IN);
+ unlink($file);
+ chop $ret;
+ $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
+ $ret =~ s/(-3G-4B-4L)+/-RCERT/g;
+ return($ret,@ret);
+ }
+
+sub init_der
+ {
+ $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
+ $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
+ $rsa= "0G-1B-1G-2F-2E-1D";
+
+ %DER_i2s=(
+ # SSLeay 0.4.x has this list
+ "A","EOC",
+ "B","INTEGER",
+ "C","BIT STRING",
+ "D","OCTET STRING",
+ "E","NULL",
+ "F","OBJECT",
+ "G","SEQUENCE",
+ "H","SET",
+ "I","PRINTABLESTRING",
+ "J","T61STRING",
+ "K","IA5STRING",
+ "L","UTCTIME",
+ "M","NUMERICSTRING",
+ "N","VIDEOTEXSTRING",
+ "O","GENERALIZEDTIME",
+ "P","GRAPHICSTRING",
+ "Q","ISO64STRING",
+ "R","GENERALSTRING",
+ "S","UNIVERSALSTRING",
+
+ # SSLeay 0.5.x changed some things ... and I'm
+ # leaving in the old stuff but adding in these
+ # to handle the new as well --tjh
+ # - Well I've just taken them out and added the extra new
+ # ones :-) - eay
+ );
+
+ foreach (keys %DER_i2s)
+ { $DER_s2i{$DER_i2s{$_}}=$_; }
+ }
+
+sub parse_line
+ {
+ local($_)=@_;
+
+ return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
+ }
+
+# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE
+# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING
+# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE
+# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE
+# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4
+# 33:d=3 hl=2 l= 0 prim: univ: NULL
+# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
+sub do_private_key
+ {
+ local($data,@struct)=@_;
+ local($file)="/tmp/b$$.DER";
+ local($off,$d,$hl,$len,$_,$b,@p,$s);
+
+ ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
+ if ($type eq "rc4")
+ {
+ ($off,$d,$hl,$len)=&parse_line($struct[6]);
+ open(OUT,"|$rc4_cmd >$file") ||
+ die "unable to run $rc4_cmd:$!\n";
+ print OUT substr($data,$off+$hl,$len);
+ close(OUT);
+
+ $b=&load_file($file);
+ unlink($file);
+
+ ($s,@p)=&der_str($b);
+ die "unknown rsa key type\n$s\n"
+ if ($s ne '0G-1B-1G-2F-2E-1D');
+ local($off,$d,$hl,$len)=&parse_line($p[5]);
+ $b=substr($b,$off+$hl,$len);
+ ($s,@p)=&der_str($b);
+ open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
+ print OUT $b;
+ close(OUT);
+ }
+ else
+ {
+ print "'$type' is unknown\n";
+ exit(1);
+ }
+ }
+
+sub do_certificate
+ {
+ local($data,@struct)=@_;
+ local($file)="/tmp/b$$.DER";
+ local($off,$d,$hl,$len,$_,$b,@p,$s);
+
+ ($off,$d,$hl,$len)=&parse_line($struct[2]);
+ $b=substr($data,$off,$len+$hl);
+
+ open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
+ print OUT $b;
+ close(OUT);
+ }
+
+sub load_file
+ {
+ local($file)=@_;
+ local(*IN,$r,$b,$i);
+
+ $r="";
+ open(IN,"<$file") || die "unable to open $file:$!\n";
+ for (;;)
+ {
+ $i=sysread(IN,$b,10240);
+ last if ($i <= 0);
+ $r.=$b;
+ }
+ close(IN);
+ return($r);
+ }
+
+sub load_file_parse
+ {
+ local($file)=@_;
+ local(*IN,$r,@ret,$_,$i,$n,$b);
+
+ open(IN,"$cmd -inform d -in $file|")
+ || die "unable to run der_parse\n";
+ while (<IN>)
+ {
+ chop;
+ push(@ret,$_);
+ }
+ return($r,@ret);
+ }
+
diff --git a/apps/dgst.c b/apps/dgst.c
new file mode 100644
index 0000000..6d7a178
--- /dev/null
+++ b/apps/dgst.c
@@ -0,0 +1,227 @@
+/* apps/dgst.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "pem.h"
+
+#undef BUFSIZE
+#define BUFSIZE 1024*8
+
+#undef PROG
+#define PROG dgst_main
+
+#ifndef NOPROTO
+void do_fp(unsigned char *buf,BIO *f,int sep);
+#else
+void do_fp();
+#endif
+
+int MAIN(argc,argv)
+int argc;
+char **argv;
+ {
+ unsigned char *buf=NULL;
+ int i,err=0;
+ EVP_MD *md=NULL,*m;
+ BIO *in=NULL,*inp;
+ BIO *bmd=NULL;
+ char *name;
+#define PROG_NAME_SIZE 16
+ char pname[PROG_NAME_SIZE];
+ int separator=0;
+ int debug=0;
+
+ apps_startup();
+
+ if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL)
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ /* first check the program name */
+ program_name(argv[0],pname,PROG_NAME_SIZE);
+
+ md=EVP_get_digestbyname(pname);
+
+ argc--;
+ argv++;
+ for (i=0; i<argc; i++)
+ {
+ if ((*argv)[0] != '-') break;
+ if (strcmp(*argv,"-c") == 0)
+ separator=1;
+ else if (strcmp(*argv,"-d") == 0)
+ debug=1;
+ else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+ md=m;
+ else
+ break;
+ argc--;
+ argv++;
+ }
+
+ if (md == NULL)
+ md=EVP_md5();
+
+ if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
+ {
+ BIO_printf(bio_err,"unknown option '%s'\n",*argv);
+ BIO_printf(bio_err,"options are\n");
+ BIO_printf(bio_err,"-c to output the digest with separating colons\n");
+ BIO_printf(bio_err,"-c to output debug info\n");
+ BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm (default)\n",
+ LN_md5,LN_md5);
+ BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+ LN_md2,LN_md2);
+ BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+ LN_sha1,LN_sha1);
+ BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+ LN_sha,LN_sha);
+ BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
+ LN_mdc2,LN_mdc2);
+ err=1;
+ goto end;
+ }
+
+ in=BIO_new(BIO_s_file());
+ bmd=BIO_new(BIO_f_md());
+ if (debug)
+ {
+ BIO_set_callback(in,BIO_debug_callback);
+ /* needed for windows 3.1 */
+ BIO_set_callback_arg(in,bio_err);
+ }
+
+ if ((in == NULL) || (bmd == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ /* we use md as a filter, reading from 'in' */
+ BIO_set_md(bmd,md);
+ inp=BIO_push(bmd,in);
+
+ if (argc == 0)
+ {
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ do_fp(buf,inp,separator);
+ }
+ else
+ {
+ name=OBJ_nid2sn(md->type);
+ for (i=0; i<argc; i++)
+ {
+ if (BIO_read_filename(in,argv[i]) <= 0)
+ {
+ perror(argv[i]);
+ err++;
+ continue;
+ }
+ printf("%s(%s)= ",name,argv[i]);
+ do_fp(buf,inp,separator);
+ BIO_reset(bmd);
+ }
+ }
+end:
+ if (buf != NULL)
+ {
+ memset(buf,0,BUFSIZE);
+ Free(buf);
+ }
+ if (in != NULL) BIO_free(in);
+ if (bmd != NULL) BIO_free(bmd);
+ EXIT(err);
+ }
+
+void do_fp(buf,bp,sep)
+unsigned char *buf;
+BIO *bp;
+int sep;
+ {
+ int len;
+ int i;
+
+ for (;;)
+ {
+ i=BIO_read(bp,(char *)buf,BUFSIZE);
+ if (i <= 0) break;
+ }
+ len=BIO_gets(bp,(char *)buf,BUFSIZE);
+
+ for (i=0; i<len; i++)
+ {
+ if (sep && (i != 0))
+ putc(':',stdout);
+ printf("%02x",buf[i]);
+ }
+ printf("\n");
+ }
+
diff --git a/apps/dh.c b/apps/dh.c
new file mode 100644
index 0000000..8a3bcfb
--- /dev/null
+++ b/apps/dh.c
@@ -0,0 +1,312 @@
+/* apps/dh.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "bn.h"
+#include "dh.h"
+#include "x509.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG dh_main
+
+/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -check - check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ DH *dh=NULL;
+ int i,badops=0,text=0;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,check=0,noout=0,C=0,ret=1;
+ char *infile,*outfile,*prog;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-check") == 0)
+ check=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-C") == 0)
+ C=1;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -in arg inout file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -check check the DH parameters\n");
+ BIO_printf(bio_err," -text check the DH parameters\n");
+ BIO_printf(bio_err," -C Output C code\n");
+ BIO_printf(bio_err," -noout no output\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ dh=d2i_DHparams_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ dh=PEM_read_bio_DHparams(in,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified\n");
+ goto end;
+ }
+ if (dh == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+
+
+ if (text)
+ {
+ DHparams_print(out,dh);
+#ifdef undef
+ printf("p=");
+ BN_print(stdout,dh->p);
+ printf("\ng=");
+ BN_print(stdout,dh->g);
+ printf("\n");
+ if (dh->length != 0)
+ printf("recomented private length=%ld\n",dh->length);
+#endif
+ }
+
+ if (check)
+ {
+ if (!DH_check(dh,&i))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (i & DH_CHECK_P_NOT_PRIME)
+ printf("p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_STRONG_PRIME)
+ printf("p value is not a strong prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ printf("unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ printf("the g value is not a generator\n");
+ if (i == 0)
+ printf("DH parameters appear to be ok.\n");
+ }
+ if (C)
+ {
+ unsigned char *data;
+ int len,l,bits;
+
+ len=BN_num_bytes(dh->p);
+ bits=BN_num_bits(dh->p);
+ data=(unsigned char *)Malloc(len);
+ if (data == NULL)
+ {
+ perror("Malloc");
+ goto end;
+ }
+ l=BN_bn2bin(dh->p,data);
+ printf("static unsigned char dh%d_p[]={",bits);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n");
+
+ l=BN_bn2bin(dh->g,data);
+ printf("static unsigned char dh%d_g[]={",bits);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n\n");
+
+ printf("DH *get_dh%d()\n\t{\n",bits);
+ printf("\tDH *dh;\n\n");
+ printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+ printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+ bits,bits);
+ printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+ bits,bits);
+ printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+ printf("\t\treturn(NULL);\n");
+ printf("\treturn(dh);\n\t}\n");
+ }
+
+
+ if (!noout)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_DHparams_bio(out,dh);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_DHparams(out,dh);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write DH paramaters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (dh != NULL) DH_free(dh);
+ EXIT(ret);
+ }
diff --git a/apps/dh1024.pem b/apps/dh1024.pem
new file mode 100644
index 0000000..81d43f6
--- /dev/null
+++ b/apps/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/apps/dsa-ca.pem b/apps/dsa-ca.pem
new file mode 100644
index 0000000..9eb08f3
--- /dev/null
+++ b/apps/dsa-ca.pem
@@ -0,0 +1,43 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+
+svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+MVqOsYxGCb+kez0FoDSTgw==
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+C1Q=
+-----END CERTIFICATE-----
+
diff --git a/apps/dsa-pca.pem b/apps/dsa-pca.pem
new file mode 100644
index 0000000..e3641ad
--- /dev/null
+++ b/apps/dsa-pca.pem
@@ -0,0 +1,49 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+
+GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+-----END DSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+-----END CERTIFICATE REQUEST-----
+-----BEGIN CERTIFICATE-----
+MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+5rKUjNBhSg==
+-----END CERTIFICATE-----
+
diff --git a/apps/dsa.c b/apps/dsa.c
new file mode 100644
index 0000000..585116a
--- /dev/null
+++ b/apps/dsa.c
@@ -0,0 +1,257 @@
+/* apps/dsa.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "dsa.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG dsa_main
+
+/* -inform arg - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -des - encrypt output if PEM format with DES in cbc mode
+ * -des3 - encrypt output if PEM format
+ * -idea - encrypt output if PEM format
+ * -text - print a text version
+ * -modulus - print the DSA public key
+ */
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int ret=1;
+ DSA *dsa=NULL;
+ int i,badops=0;
+ EVP_CIPHER *enc=NULL;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,text=0,noout=0;
+ char *infile,*outfile,*prog;
+ int modulus=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-modulus") == 0)
+ modulus=1;
+ else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
+ BIO_printf(bio_err," -in arg inout file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef NO_IDEA
+ BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
+#endif
+ BIO_printf(bio_err," -text print the key in text\n");
+ BIO_printf(bio_err," -noout don't print key out\n");
+ BIO_printf(bio_err," -modulus print the DSA public value\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ BIO_printf(bio_err,"read DSA private key\n");
+ if (informat == FORMAT_ASN1)
+ dsa=d2i_DSAPrivateKey_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for key\n");
+ goto end;
+ }
+ if (dsa == NULL)
+ {
+ BIO_printf(bio_err,"unable to load Private Key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (text)
+ if (!DSA_print(out,dsa,0))
+ {
+ perror(outfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (modulus)
+ {
+ fprintf(stdout,"Public Key=");
+ BN_print(out,dsa->pub_key);
+ fprintf(stdout,"\n");
+ }
+
+ if (noout) goto end;
+ BIO_printf(bio_err,"writing DSA private key\n");
+ if (outformat == FORMAT_ASN1)
+ i=i2d_DSAPrivateKey_bio(out,dsa);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write private key\n");
+ ERR_print_errors(bio_err);
+ }
+ else
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (dsa != NULL) DSA_free(dsa);
+ EXIT(ret);
+ }
+
diff --git a/apps/dsa1024.pem b/apps/dsa1024.pem
new file mode 100644
index 0000000..082dec3
--- /dev/null
+++ b/apps/dsa1024.pem
@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
+mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
+OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
+bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
+3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
+zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
+Arg=
+-----END DSA PARAMETERS-----
diff --git a/apps/dsa512.pem b/apps/dsa512.pem
new file mode 100644
index 0000000..5f86d1a
--- /dev/null
+++ b/apps/dsa512.pem
@@ -0,0 +1,6 @@
+-----BEGIN DSA PARAMETERS-----
+MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
+TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
+gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
+L8wka5B33qJoplISogOdIA==
+-----END DSA PARAMETERS-----
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
new file mode 100644
index 0000000..e9485c0
--- /dev/null
+++ b/apps/dsaparam.c
@@ -0,0 +1,340 @@
+/* apps/dsaparam.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "bn.h"
+#include "rand.h"
+#include "dsa.h"
+#include "x509.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG dsaparam_main
+
+/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -noout
+ * -text
+ * -C
+ * -noout
+ */
+
+#ifndef NOPROTO
+static void MS_CALLBACK dsa_cb(int p, int n);
+#else
+static void MS_CALLBACK dsa_cb();
+#endif
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ DSA *dsa=NULL;
+ int i,badops=0,text=0;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,noout=0,C=0,ret=1;
+ char *infile,*outfile,*prog,*inrand=NULL;
+ int numbits= -1,num;
+ char buffer[200],*randfile=NULL;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-C") == 0)
+ C=1;
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (sscanf(*argv,"%d",&num) == 1)
+ {
+ /* generate a key */
+ numbits=num;
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -in arg inout file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -text check the DSA parameters\n");
+ BIO_printf(bio_err," -C Output C code\n");
+ BIO_printf(bio_err," -noout no output\n");
+ BIO_printf(bio_err," -rand files to use for random number input\n");
+ BIO_printf(bio_err," number number of bits to use for generating private key\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (numbits > 0)
+ {
+ randfile=RAND_file_name(buffer,200);
+ RAND_load_file(randfile,1024L*1024L);
+
+ BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+ BIO_printf(bio_err,"This could take some time\n");
+ dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,dsa_cb);
+ }
+ else if (informat == FORMAT_ASN1)
+ dsa=d2i_DSAparams_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ dsa=PEM_read_bio_DSAparams(in,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified\n");
+ goto end;
+ }
+ if (dsa == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DSA parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (text)
+ {
+ DSAparams_print(out,dsa);
+ }
+
+ if (C)
+ {
+ unsigned char *data;
+ int l,len,bits_p,bits_q,bits_g;
+
+ len=BN_num_bytes(dsa->p);
+ bits_p=BN_num_bits(dsa->p);
+ bits_q=BN_num_bits(dsa->q);
+ bits_g=BN_num_bits(dsa->g);
+ data=(unsigned char *)Malloc(len+20);
+ if (data == NULL)
+ {
+ perror("Malloc");
+ goto end;
+ }
+ l=BN_bn2bin(dsa->p,data);
+ printf("static unsigned char dsa%d_p[]={",bits_p);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n");
+
+ l=BN_bn2bin(dsa->q,data);
+ printf("static unsigned char dsa%d_q[]={",bits_p);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n");
+
+ l=BN_bn2bin(dsa->g,data);
+ printf("static unsigned char dsa%d_g[]={",bits_p);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t};\n\n");
+
+ printf("DSA *get_dsa%d()\n\t{\n",bits_p);
+ printf("\tDSA *dsa;\n\n");
+ printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
+ printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
+ bits_p,bits_p);
+ printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
+ bits_p,bits_p);
+ printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
+ bits_p,bits_p);
+ printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
+ printf("\t\treturn(NULL);\n");
+ printf("\treturn(dsa);\n\t}\n");
+ }
+
+
+ if (!noout)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_DSAparams_bio(out,dsa);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_DSAparams(out,dsa);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write DSA paramaters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (dsa != NULL) DSA_free(dsa);
+ EXIT(ret);
+ }
+
+static void MS_CALLBACK dsa_cb(p, n)
+int p;
+int n;
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(bio_err,&c,1);
+ BIO_flush(bio_err);
+#ifdef LINT
+ p=n;
+#endif
+ }
diff --git a/apps/eay.c b/apps/eay.c
new file mode 100644
index 0000000..c7a59ca
--- /dev/null
+++ b/apps/eay.c
@@ -0,0 +1,130 @@
+/* apps/eay.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define MONOLITH
+#define USE_SOCKETS
+#include "../e_os.h"
+
+#include "bio.h"
+#include "stack.h"
+#include "lhash.h"
+
+#include "err.h"
+
+#include "bn.h"
+
+#include "evp.h"
+
+#include "rand.h"
+#include "conf.h"
+#include "txt_db.h"
+
+#include "err.h"
+
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+#include "asn1.h"
+#include "objects.h"
+
+#define MONOLITH
+
+#include "ssleay.c"
+#include "apps.c"
+#include "asn1pars.c"
+#ifndef NO_RSA
+#include "ca.c"
+#include "genrsa.c"
+#include "req.c"
+#include "rsa.c"
+#endif
+#ifndef NO_DH
+#include "gendh.c"
+#include "dh.c"
+#endif
+#include "crl.c"
+#include "crl2p7.c"
+#include "dgst.c"
+#include "enc.c"
+#include "errstr.c"
+#if !defined(NO_SSL2) || !defined(NO_SSL3)
+#ifndef NO_SOCK
+#include "s_cb.c"
+#include "s_client.c"
+#include "s_server.c"
+#include "s_socket.c"
+#include "s_time.c"
+#endif
+#endif
+#include "speed.c"
+#include "verify.c"
+#include "version.c"
+#include "x509.c"
+#include "ciphers.c"
+#include "sess_id.c"
+#include "pkcs7.c"
+#ifndef NO_DSA
+#include "dsaparam.c"
+#include "dsa.c"
+#include "gendsa.c"
+#endif
+
diff --git a/apps/enc.c b/apps/enc.c
new file mode 100644
index 0000000..d7c9909
--- /dev/null
+++ b/apps/enc.c
@@ -0,0 +1,545 @@
+/* apps/enc.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#ifdef NO_MD5
+#include "md5.h"
+#endif
+#include "pem.h"
+
+#ifndef NOPROTO
+int set_hex(char *in,unsigned char *out,int size);
+#else
+int set_hex();
+#endif
+
+#undef SIZE
+#undef BSIZE
+#undef PROG
+
+#define SIZE (512)
+#define BSIZE (8*1024)
+#define PROG enc_main
+
+int MAIN(argc,argv)
+int argc;
+char **argv;
+ {
+ char *strbuf=NULL;
+ unsigned char *buff=NULL,*bufsize=NULL;
+ int bsize=BSIZE,verbose=0;
+ int ret=1,inl;
+ unsigned char key[24],iv[MD5_DIGEST_LENGTH];
+ char *str=NULL;
+ char *hkey=NULL,*hiv=NULL;
+ int enc=1,printkey=0,i,base64=0;
+ int debug=0;
+ EVP_CIPHER *cipher=NULL,*c;
+ char *inf=NULL,*outf=NULL;
+ BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+#define PROG_NAME_SIZE 16
+ char pname[PROG_NAME_SIZE];
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ /* first check the program name */
+ program_name(argv[0],pname,PROG_NAME_SIZE);
+ if (strcmp(pname,"base64") == 0)
+ base64=1;
+
+ cipher=EVP_get_cipherbyname(pname);
+ if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
+ {
+ BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
+ goto bad;
+ }
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-e") == 0)
+ enc=1;
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inf= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outf= *(++argv);
+ }
+ else if (strcmp(*argv,"-d") == 0)
+ enc=0;
+ else if (strcmp(*argv,"-p") == 0)
+ printkey=1;
+ else if (strcmp(*argv,"-v") == 0)
+ verbose=1;
+ else if ((strcmp(*argv,"-debug") == 0) ||
+ (strcmp(*argv,"-d") == 0))
+ debug=1;
+ else if (strcmp(*argv,"-P") == 0)
+ printkey=2;
+ else if (strcmp(*argv,"-a") == 0)
+ base64=1;
+ else if (strcmp(*argv,"-base64") == 0)
+ base64=1;
+ else if (strcmp(*argv,"-bufsize") == 0)
+ {
+ if (--argc < 1) goto bad;
+ bufsize=(unsigned char *)*(++argv);
+ }
+ else if (strcmp(*argv,"-k") == 0)
+ {
+ if (--argc < 1) goto bad;
+ str= *(++argv);
+ }
+ else if (strcmp(*argv,"-kfile") == 0)
+ {
+ static char buf[128];
+ FILE *infile;
+ char *file;
+
+ if (--argc < 1) goto bad;
+ file= *(++argv);
+ infile=fopen(file,"r");
+ if (infile == NULL)
+ {
+ BIO_printf(bio_err,"unable to read key from '%s'\n",
+ file);
+ goto bad;
+ }
+ buf[0]='\0';
+ fgets(buf,128,infile);
+ fclose(infile);
+ i=strlen(buf);
+ if ((i > 0) &&
+ ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
+ buf[--i]='\0';
+ if ((i > 0) &&
+ ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
+ buf[--i]='\0';
+ if (i < 1)
+ {
+ BIO_printf(bio_err,"zero length password\n");
+ goto bad;
+ }
+ str=buf;
+ }
+ else if (strcmp(*argv,"-K") == 0)
+ {
+ if (--argc < 1) goto bad;
+ hkey= *(++argv);
+ }
+ else if (strcmp(*argv,"-iv") == 0)
+ {
+ if (--argc < 1) goto bad;
+ hiv= *(++argv);
+ }
+ else if ((argv[0][0] == '-') &&
+ ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
+ {
+ cipher=c;
+ }
+ else if (strcmp(*argv,"-none") == 0)
+ cipher=NULL;
+ else
+ {
+ BIO_printf(bio_err,"unknown option '%s'\n",*argv);
+bad:
+ BIO_printf(bio_err,"options are\n");
+ BIO_printf(bio_err,"%-14s input file\n","-in <file>");
+ BIO_printf(bio_err,"%-14s output fileencrypt\n","-out <file>");
+ BIO_printf(bio_err,"%-14s encrypt\n","-e");
+ BIO_printf(bio_err,"%-14s decrypt\n","-d");
+ BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
+ BIO_printf(bio_err,"%-14s key is the next argument\n","-k");
+ BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile");
+ BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
+ BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
+ BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+
+ BIO_printf(bio_err,"Cipher Types\n");
+ BIO_printf(bio_err,"des : 56 bit key DES encryption\n");
+ BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
+ BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
+#ifndef NO_IDEA
+ BIO_printf(bio_err,"idea :128 bit key IDEA encryption\n");
+#endif
+#ifndef NO_RC4
+ BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n");
+#endif
+#ifndef NO_BLOWFISH
+ BIO_printf(bio_err,"bf :128 bit key BlowFish encryption\n");
+#endif
+#ifndef NO_RC4
+ BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
+ LN_rc4);
+#endif
+
+ BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+ LN_des_ecb,LN_des_cbc,
+ LN_des_cfb64,LN_des_ofb64);
+ BIO_printf(bio_err," -%-4s (%s)\n",
+ "des", LN_des_cbc);
+
+ BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+ LN_des_ede,LN_des_ede_cbc,
+ LN_des_ede_cfb64,LN_des_ede_ofb64);
+ BIO_printf(bio_err," -desx -none\n");
+
+
+ BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+ LN_des_ede3,LN_des_ede3_cbc,
+ LN_des_ede3_cfb64,LN_des_ede3_ofb64);
+ BIO_printf(bio_err," -%-4s (%s)\n",
+ "des3", LN_des_ede3_cbc);
+
+#ifndef NO_IDEA
+ BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+ LN_idea_ecb, LN_idea_cbc,
+ LN_idea_cfb64, LN_idea_ofb64);
+ BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
+#endif
+#ifndef NO_RC2
+ BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+ LN_rc2_ecb, LN_rc2_cbc,
+ LN_rc2_cfb64, LN_rc2_ofb64);
+ BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
+#endif
+#ifndef NO_BLOWFISH
+ BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+ LN_bf_ecb, LN_bf_cbc,
+ LN_bf_cfb64, LN_bf_ofb64);
+ BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
+#endif
+ goto end;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (bufsize != NULL)
+ {
+ unsigned long n;
+
+ for (n=0; *bufsize; bufsize++)
+ {
+ i= *bufsize;
+ if ((i <= '9') && (i >= '0'))
+ n=n*10+i-'0';
+ else if (i == 'k')
+ {
+ n*=1024;
+ bufsize++;
+ break;
+ }
+ }
+ if (*bufsize != '\0')
+ {
+ BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
+ goto end;
+ }
+
+ /* It must be large enough for a base64 encoded line */
+ if (n < 80) n=80;
+
+ bsize=(int)n;
+ if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
+ }
+
+ strbuf=Malloc(SIZE);
+ buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
+ if ((buff == NULL) || (strbuf == NULL))
+ {
+ BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
+ goto end;
+ }
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (debug)
+ {
+ BIO_set_callback(in,BIO_debug_callback);
+ BIO_set_callback(out,BIO_debug_callback);
+ BIO_set_callback_arg(in,bio_err);
+ BIO_set_callback_arg(out,bio_err);
+ }
+
+ if (inf == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,inf) <= 0)
+ {
+ perror(inf);
+ goto end;
+ }
+ }
+
+ if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
+ {
+ for (;;)
+ {
+ char buf[200];
+
+ sprintf(buf,"enter %s %s password:",
+ OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+ (enc)?"encryption":"decryption");
+ strbuf[0]='\0';
+ i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
+ if (i == 0)
+ {
+ if (strbuf[0] == '\0')
+ {
+ ret=1;
+ goto end;
+ }
+ str=strbuf;
+ break;
+ }
+ if (i < 0)
+ {
+ BIO_printf(bio_err,"bad password read\n");
+ goto end;
+ }
+ }
+ }
+
+ if (cipher != NULL)
+ {
+ if (str != NULL)
+ {
+ EVP_BytesToKey(cipher,EVP_md5(),NULL,
+ (unsigned char *)str,
+ strlen(str),1,key,iv);
+ /* zero the complete buffer or the string
+ * passed from the command line
+ * bug picked up by
+ * Larry J. Hughes Jr. <hughes@indiana.edu> */
+ if (str == strbuf)
+ memset(str,0,SIZE);
+ else
+ memset(str,0,strlen(str));
+ }
+ if ((hiv != NULL) && !set_hex(hiv,iv,8))
+ {
+ BIO_printf(bio_err,"invalid hex iv value\n");
+ goto end;
+ }
+ if ((hkey != NULL) && !set_hex(hkey,key,24))
+ {
+ BIO_printf(bio_err,"invalid hex key value\n");
+ goto end;
+ }
+
+ if ((benc=BIO_new(BIO_f_cipher())) == NULL)
+ goto end;
+ BIO_set_cipher(benc,cipher,key,iv,enc);
+ if (debug)
+ {
+ BIO_set_callback(benc,BIO_debug_callback);
+ BIO_set_callback_arg(benc,bio_err);
+ }
+
+ if (printkey)
+ {
+ if (cipher->key_len > 0)
+ {
+ printf("key=");
+ for (i=0; i<cipher->key_len; i++)
+ printf("%02X",key[i]);
+ printf("\n");
+ }
+ if (cipher->iv_len > 0)
+ {
+ printf("iv =");
+ for (i=0; i<cipher->iv_len; i++)
+ printf("%02X",iv[i]);
+ printf("\n");
+ }
+ if (printkey == 2)
+ {
+ ret=0;
+ goto end;
+ }
+ }
+ }
+
+
+ if (outf == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outf) <= 0)
+ {
+ perror(outf);
+ goto end;
+ }
+ }
+
+ rbio=in;
+ wbio=out;
+
+ if (base64)
+ {
+ if ((b64=BIO_new(BIO_f_base64())) == NULL)
+ goto end;
+ if (debug)
+ {
+ BIO_set_callback(b64,BIO_debug_callback);
+ BIO_set_callback_arg(b64,bio_err);
+ }
+ if (enc)
+ wbio=BIO_push(b64,wbio);
+ else
+ rbio=BIO_push(b64,rbio);
+ }
+
+ /* Only encrypt/decrypt as we write the file */
+ if (benc != NULL)
+ wbio=BIO_push(benc,wbio);
+
+ for (;;)
+ {
+ inl=BIO_read(rbio,(char *)buff,bsize);
+ if (inl <= 0) break;
+ if (BIO_write(wbio,(char *)buff,inl) != inl)
+ {
+ BIO_printf(bio_err,"error writing output file\n");
+ goto end;
+ }
+ }
+ if (!BIO_flush(wbio))
+ {
+ BIO_printf(bio_err,"bad decrypt\n");
+ goto end;
+ }
+
+ ret=0;
+ if (verbose)
+ {
+ BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
+ BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
+ }
+end:
+ if (strbuf != NULL) Free(strbuf);
+ if (buff != NULL) Free(buff);
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (benc != NULL) BIO_free(benc);
+ if (b64 != NULL) BIO_free(b64);
+ EXIT(ret);
+ }
+
+int set_hex(in,out,size)
+char *in;
+unsigned char *out;
+int size;
+ {
+ int i,n;
+ unsigned char j;
+
+ n=strlen(in);
+ if (n > (size*2))
+ {
+ BIO_printf(bio_err,"hex string is too long\n");
+ return(0);
+ }
+ memset(out,0,size);
+ for (i=0; i<n; i++)
+ {
+ j=(unsigned char)*in;
+ *(in++)='\0';
+ if (j == 0) break;
+ if ((j >= '0') && (j <= '9'))
+ j-='0';
+ else if ((j >= 'A') && (j <= 'F'))
+ j=j-'A'+10;
+ else if ((j >= 'a') && (j <= 'f'))
+ j=j-'a'+10;
+ else
+ {
+ BIO_printf(bio_err,"non-hex digit\n");
+ return(0);
+ }
+ if (i&1)
+ out[i/2]|=j;
+ else
+ out[i/2]=(j<<4);
+ }
+ return(1);
+ }
diff --git a/apps/errstr.c b/apps/errstr.c
new file mode 100644
index 0000000..6d0f9d1
--- /dev/null
+++ b/apps/errstr.c
@@ -0,0 +1,116 @@
+/* apps/errstr.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "lhash.h"
+#include "err.h"
+#include "ssl.h"
+
+#undef PROG
+#define PROG errstr_main
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int i,ret=0;
+ char buf[256];
+ unsigned long l;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ SSL_load_error_strings();
+
+ if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))
+ {
+ BIO *out=NULL;
+
+ out=BIO_new(BIO_s_file());
+ if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
+ {
+ lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
+ lh_stats_bio((LHASH *)ERR_get_string_table(),out);
+ lh_node_usage_stats_bio((LHASH *)
+ ERR_get_string_table(),out);
+ }
+ if (out != NULL) BIO_free(out);
+ argc--;
+ argv++;
+ }
+
+ for (i=1; i<argc; i++)
+ {
+ if (sscanf(argv[i],"%lx",&l))
+ printf("%s\n",ERR_error_string(l,buf));
+ else
+ {
+ printf("%s: bad error code\n",argv[i]);
+ printf("usage: errstr [-stats] <errno> ...\n");
+ ret++;
+ }
+ }
+ EXIT(ret);
+ }
diff --git a/apps/f b/apps/f
new file mode 100644
index 0000000..857052e
--- /dev/null
+++ b/apps/f
@@ -0,0 +1,5 @@
+586
+2481
+
+1400
+2064
diff --git a/apps/g_ssleay.pl b/apps/g_ssleay.pl
new file mode 100644
index 0000000..237dd4c
--- /dev/null
+++ b/apps/g_ssleay.pl
@@ -0,0 +1,110 @@
+#!/usr/local/bin/perl
+
+$mkprog='mklinks';
+$rmprog='rmlinks';
+
+print "#ifndef NOPROTO\n";
+
+grep(s/^asn1pars$/asn1parse/,@ARGV);
+
+foreach (@ARGV)
+ { printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
+print "#else\n";
+foreach (@ARGV)
+ { printf "extern int %s_main();\n",$_; }
+print "#endif\n";
+
+
+print <<'EOF';
+
+#ifdef SSLEAY_SRC
+
+#define FUNC_TYPE_GENERAL 1
+#define FUNC_TYPE_MD 2
+#define FUNC_TYPE_CIPHER 3
+
+typedef struct {
+ int type;
+ char *name;
+ int (*func)();
+ } FUNCTION;
+
+FUNCTION functions[] = {
+EOF
+
+foreach (@ARGV)
+ {
+ push(@files,$_);
+ $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
+ if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
+ { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
+ ($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
+ { print "#ifndef NO_RSA\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
+ { print "#ifndef NO_DSA\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
+ { print "#ifndef NO_DH\n${str}#endif\n"; }
+ else
+ { print $str; }
+ }
+
+foreach ("md2","md5","sha","sha1","mdc2")
+ {
+ push(@files,$_);
+ printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
+ }
+
+foreach (
+ "base64",
+ "des", "des3", "desx", "idea", "rc4", "rc2","bf",
+ "des-ecb", "des-ede", "des-ede3",
+ "des-cbc", "des-ede-cbc","des-ede3-cbc",
+ "des-cfb", "des-ede-cfb","des-ede3-cfb",
+ "des-ofb", "des-ede-ofb","des-ede3-ofb",
+ "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
+ "rc2-cbc", "rc2-ecb", "rc2-cfb", "rc2-ofb",
+ "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb")
+ {
+ push(@files,$_);
+
+ $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
+ if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; }
+ elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
+ elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; }
+ elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; }
+ elsif ($_ =~ /bf/) { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
+ print $t;
+ }
+
+print "\t{0,NULL,NULL}\n\t};\n";
+print "#endif\n\n";
+
+open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
+print OUT "#!/bin/sh\nfor i in ";
+foreach (@files)
+ { print OUT $_." "; }
+print OUT <<'EOF';
+
+do
+echo making symlink for $i
+/bin/rm -f $i
+ln -s ssleay $i
+done
+EOF
+close(OUT);
+chmod(0755,$mkprog);
+
+open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
+print OUT "#!/bin/sh\nfor i in ";
+foreach (@files)
+ { print OUT $_." "; }
+print OUT <<'EOF';
+
+do
+echo removing $i
+/bin/rm -f $i
+done
+EOF
+close(OUT);
+chmod(0755,$rmprog);
diff --git a/apps/gendh.c b/apps/gendh.c
new file mode 100644
index 0000000..b7b6d0f
--- /dev/null
+++ b/apps/gendh.c
@@ -0,0 +1,234 @@
+/* apps/gendh.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "bio.h"
+#include "rand.h"
+#include "err.h"
+#include "bn.h"
+#include "dh.h"
+#include "x509.h"
+#include "pem.h"
+
+#define DEFBITS 512
+#undef PROG
+#define PROG gendh_main
+
+#ifndef NOPROTO
+static void MS_CALLBACK dh_cb(int p, int n);
+static long dh_load_rand(char *names);
+#else
+static void MS_CALLBACK dh_cb();
+static long dh_load_rand();
+#endif
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ char buffer[200];
+ DH *dh=NULL;
+ int ret=1,num=DEFBITS;
+ int g=2;
+ char *outfile=NULL;
+ char *inrand=NULL,*randfile;
+ BIO *out=NULL;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ argv++;
+ argc--;
+ for (;;)
+ {
+ if (argc <= 0) break;
+ if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-2") == 0)
+ g=2;
+ /* else if (strcmp(*argv,"-3") == 0)
+ g=3; */
+ else if (strcmp(*argv,"-5") == 0)
+ g=5;
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+ else
+ break;
+ argv++;
+ argc--;
+ }
+ if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
+ {
+bad:
+ BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
+ BIO_printf(bio_err," -out file - output the key to 'file\n");
+ BIO_printf(bio_err," -2 use 2 as the generator value\n");
+ /* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */
+ BIO_printf(bio_err," -5 use 5 as the generator value\n");
+ BIO_printf(bio_err," -rand file:file:...\n");
+ BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
+ goto end;
+ }
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ randfile=RAND_file_name(buffer,200);
+ if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
+ BIO_printf(bio_err,"unable to load 'random state'\n");
+
+ if (inrand == NULL)
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ else
+ {
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ dh_load_rand(inrand));
+ }
+
+ BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
+ BIO_printf(bio_err,"This is going to take a long time\n");
+ dh=DH_generate_parameters(num,g,dh_cb);
+
+ if (dh == NULL) goto end;
+
+ if (randfile == NULL)
+ BIO_printf(bio_err,"unable to write 'random state'\n");
+ else
+ RAND_write_file(randfile);
+
+ if (!PEM_write_bio_DHparams(out,dh))
+ goto end;
+ ret=0;
+end:
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (out != NULL) BIO_free(out);
+ if (dh != NULL) DH_free(dh);
+ EXIT(ret);
+ }
+
+static void MS_CALLBACK dh_cb(p, n)
+int p;
+int n;
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(bio_err,&c,1);
+ BIO_flush(bio_err);
+#ifdef LINT
+ p=n;
+#endif
+ }
+
+static long dh_load_rand(name)
+char *name;
+ {
+ char *p,*n;
+ int last;
+ long tot=0;
+
+ for (;;)
+ {
+ last=0;
+ for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+ if (*p == '\0') last=1;
+ *p='\0';
+ n=name;
+ name=p+1;
+ if (*n == '\0') break;
+
+ tot+=RAND_load_file(n,1);
+ if (last) break;
+ }
+ return(tot);
+ }
+
+
diff --git a/apps/gendsa.c b/apps/gendsa.c
new file mode 100644
index 0000000..35f299a
--- /dev/null
+++ b/apps/gendsa.c
@@ -0,0 +1,220 @@
+/* apps/gendsa.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "bio.h"
+#include "rand.h"
+#include "err.h"
+#include "bn.h"
+#include "dsa.h"
+#include "x509.h"
+#include "pem.h"
+
+#define DEFBITS 512
+#undef PROG
+#define PROG gendsa_main
+
+#ifndef NOPROTO
+static long dsa_load_rand(char *names);
+#else
+static long dsa_load_rand();
+#endif
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ char buffer[200];
+ DSA *dsa=NULL;
+ int ret=1,num=DEFBITS;
+ char *outfile=NULL;
+ char *inrand=NULL,*randfile,*dsaparams=NULL;
+ BIO *out=NULL,*in=NULL;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ argv++;
+ argc--;
+ for (;;)
+ {
+ if (argc <= 0) break;
+ if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+ else if (strcmp(*argv,"-") == 0)
+ goto bad;
+ else if (dsaparams == NULL)
+ {
+ dsaparams= *argv;
+ }
+ else
+ goto bad;
+ argv++;
+ argc--;
+ }
+
+ if (dsaparams == NULL)
+ {
+bad:
+ BIO_printf(bio_err,"usage: gendsa [args] [numbits]\n");
+ BIO_printf(bio_err," -out file - output the key to 'file\n");
+ BIO_printf(bio_err," -rand file:file:...\n");
+ BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
+ goto end;
+ }
+
+ in=BIO_new(BIO_s_file());
+ if (!(BIO_read_filename(in,"r")))
+ {
+ perror(dsaparams);
+ goto end;
+ }
+
+ if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DSA parameter file\n");
+ goto end;
+ }
+ BIO_free(in);
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL) goto end;
+
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ randfile=RAND_file_name(buffer,200);
+ if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
+ BIO_printf(bio_err,"unable to load 'random state'\n");
+
+ if (inrand == NULL)
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ else
+ {
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ dsa_load_rand(inrand));
+ }
+
+ BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+ BIO_printf(bio_err,"This could take some time\n");
+ if (!DSA_generate_key(dsa)) goto end;
+
+ if (randfile == NULL)
+ BIO_printf(bio_err,"unable to write 'random state'\n");
+ else
+ RAND_write_file(randfile);
+
+ if (!PEM_write_bio_DSAPrivateKey(out,dsa,EVP_des_ede3_cbc(),NULL,0,NULL))
+ goto end;
+ ret=0;
+end:
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (out != NULL) BIO_free(out);
+ if (dsa != NULL) DSA_free(dsa);
+ EXIT(ret);
+ }
+
+static long dsa_load_rand(name)
+char *name;
+ {
+ char *p,*n;
+ int last;
+ long tot=0;
+
+ for (;;)
+ {
+ last=0;
+ for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+ if (*p == '\0') last=1;
+ *p='\0';
+ n=name;
+ name=p+1;
+ if (*n == '\0') break;
+
+ tot+=RAND_load_file(n,1);
+ if (last) break;
+ }
+ return(tot);
+ }
+
+
diff --git a/apps/genrsa.c b/apps/genrsa.c
new file mode 100644
index 0000000..9731754
--- /dev/null
+++ b/apps/genrsa.c
@@ -0,0 +1,277 @@
+/* apps/genrsa.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "bio.h"
+#include "rand.h"
+#include "err.h"
+#include "bn.h"
+#include "rsa.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+
+#define DEFBITS 512
+#undef PROG
+#define PROG genrsa_main
+
+#ifndef NOPROTO
+static void MS_CALLBACK genrsa_cb(int p, int n);
+static long gr_load_rand(char *names);
+#else
+static void MS_CALLBACK genrsa_cb();
+static long gr_load_rand();
+#endif
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int ret=1;
+ char buffer[200];
+ RSA *rsa=NULL;
+ int i,num=DEFBITS;
+ long rnum=0,l;
+ EVP_CIPHER *enc=NULL;
+ unsigned long f4=RSA_F4;
+ char *outfile=NULL;
+ char *inrand=NULL,*randfile;
+ BIO *out=NULL;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+ if ((out=BIO_new(BIO_s_file())) == NULL)
+ {
+ BIO_printf(bio_err,"unable to creat BIO for output\n");
+ goto err;
+ }
+
+ argv++;
+ argc--;
+ for (;;)
+ {
+ if (argc <= 0) break;
+ if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-3") == 0)
+ f4=3;
+ else if (strcmp(*argv,"-F4") == 0)
+ f4=RSA_F4;
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+#ifndef NO_DES
+ else if (strcmp(*argv,"-des") == 0)
+ enc=EVP_des_cbc();
+ else if (strcmp(*argv,"-des3") == 0)
+ enc=EVP_des_ede3_cbc();
+#endif
+#ifndef NO_IDEA
+ else if (strcmp(*argv,"-idea") == 0)
+ enc=EVP_idea_cbc();
+#endif
+ else
+ break;
+ argv++;
+ argc--;
+ }
+ if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
+ {
+bad:
+ BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
+ BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
+ BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+#ifndef NO_IDEA
+ BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
+#endif
+ BIO_printf(bio_err," -out file - output the key to 'file\n");
+ BIO_printf(bio_err," -f4 - use F4 (0x10001) for the E value\n");
+ BIO_printf(bio_err," -3 - use 3 for the E value\n");
+ BIO_printf(bio_err," -rand file:file:...\n");
+ BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
+ goto err;
+ }
+
+ ERR_load_crypto_strings();
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto err;
+ }
+ }
+
+#ifdef WINDOWS
+ BIO_printf(bio_err,"Loading 'screen' into random state -");
+ BIO_flush(bio_err);
+ RAND_screen();
+ BIO_printf(bio_err," done\n");
+#endif
+ randfile=RAND_file_name(buffer,200);
+ if ((randfile == NULL) ||
+ !(rnum=(long)RAND_load_file(randfile,1024L*1024L)))
+ {
+ BIO_printf(bio_err,"unable to load 'random state'\n");
+ }
+
+ if (inrand == NULL)
+ {
+ if (rnum == 0)
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ }
+ else
+ {
+ rnum+=gr_load_rand(inrand);
+ }
+ if (rnum != 0)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",rnum);
+
+ BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
+ num);
+ rsa=RSA_generate_key(num,f4,genrsa_cb);
+
+ if (randfile == NULL)
+ BIO_printf(bio_err,"unable to write 'random state'\n");
+ else
+ RAND_write_file(randfile);
+
+ if (rsa == NULL) goto err;
+
+ /* We need to do the folloing for when the base number size is <
+ * long, esp windows 3.1 :-(. */
+ l=0L;
+ for (i=0; i<rsa->e->top; i++)
+ {
+#ifndef SIXTY_FOUR_BIT
+ l<<=BN_BITS4;
+ l<<=BN_BITS4;
+#endif
+ l+=rsa->e->d[i];
+ }
+ BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
+ if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL))
+ goto err;
+
+ ret=0;
+err:
+ if (rsa != NULL) RSA_free(rsa);
+ if (out != NULL) BIO_free(out);
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ EXIT(ret);
+ }
+
+static void MS_CALLBACK genrsa_cb(p, n)
+int p;
+int n;
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(bio_err,&c,1);
+ BIO_flush(bio_err);
+#ifdef LINT
+ p=n;
+#endif
+ }
+
+static long gr_load_rand(name)
+char *name;
+ {
+ char *p,*n;
+ int last;
+ long tot=0;
+
+ for (;;)
+ {
+ last=0;
+ for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+ if (*p == '\0') last=1;
+ *p='\0';
+ n=name;
+ name=p+1;
+ if (*n == '\0') break;
+
+ tot+=RAND_load_file(n,1024L*1024L);
+ if (last) break;
+ }
+ return(tot);
+ }
+
+
diff --git a/apps/mklinks b/apps/mklinks
new file mode 100644
index 0000000..6423613
--- /dev/null
+++ b/apps/mklinks
@@ -0,0 +1,7 @@
+#!/bin/sh
+for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb
+do
+echo making symlink for $i
+/bin/rm -f $i
+ln -s ssleay $i
+done
diff --git a/apps/openssl.c b/apps/openssl.c
new file mode 100644
index 0000000..f69f14a
--- /dev/null
+++ b/apps/openssl.c
@@ -0,0 +1,339 @@
+/* apps/ssleay.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define DEBUG
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "bio.h"
+#include "crypto.h"
+#include "lhash.h"
+#include "conf.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl.h"
+#define SSLEAY /* turn off a few special case MONOLITH macros */
+#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+#define SSLEAY_SRC
+#include "apps.h"
+#include "s_apps.h"
+#include "err.h"
+
+
+#ifndef NOPROTO
+static unsigned long MS_CALLBACK hash(FUNCTION *a);
+static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+static LHASH *prog_init(void );
+static int do_cmd(LHASH *prog,int argc,char *argv[]);
+static void sig_stop(int i);
+#else
+static unsigned long MS_CALLBACK hash();
+static int MS_CALLBACK cmp();
+static LHASH *prog_init();
+static int do_cmd();
+static void sig_stop();
+#endif
+
+LHASH *config=NULL;
+char *default_config_file=NULL;
+
+#ifdef DEBUG
+static void sig_stop(i)
+int i;
+ {
+ char *a=NULL;
+
+ *a='\0';
+ }
+#endif
+
+/* Make sure there is only one when MONOLITH is defined */
+#ifdef MONOLITH
+BIO *bio_err=NULL;
+#endif
+
+int main(Argc,Argv)
+int Argc;
+char *Argv[];
+ {
+ ARGS arg;
+#define PROG_NAME_SIZE 16
+ char pname[PROG_NAME_SIZE];
+ FUNCTION f,*fp;
+ MS_STATIC char *prompt,buf[1024],config_name[256];
+ int n,i,ret=0;
+ int argc;
+ char **argv,*p;
+ LHASH *prog=NULL;
+ long errline;
+
+ arg.data=NULL;
+ arg.count=0;
+
+ /* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
+ apps_startup();
+
+#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
+#ifdef SIGBUS
+ signal(SIGBUS,sig_stop);
+#endif
+#ifdef SIGSEGV
+ signal(SIGSEGV,sig_stop);
+#endif
+#endif
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ ERR_load_crypto_strings();
+
+ /* Lets load up our environment a little */
+ p=getenv("SSLEAY_CONF");
+ if (p == NULL)
+ {
+ strcpy(config_name,X509_get_default_cert_area());
+ strcat(config_name,"/lib/");
+ strcat(config_name,SSLEAY_CONF);
+ p=config_name;
+ }
+
+ default_config_file=p;
+
+ config=CONF_load(config,p,&errline);
+ if (config == NULL) ERR_clear_error();
+
+ prog=prog_init();
+
+ /* first check the program name */
+ program_name(Argv[0],pname,PROG_NAME_SIZE);
+
+ f.name=pname;
+ fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
+ if (fp != NULL)
+ {
+ Argv[0]=pname;
+ ret=fp->func(Argc,Argv);
+ goto end;
+ }
+
+ /* ok, now check that there are not arguments, if there are,
+ * run with them, shifting the ssleay off the front */
+ if (Argc != 1)
+ {
+ Argc--;
+ Argv++;
+ ret=do_cmd(prog,Argc,Argv);
+ if (ret < 0) ret=0;
+ goto end;
+ }
+
+ /* ok, lets enter the old 'SSLeay>' mode */
+
+ for (;;)
+ {
+ ret=0;
+ p=buf;
+ n=1024;
+ i=0;
+ for (;;)
+ {
+ p[0]='\0';
+ if (i++)
+ prompt=">";
+ else prompt="SSLeay>";
+ fputs(prompt,stdout);
+ fflush(stdout);
+ fgets(p,n,stdin);
+ if (p[0] == '\0') goto end;
+ i=strlen(p);
+ if (i <= 1) break;
+ if (p[i-2] != '\\') break;
+ i-=2;
+ p+=i;
+ n-=i;
+ }
+ if (!chopup_args(&arg,buf,&argc,&argv)) break;
+
+ ret=do_cmd(prog,argc,argv);
+ if (ret < 0)
+ {
+ ret=0;
+ goto end;
+ }
+ if (ret != 0)
+ BIO_printf(bio_err,"error in %s\n",argv[0]);
+ }
+ BIO_printf(bio_err,"bad exit\n");
+ ret=1;
+end:
+ if (config != NULL)
+ {
+ CONF_free(config);
+ config=NULL;
+ }
+ if (prog != NULL) lh_free(prog);
+ if (arg.data != NULL) Free(arg.data);
+ ERR_remove_state(0);
+
+ EVP_cleanup();
+
+ CRYPTO_mem_leaks(bio_err);
+ if (bio_err != NULL)
+ {
+ BIO_free(bio_err);
+ bio_err=NULL;
+ }
+ EXIT(ret);
+ }
+
+static int do_cmd(prog,argc,argv)
+LHASH *prog;
+int argc;
+char *argv[];
+ {
+ FUNCTION f,*fp;
+ int i,ret=1,tp,nl;
+
+ if ((argc <= 0) || (argv[0] == NULL))
+ { ret=0; goto end; }
+ f.name=argv[0];
+ fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
+ if (fp != NULL)
+ {
+ ret=fp->func(argc,argv);
+ }
+ else if ((strcmp(argv[0],"quit") == 0) ||
+ (strcmp(argv[0],"q") == 0) ||
+ (strcmp(argv[0],"exit") == 0) ||
+ (strcmp(argv[0],"bye") == 0))
+ {
+ ret= -1;
+ goto end;
+ }
+ else
+ {
+ BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
+ argv[0]);
+ i=0;
+ fp=functions;
+ tp=0;
+ for (fp=functions; fp->name != NULL; fp++)
+ {
+ nl=0;
+ if (((i++) % 5) == 0)
+ {
+ BIO_printf(bio_err,"\n");
+ nl=1;
+ }
+ if (fp->type != tp)
+ {
+ tp=fp->type;
+ if (!nl) BIO_printf(bio_err,"\n");
+ if (tp == FUNC_TYPE_MD)
+ {
+ i=1;
+ BIO_printf(bio_err,
+ "Message Digest commands - see the dgst command for more details\n");
+ }
+ else if (tp == FUNC_TYPE_CIPHER)
+ {
+ i=1;
+ BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
+ }
+ }
+ BIO_printf(bio_err,"%-15s",fp->name);
+ }
+ BIO_printf(bio_err,"\nquit\n");
+ ret=0;
+ }
+end:
+ return(ret);
+ }
+
+static LHASH *prog_init()
+ {
+ LHASH *ret;
+ FUNCTION *f;
+
+ if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
+
+ for (f=functions; f->name != NULL; f++)
+ lh_insert(ret,(char *)f);
+ return(ret);
+ }
+
+static int MS_CALLBACK cmp(a,b)
+FUNCTION *a,*b;
+ {
+ return(strncmp(a->name,b->name,8));
+ }
+
+static unsigned long MS_CALLBACK hash(a)
+FUNCTION *a;
+ {
+ return(lh_strhash(a->name));
+ }
+
+#undef SSLEAY
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
new file mode 100644
index 0000000..0b3bfa6
--- /dev/null
+++ b/apps/openssl.cnf
@@ -0,0 +1,116 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE = $ENV::HOME/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem# The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = x509v3_extensions # The extentions to add to the cert
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = md5 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = CryptSoft Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 40
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ x509v3_extensions ]
+
+nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
+nsComment = "This is a comment"
+
+# under ASN.1, the 0 bit would be encoded as 80
+nsCertType = 0x40
+
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+#nsCertSequence
+#nsCertExt
+#nsDataType
+
diff --git a/apps/pca-cert.srl b/apps/pca-cert.srl
new file mode 100644
index 0000000..8a0f05e
--- /dev/null
+++ b/apps/pca-cert.srl
@@ -0,0 +1 @@
+01
diff --git a/apps/pca-key.pem b/apps/pca-key.pem
new file mode 100644
index 0000000..20029ab
--- /dev/null
+++ b/apps/pca-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
diff --git a/apps/pca-req.pem b/apps/pca-req.pem
new file mode 100644
index 0000000..33f1553
--- /dev/null
+++ b/apps/pca-req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo
+MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj
+Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX
+MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3
+vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz
+IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv
+wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L
+Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV
+-----END CERTIFICATE REQUEST-----
diff --git a/apps/pem_mail.c b/apps/pem_mail.c
new file mode 100644
index 0000000..e48c358
--- /dev/null
+++ b/apps/pem_mail.c
@@ -0,0 +1,170 @@
+/* apps/pem_mail.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "rsa.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "err.h"
+#include "pem.h"
+#include "apps.h"
+
+#undef PROG
+#define PROG pem_mail_main
+
+static char *usage[]={
+"usage: pem_mail args\n",
+"\n",
+" -in arg - input file - default stdin\n",
+" -out arg - output file - default stdout\n",
+" -cert arg - the certificate to use\n",
+" -key arg - the private key to use\n",
+" -MIC - sign the message\n",
+" -enc arg - encrypt with one of cbc-des\n",
+NULL
+};
+
+
+typedef struct lines_St
+ {
+ char *line;
+ struct lines_st *next;
+ } LINES;
+
+int main(argc, argv)
+int argc;
+char **argv;
+ {
+ FILE *in;
+ RSA *rsa=NULL;
+ EVP_MD_CTX ctx;
+ unsigned int mic=0,i,n;
+ unsigned char buf[1024*15];
+ char *prog,*infile=NULL,*outfile=NULL,*key=NULL;
+ int badops=0;
+
+ apps_startup();
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ key= *(++argv);
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-mic") == 0)
+ mic=1;
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ EXIT(1);
+ }
+
+ if (key == NULL)
+ { BIO_printf(bio_err,"you need to specify a key\n"); EXIT(1); }
+ in=fopen(key,"r");
+ if (in == NULL) { perror(key); EXIT(1); }
+ rsa=PEM_read_RSAPrivateKey(in,NULL,NULL);
+ if (rsa == NULL)
+ {
+ BIO_printf(bio_err,"unable to load Private Key\n");
+ ERR_print_errors(bio_err);
+ EXIT(1);
+ }
+ fclose(in);
+
+ PEM_SignInit(&ctx,EVP_md5());
+ for (;;)
+ {
+ i=fread(buf,1,1024*10,stdin);
+ if (i <= 0) break;
+ PEM_SignUpdate(&ctx,buf,i);
+ }
+ if (!PEM_SignFinal(&ctx,buf,&n,rsa)) goto err;
+ BIO_printf(bio_err,"%s\n",buf);
+ EXIT(0);
+err:
+ ERR_print_errors(bio_err);
+ EXIT(1);
+ }
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
new file mode 100644
index 0000000..47bd756
--- /dev/null
+++ b/apps/pkcs7.c
@@ -0,0 +1,313 @@
+/* apps/pkcs7.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "err.h"
+#include "objects.h"
+#include "evp.h"
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG pkcs7_main
+
+/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -des - encrypt output if PEM format with DES in cbc mode
+ * -des3 - encrypt output if PEM format
+ * -idea - encrypt output if PEM format
+ * -print_certs
+ */
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ PKCS7 *p7=NULL;
+ int i,badops=0;
+ EVP_CIPHER *enc=NULL;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat;
+ char *infile,*outfile,*prog,buf[256];
+ int print_certs=0;
+ int ret=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-print_certs") == 0)
+ print_certs=1;
+#ifndef NO_DES
+ else if (strcmp(*argv,"-des") == 0)
+ enc=EVP_des_cbc();
+ else if (strcmp(*argv,"-des3") == 0)
+ enc=EVP_des_ede3_cbc();
+#endif
+#ifndef NO_IDEA
+ else if (strcmp(*argv,"-idea") == 0)
+ enc=EVP_idea_cbc();
+#endif
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -in arg inout file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
+ BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef NO_IDEA
+ BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
+#endif
+ EXIT(1);
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ if (in == NULL)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ p7=d2i_PKCS7_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ p7=PEM_read_bio_PKCS7(in,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
+ goto end;
+ }
+ if (p7 == NULL)
+ {
+ BIO_printf(bio_err,"unable to load PKCS7 object\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (print_certs)
+ {
+ STACK *certs=NULL;
+ STACK *crls=NULL;
+
+ i=OBJ_obj2nid(p7->type);
+ switch (i)
+ {
+ case NID_pkcs7_signed:
+ certs=p7->d.sign->cert;
+ crls=p7->d.sign->crl;
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ certs=p7->d.signed_and_enveloped->cert;
+ crls=p7->d.signed_and_enveloped->crl;
+ break;
+ default:
+ break;
+ }
+
+ if (certs != NULL)
+ {
+ X509 *x;
+
+ for (i=0; i<sk_num(certs); i++)
+ {
+ x=(X509 *)sk_value(certs,i);
+
+ X509_NAME_oneline(X509_get_subject_name(x),
+ buf,256);
+ BIO_puts(out,"subject=");
+ BIO_puts(out,buf);
+
+ X509_NAME_oneline(X509_get_issuer_name(x),
+ buf,256);
+ BIO_puts(out,"\nissuer= ");
+ BIO_puts(out,buf);
+ BIO_puts(out,"\n");
+
+ PEM_write_bio_X509(out,x);
+ BIO_puts(out,"\n");
+ }
+ }
+ if (crls != NULL)
+ {
+ X509_CRL *crl;
+
+ for (i=0; i<sk_num(crls); i++)
+ {
+ crl=(X509_CRL *)sk_value(crls,i);
+
+ X509_NAME_oneline(crl->crl->issuer,buf,256);
+ BIO_puts(out,"issuer= ");
+ BIO_puts(out,buf);
+
+ BIO_puts(out,"\nlast update=");
+ ASN1_UTCTIME_print(out,crl->crl->lastUpdate);
+ BIO_puts(out,"\nnext update=");
+ ASN1_UTCTIME_print(out,crl->crl->nextUpdate);
+ BIO_puts(out,"\n");
+
+ PEM_write_bio_X509_CRL(out,crl);
+ BIO_puts(out,"\n");
+ }
+ }
+
+ ret=0;
+ goto end;
+ }
+
+ if (outformat == FORMAT_ASN1)
+ i=i2d_PKCS7_bio(out,p7);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_PKCS7(out,p7);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write pkcs7 object\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret=0;
+end:
+ if (p7 != NULL) PKCS7_free(p7);
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ EXIT(ret);
+ }
diff --git a/apps/privkey.pem b/apps/privkey.pem
new file mode 100644
index 0000000..8308004
--- /dev/null
+++ b/apps/privkey.pem
@@ -0,0 +1,15 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2221AF3DAA41AB24
+
+IOx3ubYOV2SETDSWiuG4bsioEl7jA2CulYKAJvIfy8z5GI+08NwptNOUqbMhDV1s
+156KhUvBvG48uz9mxcOyHjZRD0HNixGNMXDaFJSajINFoGtmYZRc20DEoY6buzsi
+E76GK95cJHsjJsdNrdggIJRTaiLayLzsMFVDrKhmaJVTKlBpcdnFM4BEKSyD2H5N
+OllrfK6GgmlH+WVXU9AlXoy5Jm0YXT7i5bPCB5eDDL/GkTISFHZsnEYpHCrMARsw
+5V15dYEwFc6NA/psBGk1qS2CHVIOYNcfCfndR90+UCos+rMBkcQDfvxI95+L8dbS
+ONJJrUqiCHV/zYSE+aXZN001mJJLvHOW65YbgdwSOfiowcv7HPbFrGdwOOJvSEx2
+d571YvqfsaDojwR5KLgfFDSwVBwzo/mfcFeVrT9Q8LwPL4/dwwoElWTmYbSaW0uZ
+Ov73xRUbVGa5LTJoGbFVMvjpmEO2qtBsx7vq9AT8v8gDzYSuEafyC7d0h85EIfTJ
+wPlIN3xKTiqFpp/eFCkdKqNn826NoC1TgQuoCBIrJ8gZsIr1l8R+iAuGxKGPASoF
+cyqnpcqGgaaTrxnk9cX4dQ==
+-----END DSA PRIVATE KEY-----
diff --git a/apps/progs.h b/apps/progs.h
new file mode 100644
index 0000000..50e2ca4
--- /dev/null
+++ b/apps/progs.h
@@ -0,0 +1,223 @@
+#ifndef NOPROTO
+extern int verify_main(int argc,char *argv[]);
+extern int asn1parse_main(int argc,char *argv[]);
+extern int req_main(int argc,char *argv[]);
+extern int dgst_main(int argc,char *argv[]);
+extern int dh_main(int argc,char *argv[]);
+extern int enc_main(int argc,char *argv[]);
+extern int gendh_main(int argc,char *argv[]);
+extern int gendsa_main(int argc,char *argv[]);
+extern int errstr_main(int argc,char *argv[]);
+extern int ca_main(int argc,char *argv[]);
+extern int crl_main(int argc,char *argv[]);
+extern int rsa_main(int argc,char *argv[]);
+extern int dsa_main(int argc,char *argv[]);
+extern int dsaparam_main(int argc,char *argv[]);
+extern int x509_main(int argc,char *argv[]);
+extern int genrsa_main(int argc,char *argv[]);
+extern int s_server_main(int argc,char *argv[]);
+extern int s_client_main(int argc,char *argv[]);
+extern int speed_main(int argc,char *argv[]);
+extern int s_time_main(int argc,char *argv[]);
+extern int version_main(int argc,char *argv[]);
+extern int pkcs7_main(int argc,char *argv[]);
+extern int crl2pkcs7_main(int argc,char *argv[]);
+extern int sess_id_main(int argc,char *argv[]);
+extern int ciphers_main(int argc,char *argv[]);
+#else
+extern int verify_main();
+extern int asn1parse_main();
+extern int req_main();
+extern int dgst_main();
+extern int dh_main();
+extern int enc_main();
+extern int gendh_main();
+extern int gendsa_main();
+extern int errstr_main();
+extern int ca_main();
+extern int crl_main();
+extern int rsa_main();
+extern int dsa_main();
+extern int dsaparam_main();
+extern int x509_main();
+extern int genrsa_main();
+extern int s_server_main();
+extern int s_client_main();
+extern int speed_main();
+extern int s_time_main();
+extern int version_main();
+extern int pkcs7_main();
+extern int crl2pkcs7_main();
+extern int sess_id_main();
+extern int ciphers_main();
+#endif
+
+#ifdef SSLEAY_SRC
+
+#define FUNC_TYPE_GENERAL 1
+#define FUNC_TYPE_MD 2
+#define FUNC_TYPE_CIPHER 3
+
+typedef struct {
+ int type;
+ char *name;
+ int (*func)();
+ } FUNCTION;
+
+FUNCTION functions[] = {
+ {FUNC_TYPE_GENERAL,"verify",verify_main},
+ {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
+#ifndef NO_RSA
+ {FUNC_TYPE_GENERAL,"req",req_main},
+#endif
+ {FUNC_TYPE_GENERAL,"dgst",dgst_main},
+#ifndef NO_DH
+ {FUNC_TYPE_GENERAL,"dh",dh_main},
+#endif
+ {FUNC_TYPE_GENERAL,"enc",enc_main},
+#ifndef NO_DH
+ {FUNC_TYPE_GENERAL,"gendh",gendh_main},
+#endif
+#ifndef NO_DSA
+ {FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
+#endif
+ {FUNC_TYPE_GENERAL,"errstr",errstr_main},
+#ifndef NO_RSA
+ {FUNC_TYPE_GENERAL,"ca",ca_main},
+#endif
+ {FUNC_TYPE_GENERAL,"crl",crl_main},
+#ifndef NO_RSA
+ {FUNC_TYPE_GENERAL,"rsa",rsa_main},
+#endif
+#ifndef NO_DSA
+ {FUNC_TYPE_GENERAL,"dsa",dsa_main},
+#endif
+#ifndef NO_DSA
+ {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
+#endif
+#ifndef NO_RSA
+ {FUNC_TYPE_GENERAL,"x509",x509_main},
+#endif
+#ifndef NO_RSA
+ {FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
+#endif
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+ {FUNC_TYPE_GENERAL,"s_server",s_server_main},
+#endif
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+ {FUNC_TYPE_GENERAL,"s_client",s_client_main},
+#endif
+ {FUNC_TYPE_GENERAL,"speed",speed_main},
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+ {FUNC_TYPE_GENERAL,"s_time",s_time_main},
+#endif
+ {FUNC_TYPE_GENERAL,"version",version_main},
+ {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
+ {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
+ {FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+ {FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
+#endif
+ {FUNC_TYPE_MD,"md2",dgst_main},
+ {FUNC_TYPE_MD,"md5",dgst_main},
+ {FUNC_TYPE_MD,"sha",dgst_main},
+ {FUNC_TYPE_MD,"sha1",dgst_main},
+ {FUNC_TYPE_MD,"mdc2",dgst_main},
+ {FUNC_TYPE_CIPHER,"base64",enc_main},
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des3",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"desx",enc_main},
+#endif
+#ifndef NO_IDEA
+ {FUNC_TYPE_CIPHER,"idea",enc_main},
+#endif
+#ifndef NO_RC4
+ {FUNC_TYPE_CIPHER,"rc4",enc_main},
+#endif
+#ifndef NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2",enc_main},
+#endif
+#ifndef NO_BLOWFISH
+ {FUNC_TYPE_CIPHER,"bf",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-ecb",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede3",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-cbc",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-cfb",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-ofb",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
+#endif
+#ifndef NO_DES
+ {FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
+#endif
+#ifndef NO_IDEA
+ {FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
+#endif
+#ifndef NO_IDEA
+ {FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
+#endif
+#ifndef NO_IDEA
+ {FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
+#endif
+#ifndef NO_IDEA
+ {FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
+#endif
+#ifndef NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
+#endif
+#ifndef NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
+#endif
+#ifndef NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
+#endif
+#ifndef NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
+#endif
+#ifndef NO_BLOWFISH
+ {FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
+#endif
+#ifndef NO_BLOWFISH
+ {FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
+#endif
+#ifndef NO_BLOWFISH
+ {FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
+#endif
+#ifndef NO_BLOWFISH
+ {FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
+#endif
+ {0,NULL,NULL}
+ };
+#endif
+
diff --git a/apps/progs.pl b/apps/progs.pl
new file mode 100644
index 0000000..237dd4c
--- /dev/null
+++ b/apps/progs.pl
@@ -0,0 +1,110 @@
+#!/usr/local/bin/perl
+
+$mkprog='mklinks';
+$rmprog='rmlinks';
+
+print "#ifndef NOPROTO\n";
+
+grep(s/^asn1pars$/asn1parse/,@ARGV);
+
+foreach (@ARGV)
+ { printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
+print "#else\n";
+foreach (@ARGV)
+ { printf "extern int %s_main();\n",$_; }
+print "#endif\n";
+
+
+print <<'EOF';
+
+#ifdef SSLEAY_SRC
+
+#define FUNC_TYPE_GENERAL 1
+#define FUNC_TYPE_MD 2
+#define FUNC_TYPE_CIPHER 3
+
+typedef struct {
+ int type;
+ char *name;
+ int (*func)();
+ } FUNCTION;
+
+FUNCTION functions[] = {
+EOF
+
+foreach (@ARGV)
+ {
+ push(@files,$_);
+ $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
+ if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
+ { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
+ ($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
+ { print "#ifndef NO_RSA\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
+ { print "#ifndef NO_DSA\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
+ { print "#ifndef NO_DH\n${str}#endif\n"; }
+ else
+ { print $str; }
+ }
+
+foreach ("md2","md5","sha","sha1","mdc2")
+ {
+ push(@files,$_);
+ printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
+ }
+
+foreach (
+ "base64",
+ "des", "des3", "desx", "idea", "rc4", "rc2","bf",
+ "des-ecb", "des-ede", "des-ede3",
+ "des-cbc", "des-ede-cbc","des-ede3-cbc",
+ "des-cfb", "des-ede-cfb","des-ede3-cfb",
+ "des-ofb", "des-ede-ofb","des-ede3-ofb",
+ "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
+ "rc2-cbc", "rc2-ecb", "rc2-cfb", "rc2-ofb",
+ "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb")
+ {
+ push(@files,$_);
+
+ $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
+ if ($_ =~ /des/) { $t="#ifndef NO_DES\n${t}#endif\n"; }
+ elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
+ elsif ($_ =~ /rc4/) { $t="#ifndef NO_RC4\n${t}#endif\n"; }
+ elsif ($_ =~ /rc2/) { $t="#ifndef NO_RC2\n${t}#endif\n"; }
+ elsif ($_ =~ /bf/) { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
+ print $t;
+ }
+
+print "\t{0,NULL,NULL}\n\t};\n";
+print "#endif\n\n";
+
+open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
+print OUT "#!/bin/sh\nfor i in ";
+foreach (@files)
+ { print OUT $_." "; }
+print OUT <<'EOF';
+
+do
+echo making symlink for $i
+/bin/rm -f $i
+ln -s ssleay $i
+done
+EOF
+close(OUT);
+chmod(0755,$mkprog);
+
+open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
+print OUT "#!/bin/sh\nfor i in ";
+foreach (@files)
+ { print OUT $_." "; }
+print OUT <<'EOF';
+
+do
+echo removing $i
+/bin/rm -f $i
+done
+EOF
+close(OUT);
+chmod(0755,$rmprog);
diff --git a/apps/req.c b/apps/req.c
new file mode 100644
index 0000000..9b6041e
--- /dev/null
+++ b/apps/req.c
@@ -0,0 +1,1097 @@
+/* apps/req.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include "bio.h"
+#include "evp.h"
+#include "rand.h"
+#include "conf.h"
+#include "err.h"
+#include "asn1.h"
+#include "x509.h"
+#include "objects.h"
+#include "pem.h"
+
+#define SECTION "req"
+
+#define BITS "default_bits"
+#define KEYFILE "default_keyfile"
+#define DISTINGUISHED_NAME "distinguished_name"
+#define ATTRIBUTES "attributes"
+
+#define DEFAULT_KEY_LENGTH 512
+#define MIN_KEY_LENGTH 384
+
+#undef PROG
+#define PROG req_main
+
+/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -verify - check request signature
+ * -noout - don't print stuff out.
+ * -text - print out human readable text.
+ * -nodes - no des encryption
+ * -config file - Load configuration file.
+ * -key file - make a request using key in file (or use it for verification).
+ * -keyform - key file format.
+ * -newkey - make a key and a request.
+ * -modulus - print RSA modulus.
+ * -x509 - output a self signed X509 structure instead.
+ * -asn1-kludge - output new certificate request in a format that some CA's
+ * require. This format is wrong
+ */
+
+#ifndef NOPROTO
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
+static int add_attribute_object(STACK *n, char *text, char *def,
+ char *value, int nid,int min,int max);
+static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
+ int nid,int min,int max);
+static void MS_CALLBACK req_cb(int p,int n);
+static int req_fix_data(int nid,int *type,int len,int min,int max);
+#else
+static int make_REQ();
+static int add_attribute_object();
+static int add_DN_object();
+static void MS_CALLBACK req_cb();
+static int req_fix_data();
+#endif
+
+#ifndef MONOLITH
+static char *default_config_file=NULL;
+static LHASH *config=NULL;
+#endif
+static LHASH *req_conf=NULL;
+
+#define TYPE_RSA 1
+#define TYPE_DSA 2
+#define TYPE_DH 3
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ DSA *dsa_params=NULL;
+ int ex=1,x509=0,days=30;
+ X509 *x509ss=NULL;
+ X509_REQ *req=NULL;
+ EVP_PKEY *pkey=NULL;
+ int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
+ int nodes=0,kludge=0;
+ char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+ EVP_CIPHER *cipher=NULL;
+ int modulus=0;
+ char *p;
+ EVP_MD *md_alg=NULL,*digest=EVP_md5();
+#ifndef MONOLITH
+ MS_STATIC char config_name[256];
+#endif
+
+#ifndef NO_DES
+ cipher=EVP_des_ede3_cbc();
+#endif
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-new") == 0)
+ {
+ pkey_type=TYPE_RSA;
+ newreq=1;
+ }
+ else if (strcmp(*argv,"-config") == 0)
+ {
+ if (--argc < 1) goto bad;
+ template= *(++argv);
+ }
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyform=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-keyout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyout= *(++argv);
+ }
+ else if (strcmp(*argv,"-newkey") == 0)
+ {
+ if (--argc < 1) goto bad;
+ p= *(++argv);
+ if ((strncmp("rsa:",p,4) == 0) ||
+ ((p[0] >= '0') && (p[0] <= '9')))
+ {
+ pkey_type=TYPE_RSA;
+ p+=4;
+ newkey= atoi(p);
+ }
+ else if (strncmp("dsa:",p,4) == 0)
+ {
+ X509 *xtmp=NULL;
+ EVP_PKEY *dtmp;
+
+ pkey_type=TYPE_DSA;
+ p+=4;
+ if ((in=BIO_new_file(p,"r")) == NULL)
+ {
+ perror(p);
+ goto end;
+ }
+ if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
+ {
+ ERR_clear_error();
+ BIO_reset(in);
+ if ((xtmp=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DSA parameters from file\n");
+ goto end;
+ }
+ dtmp=X509_get_pubkey(xtmp);
+ if (dtmp->type == EVP_PKEY_DSA)
+ dsa_params=DSAparams_dup(dtmp->pkey.dsa);
+ X509_free(xtmp);
+ if (dsa_params == NULL)
+ {
+ BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
+ goto end;
+ }
+
+ }
+ BIO_free(in);
+ newkey=BN_num_bits(dsa_params->p);
+ in=NULL;
+ }
+ else if (strncmp("dh:",p,4) == 0)
+ {
+ pkey_type=TYPE_DH;
+ p+=3;
+ }
+ else
+ pkey_type=TYPE_RSA;
+
+ newreq=1;
+ }
+ else if (strcmp(*argv,"-modulus") == 0)
+ modulus=1;
+ else if (strcmp(*argv,"-verify") == 0)
+ verify=1;
+ else if (strcmp(*argv,"-nodes") == 0)
+ nodes=1;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-x509") == 0)
+ x509=1;
+ else if (strcmp(*argv,"-asn1-kludge") == 0)
+ kludge=1;
+ else if (strcmp(*argv,"-no-asn1-kludge") == 0)
+ kludge=0;
+ else if (strcmp(*argv,"-days") == 0)
+ {
+ if (--argc < 1) goto bad;
+ days= atoi(*(++argv));
+ if (days == 0) days=30;
+ }
+ else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+ {
+ /* ok */
+ digest=md_alg;
+ }
+ else
+
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -in arg inout file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -text text form of request\n");
+ BIO_printf(bio_err," -noout do not output REQ\n");
+ BIO_printf(bio_err," -verify verify signature on REQ\n");
+ BIO_printf(bio_err," -modulus RSA modulus\n");
+ BIO_printf(bio_err," -nodes don't encrypt the output key\n");
+ BIO_printf(bio_err," -key file use the private key contained in file\n");
+ BIO_printf(bio_err," -keyform arg key file format\n");
+ BIO_printf(bio_err," -keyout arg file to send the key to\n");
+ BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
+ BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
+
+ BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n");
+ BIO_printf(bio_err," -config file request templace file.\n");
+ BIO_printf(bio_err," -new new request.\n");
+ BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
+ BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n");
+ BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
+ BIO_printf(bio_err," have been reported as requiring\n");
+ BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+#ifndef MONOLITH
+ /* Lets load up our environment a little */
+ p=getenv("SSLEAY_CONF");
+ if (p == NULL)
+ {
+ strcpy(config_name,X509_get_default_cert_area());
+ strcat(config_name,"/lib/");
+ strcat(config_name,SSLEAY_CONF);
+ p=config_name;
+ }
+ default_config_file=p;
+ config=CONF_load(config,p,NULL);
+#endif
+
+ if (template != NULL)
+ {
+ long errline;
+
+ BIO_printf(bio_err,"Using configuration from %s\n",template);
+ req_conf=CONF_load(NULL,template,&errline);
+ if (req_conf == NULL)
+ {
+ BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
+ goto end;
+ }
+ }
+ else
+ {
+ req_conf=config;
+ BIO_printf(bio_err,"Using configuration from %s\n",
+ default_config_file);
+ if (req_conf == NULL)
+ {
+ BIO_printf(bio_err,"Unable to load config info\n");
+ }
+ }
+
+ if ((md_alg == NULL) &&
+ ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
+ {
+ if ((md_alg=EVP_get_digestbyname(p)) != NULL)
+ digest=md_alg;
+ }
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ goto end;
+
+ if (keyfile != NULL)
+ {
+ if (BIO_read_filename(in,keyfile) <= 0)
+ {
+ perror(keyfile);
+ goto end;
+ }
+
+/* if (keyform == FORMAT_ASN1)
+ rsa=d2i_RSAPrivateKey_bio(in,NULL);
+ else */
+ if (keyform == FORMAT_PEM)
+ pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for X509 request\n");
+ goto end;
+ }
+
+ if (pkey == NULL)
+ {
+ BIO_printf(bio_err,"unable to load Private key\n");
+ goto end;
+ }
+ }
+
+ if (newreq && (pkey == NULL))
+ {
+ char *randfile;
+ char buffer[200];
+
+ if ((randfile=CONF_get_string(req_conf,SECTION,"RANDFILE")) == NULL)
+ randfile=RAND_file_name(buffer,200);
+#ifdef WINDOWS
+ BIO_printf(bio_err,"Loading 'screen' into random state -");
+ BIO_flush(bio_err);
+ RAND_screen();
+ BIO_printf(bio_err," done\n");
+#endif
+ if ((randfile == NULL) || !RAND_load_file(randfile,1024L*1024L))
+ {
+ BIO_printf(bio_err,"unable to load 'random state'\n");
+ BIO_printf(bio_err,"What this means is that the random number generator has not been seeded\n");
+ BIO_printf(bio_err,"with much random data.\n");
+ BIO_printf(bio_err,"Consider setting the RANDFILE environment variable to point at a file that\n");
+ BIO_printf(bio_err,"'random' data can be kept in.\n");
+ }
+ if (newkey <= 0)
+ {
+ newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
+ if (newkey <= 0)
+ newkey=DEFAULT_KEY_LENGTH;
+ }
+
+ if (newkey < MIN_KEY_LENGTH)
+ {
+ BIO_printf(bio_err,"private key length is too short,\n");
+ BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey);
+ goto end;
+ }
+ BIO_printf(bio_err,"Generating a %d bit %s private key\n",
+ newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA");
+
+ if ((pkey=EVP_PKEY_new()) == NULL) goto end;
+
+#ifndef NO_RSA
+ if (pkey_type == TYPE_RSA)
+ {
+ if (!EVP_PKEY_assign_RSA(pkey,
+ RSA_generate_key(newkey,0x10001,req_cb)))
+ goto end;
+ }
+ else
+#endif
+#ifndef NO_DSA
+ if (pkey_type == TYPE_DSA)
+ {
+ if (!DSA_generate_key(dsa_params)) goto end;
+ if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end;
+ dsa_params=NULL;
+ }
+#endif
+
+ if ((randfile == NULL) || (RAND_write_file(randfile) == 0))
+ BIO_printf(bio_err,"unable to write 'random state'\n");
+
+ if (pkey == NULL) goto end;
+
+ if (keyout == NULL)
+ keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
+
+ if (keyout == NULL)
+ {
+ BIO_printf(bio_err,"writing new private key to stdout\n");
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ }
+ else
+ {
+ BIO_printf(bio_err,"writing new private key to '%s'\n",keyout);
+ if (BIO_write_filename(out,keyout) <= 0)
+ {
+ perror(keyout);
+ goto end;
+ }
+ }
+
+ p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
+ if (p == NULL)
+ p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+ if ((p != NULL) && (strcmp(p,"no") == 0))
+ cipher=NULL;
+ if (nodes) cipher=NULL;
+
+ i=0;
+loop:
+ if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
+ NULL,0,NULL))
+ {
+ if ((ERR_GET_REASON(ERR_peek_error()) ==
+ PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
+ {
+ ERR_clear_error();
+ i++;
+ goto loop;
+ }
+ goto end;
+ }
+ BIO_printf(bio_err,"-----\n");
+ }
+
+ if (!newreq)
+ {
+ /* Since we are using a pre-existing certificate
+ * request, the kludge 'format' info should not be
+ * changed. */
+ kludge= -1;
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ req=d2i_X509_REQ_bio(in,NULL);
+ else if (informat == FORMAT_PEM)
+ req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for X509 request\n");
+ goto end;
+ }
+ if (req == NULL)
+ {
+ BIO_printf(bio_err,"unable to load X509 request\n");
+ goto end;
+ }
+ }
+
+ if (newreq || x509)
+ {
+ if (pkey->type == EVP_PKEY_DSA)
+ digest=EVP_dss1();
+
+ if (pkey == NULL)
+ {
+ BIO_printf(bio_err,"you need to specify a private key\n");
+ goto end;
+ }
+ if (req == NULL)
+ {
+ req=X509_REQ_new();
+ if (req == NULL)
+ {
+ goto end;
+ }
+
+ i=make_REQ(req,pkey,!x509);
+ if (kludge >= 0)
+ req->req_info->req_kludge=kludge;
+ if (!i)
+ {
+ BIO_printf(bio_err,"problems making Certificate Request\n");
+ goto end;
+ }
+ }
+ if (x509)
+ {
+ if ((x509ss=X509_new()) == NULL) goto end;
+
+ /* don't set the version number, for starters
+ * the field is null and second, null is v0
+ * if (!ASN1_INTEGER_set(ci->version,0L)) goto end;
+ */
+ ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
+
+ X509_set_issuer_name(x509ss,
+ X509_REQ_get_subject_name(req));
+ X509_gmtime_adj(X509_get_notBefore(x509ss),0);
+ X509_gmtime_adj(X509_get_notAfter(x509ss),
+ (long)60*60*24*days);
+ X509_set_subject_name(x509ss,
+ X509_REQ_get_subject_name(req));
+ X509_set_pubkey(x509ss,X509_REQ_get_pubkey(req));
+
+ if (!(i=X509_sign(x509ss,pkey,digest)))
+ goto end;
+ }
+ else
+ {
+ if (!(i=X509_REQ_sign(req,pkey,digest)))
+ goto end;
+ }
+ }
+
+ if (verify && !x509)
+ {
+ int tmp=0;
+
+ if (pkey == NULL)
+ {
+ pkey=X509_REQ_get_pubkey(req);
+ tmp=1;
+ if (pkey == NULL) goto end;
+ }
+
+ i=X509_REQ_verify(req,pkey);
+ if (tmp) pkey=NULL;
+
+ if (i < 0)
+ {
+ goto end;
+ }
+ else if (i == 0)
+ {
+ BIO_printf(bio_err,"verify failure\n");
+ }
+ else /* if (i > 0) */
+ BIO_printf(bio_err,"verify OK\n");
+ }
+
+ if (noout && !text && !modulus)
+ {
+ ex=0;
+ goto end;
+ }
+
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
+ i=(int)BIO_append_filename(out,outfile);
+ else
+ i=(int)BIO_write_filename(out,outfile);
+ if (!i)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (text)
+ {
+ if (x509)
+ X509_print(out,x509ss);
+ else
+ X509_REQ_print(out,req);
+ }
+
+ if (modulus)
+ {
+ EVP_PKEY *pubkey;
+
+ if (x509)
+ pubkey=X509_get_pubkey(x509ss);
+ else
+ pubkey=X509_REQ_get_pubkey(req);
+ if (pubkey == NULL)
+ {
+ fprintf(stdout,"Modulus=unavailable\n");
+ goto end;
+ }
+ fprintf(stdout,"Modulus=");
+ if (pubkey->type == EVP_PKEY_RSA)
+ BN_print(out,pubkey->pkey.rsa->n);
+ else
+ fprintf(stdout,"Wrong Algorithm type");
+ fprintf(stdout,"\n");
+ }
+
+ if (!noout && !x509)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_X509_REQ_bio(out,req);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_X509_REQ(out,req);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write X509 request\n");
+ goto end;
+ }
+ }
+ if (!noout && x509 && (x509ss != NULL))
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_X509_bio(out,x509ss);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_X509(out,x509ss);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write X509 certificate\n");
+ goto end;
+ }
+ }
+ ex=0;
+end:
+ if (ex)
+ {
+ ERR_print_errors(bio_err);
+ }
+ if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (pkey != NULL) EVP_PKEY_free(pkey);
+ if (req != NULL) X509_REQ_free(req);
+ if (x509ss != NULL) X509_free(x509ss);
+ if (dsa_params != NULL) DSA_free(dsa_params);
+ EXIT(ex);
+ }
+
+static int make_REQ(req,pkey,attribs)
+X509_REQ *req;
+EVP_PKEY *pkey;
+int attribs;
+ {
+ int ret=0,i,j;
+ unsigned char *p;
+ X509_REQ_INFO *ri;
+ char buf[100];
+ int nid,min,max;
+ char *type,*def,*tmp,*value,*tmp_attr;
+ STACK *sk,*attr=NULL;
+ CONF_VALUE *v;
+
+ tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+ if (tmp == NULL)
+ {
+ BIO_printf(bio_err,"unable to find '%s' in config\n",
+ DISTINGUISHED_NAME);
+ goto err;
+ }
+ sk=CONF_get_section(req_conf,tmp);
+ if (sk == NULL)
+ {
+ BIO_printf(bio_err,"unable to get '%s' section\n",tmp);
+ goto err;
+ }
+
+ tmp_attr=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
+ if (tmp_attr == NULL)
+ attr=NULL;
+ else
+ {
+ attr=CONF_get_section(req_conf,tmp_attr);
+ if (attr == NULL)
+ {
+ BIO_printf(bio_err,"unable to get '%s' section\n",tmp_attr);
+ goto err;
+ }
+ }
+
+ ri=req->req_info;
+
+ BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
+ BIO_printf(bio_err,"into your certificate request.\n");
+ BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
+ BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
+ BIO_printf(bio_err,"For some fields there will be a default value,\n");
+ BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
+ BIO_printf(bio_err,"-----\n");
+
+ /* setup version number */
+ if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */
+
+ if (sk_num(sk))
+ {
+ i= -1;
+start: for (;;)
+ {
+ i++;
+ if ((int)sk_num(sk) <= i) break;
+
+ v=(CONF_VALUE *)sk_value(sk,i);
+ p=NULL;
+ type=v->name;
+ for (j=0; type[j] != '\0'; j++)
+ {
+ if ( (type[j] == ':') ||
+ (type[j] == ',') ||
+ (type[j] == '.'))
+ p= (unsigned char *)&(type[j+1]);
+ }
+ if (p != NULL)
+ type=(char *)p;
+ if ((nid=OBJ_txt2nid(type)) == NID_undef)
+ goto start;
+
+ sprintf(buf,"%s_default",v->name);
+ if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
+ def="";
+
+ sprintf(buf,"%s_value",v->name);
+ if ((value=CONF_get_string(req_conf,tmp,buf)) == NULL)
+ value=NULL;
+
+ sprintf(buf,"%s_min",v->name);
+ min=(int)CONF_get_number(req_conf,tmp,buf);
+
+ sprintf(buf,"%s_max",v->name);
+ max=(int)CONF_get_number(req_conf,tmp,buf);
+
+ if (!add_DN_object(ri->subject,v->value,def,value,nid,
+ min,max))
+ goto err;
+ }
+ if (sk_num(ri->subject->entries) == 0)
+ {
+ BIO_printf(bio_err,"error, no objects specified in config file\n");
+ goto err;
+ }
+
+ if (attribs)
+ {
+ if ((attr != NULL) && (sk_num(attr) > 0))
+ {
+ BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
+ BIO_printf(bio_err,"to be sent with your certificate request\n");
+ }
+
+ i= -1;
+start2: for (;;)
+ {
+ i++;
+ if ((attr == NULL) || ((int)sk_num(attr) <= i))
+ break;
+
+ v=(CONF_VALUE *)sk_value(attr,i);
+ type=v->name;
+ if ((nid=OBJ_txt2nid(type)) == NID_undef)
+ goto start2;
+
+ sprintf(buf,"%s_default",type);
+ if ((def=CONF_get_string(req_conf,tmp_attr,buf))
+ == NULL)
+ def="";
+
+ sprintf(buf,"%s_value",type);
+ if ((value=CONF_get_string(req_conf,tmp_attr,buf))
+ == NULL)
+ value=NULL;
+
+ sprintf(buf,"%s_min",type);
+ min=(int)CONF_get_number(req_conf,tmp_attr,buf);
+
+ sprintf(buf,"%s_max",type);
+ max=(int)CONF_get_number(req_conf,tmp_attr,buf);
+
+ if (!add_attribute_object(ri->attributes,
+ v->value,def,value,nid,min,max))
+ goto err;
+ }
+ }
+ }
+ else
+ {
+ BIO_printf(bio_err,"No template, please set one up.\n");
+ goto err;
+ }
+
+ X509_REQ_set_pubkey(req,pkey);
+
+ ret=1;
+err:
+ return(ret);
+ }
+
+static int add_DN_object(n,text,def,value,nid,min,max)
+X509_NAME *n;
+char *text;
+char *def;
+char *value;
+int nid;
+int min;
+int max;
+ {
+ int i,j,ret=0;
+ X509_NAME_ENTRY *ne=NULL;
+ MS_STATIC char buf[1024];
+
+ BIO_printf(bio_err,"%s [%s]:",text,def);
+ BIO_flush(bio_err);
+ if (value != NULL)
+ {
+ strcpy(buf,value);
+ strcat(buf,"\n");
+ BIO_printf(bio_err,"%s\n",value);
+ }
+ else
+ {
+ buf[0]='\0';
+ fgets(buf,1024,stdin);
+ }
+
+ if (buf[0] == '\0') return(0);
+ else if (buf[0] == '\n')
+ {
+ if ((def == NULL) || (def[0] == '\0'))
+ return(1);
+ strcpy(buf,def);
+ strcat(buf,"\n");
+ }
+ else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
+
+ i=strlen(buf);
+ if (buf[i-1] != '\n')
+ {
+ BIO_printf(bio_err,"weird input :-(\n");
+ return(0);
+ }
+ buf[--i]='\0';
+
+ j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
+ if (req_fix_data(nid,&j,i,min,max) == 0)
+ goto err;
+ if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf,
+ strlen(buf)))
+ == NULL) goto err;
+ if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
+ goto err;
+
+ ret=1;
+err:
+ if (ne != NULL) X509_NAME_ENTRY_free(ne);
+ return(ret);
+ }
+
+static int add_attribute_object(n,text,def,value,nid,min,max)
+STACK *n;
+char *text;
+char *def;
+char *value;
+int nid;
+int min;
+int max;
+ {
+ int i,z;
+ X509_ATTRIBUTE *xa=NULL;
+ static char buf[1024];
+ ASN1_BIT_STRING *bs=NULL;
+ ASN1_TYPE *at=NULL;
+
+start:
+ BIO_printf(bio_err,"%s [%s]:",text,def);
+ BIO_flush(bio_err);
+ if (value != NULL)
+ {
+ strcpy(buf,value);
+ strcat(buf,"\n");
+ BIO_printf(bio_err,"%s\n",value);
+ }
+ else
+ {
+ buf[0]='\0';
+ fgets(buf,1024,stdin);
+ }
+
+ if (buf[0] == '\0') return(0);
+ else if (buf[0] == '\n')
+ {
+ if ((def == NULL) || (def[0] == '\0'))
+ return(1);
+ strcpy(buf,def);
+ strcat(buf,"\n");
+ }
+ else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
+
+ i=strlen(buf);
+ if (buf[i-1] != '\n')
+ {
+ BIO_printf(bio_err,"weird input :-(\n");
+ return(0);
+ }
+ buf[--i]='\0';
+
+ /* add object plus value */
+ if ((xa=X509_ATTRIBUTE_new()) == NULL)
+ goto err;
+ if ((xa->value.set=sk_new_null()) == NULL)
+ goto err;
+ xa->set=1;
+
+ if (xa->object != NULL) ASN1_OBJECT_free(xa->object);
+ xa->object=OBJ_nid2obj(nid);
+
+ if ((bs=ASN1_BIT_STRING_new()) == NULL) goto err;
+
+ bs->type=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
+
+ z=req_fix_data(nid,&bs->type,i,min,max);
+ if (z == 0)
+ {
+ if (value == NULL)
+ goto start;
+ else goto err;
+ }
+
+ if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1))
+ { BIO_printf(bio_err,"Malloc failure\n"); goto err; }
+
+ if ((at=ASN1_TYPE_new()) == NULL)
+ { BIO_printf(bio_err,"Malloc failure\n"); goto err; }
+
+ ASN1_TYPE_set(at,bs->type,(char *)bs);
+ sk_push(xa->value.set,(char *)at);
+ bs=NULL;
+ at=NULL;
+ /* only one item per attribute */
+
+ if (!sk_push(n,(char *)xa)) goto err;
+ return(1);
+err:
+ if (xa != NULL) X509_ATTRIBUTE_free(xa);
+ if (at != NULL) ASN1_TYPE_free(at);
+ if (bs != NULL) ASN1_BIT_STRING_free(bs);
+ return(0);
+ }
+
+static void MS_CALLBACK req_cb(p, n)
+int p;
+int n;
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(bio_err,&c,1);
+ BIO_flush(bio_err);
+#ifdef LINT
+ p=n;
+#endif
+ }
+
+static int req_fix_data(nid,type,len,min,max)
+int nid;
+int *type;
+int len,min,max;
+ {
+ if (nid == NID_pkcs9_emailAddress)
+ *type=V_ASN1_IA5STRING;
+ if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
+ *type=V_ASN1_T61STRING;
+ if ((nid == NID_pkcs9_challengePassword) &&
+ (*type == V_ASN1_IA5STRING))
+ *type=V_ASN1_T61STRING;
+
+ if ((nid == NID_pkcs9_unstructuredName) &&
+ (*type == V_ASN1_T61STRING))
+ {
+ BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n");
+ return(0);
+ }
+ if (nid == NID_pkcs9_unstructuredName)
+ *type=V_ASN1_IA5STRING;
+
+ if (len < min)
+ {
+ BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
+ return(0);
+ }
+ if ((max != 0) && (len > max))
+ {
+ BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max);
+ return(0);
+ }
+ return(1);
+ }
diff --git a/apps/rmlinks b/apps/rmlinks
new file mode 100644
index 0000000..54bc996
--- /dev/null
+++ b/apps/rmlinks
@@ -0,0 +1,6 @@
+#!/bin/sh
+for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb
+do
+echo removing $i
+/bin/rm -f $i
+done
diff --git a/apps/rsa.c b/apps/rsa.c
new file mode 100644
index 0000000..9f2df77
--- /dev/null
+++ b/apps/rsa.c
@@ -0,0 +1,303 @@
+/* apps/rsa.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "rsa.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG rsa_main
+
+/* -inform arg - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -des - encrypt output if PEM format with DES in cbc mode
+ * -des3 - encrypt output if PEM format
+ * -idea - encrypt output if PEM format
+ * -text - print a text version
+ * -modulus - print the RSA key modulus
+ */
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int ret=1;
+ RSA *rsa=NULL;
+ int i,badops=0;
+ EVP_CIPHER *enc=NULL;
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,text=0,noout=0;
+ char *infile,*outfile,*prog;
+ int modulus=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+ else if (strcmp(*argv,"-modulus") == 0)
+ modulus=1;
+ else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
+ BIO_printf(bio_err," -in arg inout file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef NO_IDEA
+ BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
+#endif
+ BIO_printf(bio_err," -text print the key in text\n");
+ BIO_printf(bio_err," -noout don't print key out\n");
+ BIO_printf(bio_err," -modulus print the RSA key modulus\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in=BIO_new(BIO_s_file());
+ out=BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ BIO_printf(bio_err,"read RSA private key\n");
+ if (informat == FORMAT_ASN1)
+ rsa=d2i_RSAPrivateKey_bio(in,NULL);
+#ifndef NO_RC4
+ else if (informat == FORMAT_NETSCAPE)
+ {
+ BUF_MEM *buf=NULL;
+ unsigned char *p;
+ int size=0;
+
+ buf=BUF_MEM_new();
+ for (;;)
+ {
+ if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+ goto end;
+ i=BIO_read(in,&(buf->data[size]),1024*10);
+ size+=i;
+ if (i == 0) break;
+ if (i < 0)
+ {
+ perror("reading private key");
+ BUF_MEM_free(buf);
+ goto end;
+ }
+ }
+ p=(unsigned char *)buf->data;
+ rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
+ BUF_MEM_free(buf);
+ }
+#endif
+ else if (informat == FORMAT_PEM)
+ rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL);
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for key\n");
+ goto end;
+ }
+ if (rsa == NULL)
+ {
+ BIO_printf(bio_err,"unable to load Private Key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (text)
+ if (!RSA_print(out,rsa,0))
+ {
+ perror(outfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (modulus)
+ {
+ fprintf(stdout,"Modulus=");
+ BN_print(out,rsa->n);
+ fprintf(stdout,"\n");
+ }
+
+ if (noout) goto end;
+ BIO_printf(bio_err,"writing RSA private key\n");
+ if (outformat == FORMAT_ASN1)
+ i=i2d_RSAPrivateKey_bio(out,rsa);
+#ifndef NO_RC4
+ else if (outformat == FORMAT_NETSCAPE)
+ {
+ unsigned char *p,*pp;
+ int size;
+
+ i=1;
+ size=i2d_Netscape_RSA(rsa,NULL,NULL);
+ if ((p=(unsigned char *)Malloc(size)) == NULL)
+ {
+ BIO_printf(bio_err,"Malloc failure\n");
+ goto end;
+ }
+ pp=p;
+ i2d_Netscape_RSA(rsa,&p,NULL);
+ BIO_write(out,(char *)pp,size);
+ Free(pp);
+ }
+#endif
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write private key\n");
+ ERR_print_errors(bio_err);
+ }
+ else
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (rsa != NULL) RSA_free(rsa);
+ EXIT(ret);
+ }
+
diff --git a/apps/rsa8192.pem b/apps/rsa8192.pem
new file mode 100644
index 0000000..946a6e5
--- /dev/null
+++ b/apps/rsa8192.pem
@@ -0,0 +1,101 @@
+-----BEGIN RSA PRIVATE KEY-----
+
+MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
+ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
+MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
+55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
+yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
+tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
+LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
+aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
+PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
+mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
+71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
+d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
+wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
+bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
+Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
+Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
+pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
+os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
+mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
+cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
+LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
+tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
+PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
+psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
+9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
+xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
+ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
+RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
+1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
+P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
+77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
+4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
+/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
+GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
+HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
+ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
+AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
+52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
+5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
+7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
+KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
+cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
+dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
+DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
+Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
+f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
+J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
+TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
+fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
+Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
+mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
+YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
+mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
+Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
+c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
+Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
+WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
+KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
+JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
+yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
+kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
+DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
+22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
+ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
+D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
+PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
+dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
+FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
+6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
+eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
+bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
+XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
+7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
+82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
+beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
+pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
+70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
+YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
+ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
+lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
+4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
+lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
+LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
+x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
+O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
+6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
+Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
+DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
+Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
+oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
+nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
+X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
+QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
+TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
+46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
+rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
+I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
+-----END RSA PRIVATE KEY-----
+
diff --git a/apps/s1024key.pem b/apps/s1024key.pem
new file mode 100644
index 0000000..19e0403
--- /dev/null
+++ b/apps/s1024key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
+-----END RSA PRIVATE KEY-----
diff --git a/apps/s1024req.pem b/apps/s1024req.pem
new file mode 100644
index 0000000..bb75e7e
--- /dev/null
+++ b/apps/s1024req.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
+GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
+dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
+9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
+KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
+RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
+BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
+nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
+frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
+-----END CERTIFICATE REQUEST-----
diff --git a/apps/s512-key.pem b/apps/s512-key.pem
new file mode 100644
index 0000000..0e3ff2d
--- /dev/null
+++ b/apps/s512-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
diff --git a/apps/s512-req.pem b/apps/s512-req.pem
new file mode 100644
index 0000000..ea314be
--- /dev/null
+++ b/apps/s512-req.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
+MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
+IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
+MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
+y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
+5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
+-----END CERTIFICATE REQUEST-----
diff --git a/apps/s_apps.h b/apps/s_apps.h
new file mode 100644
index 0000000..6857674
--- /dev/null
+++ b/apps/s_apps.h
@@ -0,0 +1,122 @@
+/* apps/s_apps.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define PORT 4433
+#define PORT_STR "4433"
+#define PROTOCOL "tcp"
+
+#ifndef NOPROTO
+int do_accept(int acc_sock, int *sock, char **host);
+int do_server(int port, int *ret, int (*cb) ());
+#ifdef HEADER_X509_H
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+#else
+int MS_CALLBACK verify_callback(int ok, char *ctx);
+#endif
+#ifdef HEADER_SSL_H
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+#else
+int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
+#endif
+int init_client(int *sock, char *server, int port);
+int init_client_ip(int *sock,unsigned char ip[4], int port);
+int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
+int nbio_sock_error(int sock);
+int spawn(int argc, char **argv, int *in, int *out);
+int init_server(int *sock, int port);
+int should_retry(int i);
+int sock_err(void );
+int socket_ioctl(int, long,unsigned long *);
+void sock_cleanup(void );
+int extract_port(char *str, short *port_ptr);
+int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int host_ip(char *str, unsigned char ip[4]);
+
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, char *argp,
+ int argi, long argl, long ret);
+
+#ifdef HEADER_SSL_H
+void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
+#else
+void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
+#endif
+
+#else
+int do_accept();
+int do_server();
+int MS_CALLBACK verify_callback();
+int set_cert_stuff();
+int init_client();
+int init_client_ip();
+int nbio_init_client_ip();
+int nbio_sock_error();
+int spawn();
+int init_server();
+int should_retry();
+int sock_err();
+int socket_ioctl();
+void sock_cleanup();
+int extract_port();
+int extract_host_port();
+int host_ip();
+
+long MS_CALLBACK bio_dump_cb();
+void MS_CALLBACK apps_ssl_info_callback();
+
+#endif
+
diff --git a/apps/s_cb.c b/apps/s_cb.c
new file mode 100644
index 0000000..712a043
--- /dev/null
+++ b/apps/s_cb.c
@@ -0,0 +1,243 @@
+/* apps/s_cb.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#define USE_SOCKETS
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+#undef USE_SOCKETS
+#include "err.h"
+#include "x509.h"
+#include "ssl.h"
+#include "s_apps.h"
+
+int verify_depth=0;
+int verify_error=X509_V_OK;
+
+/* should be X509 * but we can just have them as char *. */
+int MS_CALLBACK verify_callback(ok, ctx)
+int ok;
+X509_STORE_CTX *ctx;
+ {
+ char buf[256];
+ X509 *err_cert;
+ int err,depth;
+
+ err_cert=X509_STORE_CTX_get_current_cert(ctx);
+ err= X509_STORE_CTX_get_error(ctx);
+ depth= X509_STORE_CTX_get_error_depth(ctx);
+
+ X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+ BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+ if (!ok)
+ {
+ BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+ X509_verify_cert_error_string(err));
+ if (verify_depth >= depth)
+ {
+ ok=1;
+ verify_error=X509_V_OK;
+ }
+ else
+ {
+ ok=0;
+ verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
+ }
+ }
+ switch (ctx->error)
+ {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+ X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+ BIO_printf(bio_err,"issuer= %s\n",buf);
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ BIO_printf(bio_err,"notBefore=");
+ ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+ BIO_printf(bio_err,"\n");
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ BIO_printf(bio_err,"notAfter=");
+ ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+ BIO_printf(bio_err,"\n");
+ break;
+ }
+ BIO_printf(bio_err,"verify return:%d\n",ok);
+ return(ok);
+ }
+
+int set_cert_stuff(ctx, cert_file, key_file)
+SSL_CTX *ctx;
+char *cert_file;
+char *key_file;
+ {
+ if (cert_file != NULL)
+ {
+ SSL *ssl;
+ X509 *x509;
+
+ if (SSL_CTX_use_certificate_file(ctx,cert_file,
+ SSL_FILETYPE_PEM) <= 0)
+ {
+ BIO_printf(bio_err,"unable to set certificate file\n");
+ ERR_print_errors(bio_err);
+ return(0);
+ }
+ if (key_file == NULL) key_file=cert_file;
+ if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
+ SSL_FILETYPE_PEM) <= 0)
+ {
+ BIO_printf(bio_err,"unable to set public key file\n");
+ ERR_print_errors(bio_err);
+ return(0);
+ }
+
+ ssl=SSL_new(ctx);
+ x509=SSL_get_certificate(ssl);
+
+ if (x509 != NULL)
+ EVP_PKEY_copy_parameters(X509_get_pubkey(x509),
+ SSL_get_privatekey(ssl));
+ SSL_free(ssl);
+
+ /* If we are using DSA, we can copy the parameters from
+ * the private key */
+
+
+ /* Now we know that a key and cert have been set against
+ * the SSL context */
+ if (!SSL_CTX_check_private_key(ctx))
+ {
+ BIO_printf(bio_err,"Private key does not match the certificate public key\n");
+ return(0);
+ }
+ }
+ return(1);
+ }
+
+long MS_CALLBACK bio_dump_cb(bio,cmd,argp,argi,argl,ret)
+BIO *bio;
+int cmd;
+char *argp;
+int argi;
+long argl;
+long ret;
+ {
+ BIO *out;
+
+ out=(BIO *)BIO_get_callback_arg(bio);
+ if (out == NULL) return(ret);
+
+ if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
+ {
+ BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n",
+ bio,argp,argi,ret,ret);
+ BIO_dump(out,argp,(int)ret);
+ return(ret);
+ }
+ else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
+ {
+ BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n",
+ bio,argp,argi,ret,ret);
+ BIO_dump(out,argp,(int)ret);
+ }
+ return(ret);
+ }
+
+void MS_CALLBACK apps_ssl_info_callback(s,where,ret)
+SSL *s;
+int where;
+int ret;
+ {
+ char *str;
+ int w;
+
+ w=where& ~SSL_ST_MASK;
+
+ if (w & SSL_ST_CONNECT) str="SSL_connect";
+ else if (w & SSL_ST_ACCEPT) str="SSL_accept";
+ else str="undefined";
+
+ if (where & SSL_CB_LOOP)
+ {
+ BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
+ }
+ else if (where & SSL_CB_ALERT)
+ {
+ str=(where & SSL_CB_READ)?"read":"write";
+ BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
+ str,
+ SSL_alert_type_string_long(ret),
+ SSL_alert_desc_string_long(ret));
+ }
+ else if (where & SSL_CB_EXIT)
+ {
+ if (ret == 0)
+ BIO_printf(bio_err,"%s:failed in %s\n",
+ str,SSL_state_string_long(s));
+ else if (ret < 0)
+ {
+ BIO_printf(bio_err,"%s:error in %s\n",
+ str,SSL_state_string_long(s));
+ }
+ }
+ }
+
diff --git a/apps/s_client.c b/apps/s_client.c
new file mode 100644
index 0000000..b5dc238
--- /dev/null
+++ b/apps/s_client.c
@@ -0,0 +1,717 @@
+/* apps/s_client.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#define USE_SOCKETS
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include "x509.h"
+#include "ssl.h"
+#include "err.h"
+#include "pem.h"
+#include "s_apps.h"
+
+#undef PROG
+#define PROG s_client_main
+
+/*#define SSL_HOST_NAME "www.netscape.com" */
+/*#define SSL_HOST_NAME "193.118.187.102" */
+#define SSL_HOST_NAME "localhost"
+
+/*#define TEST_CERT "client.pem" */ /* no default cert. */
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*8
+
+extern int verify_depth;
+extern int verify_error;
+
+#ifdef FIONBIO
+static int c_nbio=0;
+#endif
+static int c_Pause=0;
+static int c_debug=0;
+
+#ifndef NOPROTO
+static void sc_usage(void);
+static void print_stuff(BIO *berr,SSL *con,int full);
+#else
+static void sc_usage();
+static void print_stuff();
+#endif
+
+static BIO *bio_c_out=NULL;
+static int c_quiet=0;
+
+static void sc_usage()
+ {
+ BIO_printf(bio_err,"usage: client args\n");
+ BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err," -host host - use -connect instead\n");
+ BIO_printf(bio_err," -port port - use -connect instead\n");
+ BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
+
+ BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
+ BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
+ BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n");
+ BIO_printf(bio_err," not specified but cert file is.\n");
+ BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
+ BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
+ BIO_printf(bio_err," -debug - extra output\n");
+ BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
+ BIO_printf(bio_err," -state - print the 'ssl' states\n");
+#ifdef FIONBIO
+ BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
+#endif
+ BIO_printf(bio_err," -quiet - no s_client output\n");
+ BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
+ BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
+ BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
+ BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'ssleay ciphers'\n");
+ BIO_printf(bio_err," command to se what is available\n");
+
+ }
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ SSL *con=NULL,*con2=NULL;
+ int s,k,width,state=0;
+ char *cbuf=NULL,*sbuf=NULL;
+ int cbuf_len,cbuf_off;
+ int sbuf_len,sbuf_off;
+ fd_set readfds,writefds;
+ short port=PORT;
+ int full_log=1;
+ char *host=SSL_HOST_NAME;
+ char *cert_file=NULL,*key_file=NULL;
+ char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
+ int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
+ int write_tty,read_tty,write_ssl,read_ssl,tty_on;
+ SSL_CTX *ctx=NULL;
+ int ret=1,in_init=1,i,nbio_test=0;
+ SSL_METHOD *meth=NULL;
+ BIO *sbio;
+ /*static struct timeval timeout={10,0};*/
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+ meth=SSLv23_client_method();
+#elif !defined(NO_SSL3)
+ meth=SSLv3_client_method();
+#elif !defined(NO_SSL2)
+ meth=SSLv2_client_method();
+#endif
+
+ apps_startup();
+ c_quiet=0;
+ c_debug=0;
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+ if ( ((cbuf=Malloc(BUFSIZZ)) == NULL) ||
+ ((sbuf=Malloc(BUFSIZZ)) == NULL))
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+
+ verify_depth=0;
+ verify_error=X509_V_OK;
+#ifdef FIONBIO
+ c_nbio=0;
+#endif
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-host") == 0)
+ {
+ if (--argc < 1) goto bad;
+ host= *(++argv);
+ }
+ else if (strcmp(*argv,"-port") == 0)
+ {
+ if (--argc < 1) goto bad;
+ port=atoi(*(++argv));
+ if (port == 0) goto bad;
+ }
+ else if (strcmp(*argv,"-connect") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if (!extract_host_port(*(++argv),&host,NULL,&port))
+ goto bad;
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+ {
+ verify=SSL_VERIFY_PEER;
+ if (--argc < 1) goto bad;
+ verify_depth=atoi(*(++argv));
+ BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+ }
+ else if (strcmp(*argv,"-cert") == 0)
+ {
+ if (--argc < 1) goto bad;
+ cert_file= *(++argv);
+ }
+ else if (strcmp(*argv,"-quiet") == 0)
+ c_quiet=1;
+ else if (strcmp(*argv,"-pause") == 0)
+ c_Pause=1;
+ else if (strcmp(*argv,"-debug") == 0)
+ c_debug=1;
+ else if (strcmp(*argv,"-nbio_test") == 0)
+ nbio_test=1;
+ else if (strcmp(*argv,"-state") == 0)
+ state=1;
+#ifndef NO_SSL2
+ else if (strcmp(*argv,"-ssl2") == 0)
+ meth=SSLv2_client_method();
+#endif
+#ifndef NO_SSL3
+ else if (strcmp(*argv,"-ssl3") == 0)
+ meth=SSLv3_client_method();
+#endif
+ else if (strcmp(*argv,"-bugs") == 0)
+ bugs=1;
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ key_file= *(++argv);
+ }
+ else if (strcmp(*argv,"-reconnect") == 0)
+ {
+ reconnect=5;
+ }
+ else if (strcmp(*argv,"-CApath") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CApath= *(++argv);
+ }
+ else if (strcmp(*argv,"-CAfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-cipher") == 0)
+ {
+ if (--argc < 1) goto bad;
+ cipher= *(++argv);
+ }
+#ifdef FIONBIO
+ else if (strcmp(*argv,"-nbio") == 0)
+ { c_nbio=1; }
+#endif
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badop=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+ if (badop)
+ {
+bad:
+ sc_usage();
+ goto end;
+ }
+
+ if (bio_c_out == NULL)
+ {
+ if (c_quiet)
+ {
+ bio_c_out=BIO_new(BIO_s_null());
+ }
+ else
+ {
+ if (bio_c_out == NULL)
+ bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+ }
+ }
+
+ SSLeay_add_ssl_algorithms();
+ ctx=SSL_CTX_new(meth);
+ if (ctx == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
+
+ if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+ if (cipher != NULL)
+ SSL_CTX_set_cipher_list(ctx,cipher);
+#if 0
+ else
+ SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
+#endif
+
+ SSL_CTX_set_verify(ctx,verify,verify_callback);
+ if (!set_cert_stuff(ctx,cert_file,key_file))
+ goto end;
+
+ if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx)))
+ {
+ BIO_printf(bio_err,"error seting default verify locations\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ SSL_load_error_strings();
+
+ con=(SSL *)SSL_new(ctx);
+
+re_start:
+
+ if (init_client(&s,host,port) == 0)
+ {
+ BIO_printf(bio_err,"connect:errno=%d\n",errno);
+ SHUTDOWN(s);
+ goto end;
+ }
+ BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
+
+#ifdef FIONBIO
+ if (c_nbio)
+ {
+ unsigned long l=1;
+ BIO_printf(bio_c_out,"turning on non blocking io\n");
+ socket_ioctl(s,FIONBIO,&l);
+ }
+#endif
+ if (c_Pause & 0x01) con->debug=1;
+ sbio=BIO_new_socket(s,BIO_NOCLOSE);
+
+ if (nbio_test)
+ {
+ BIO *test;
+
+ test=BIO_new(BIO_f_nbio_test());
+ sbio=BIO_push(test,sbio);
+ }
+
+ if (c_debug)
+ {
+ con->debug=1;
+ BIO_set_callback(sbio,bio_dump_cb);
+ BIO_set_callback_arg(sbio,bio_c_out);
+ }
+
+ SSL_set_bio(con,sbio,sbio);
+ SSL_set_connect_state(con);
+
+ /* ok, lets connect */
+ width=SSL_get_fd(con)+1;
+
+ read_tty=1;
+ write_tty=0;
+ tty_on=0;
+ read_ssl=1;
+ write_ssl=1;
+
+ cbuf_len=0;
+ cbuf_off=0;
+ sbuf_len=0;
+ sbuf_off=0;
+
+ for (;;)
+ {
+ FD_ZERO(&readfds);
+ FD_ZERO(&writefds);
+
+ if (SSL_in_init(con))
+ {
+ in_init=1;
+ tty_on=0;
+ }
+ else
+ {
+ tty_on=1;
+ if (in_init)
+ {
+ in_init=0;
+ print_stuff(bio_c_out,con,full_log);
+ if (full_log > 0) full_log--;
+
+ if (reconnect)
+ {
+ reconnect--;
+ BIO_printf(bio_c_out,"drop connection and then reconnect\n");
+ SSL_shutdown(con);
+ SSL_set_connect_state(con);
+ SHUTDOWN(SSL_get_fd(con));
+ goto re_start;
+ }
+ }
+ }
+
+#ifndef WINDOWS
+ if (tty_on)
+ {
+ if (read_tty) FD_SET(fileno(stdin),&readfds);
+ if (write_tty) FD_SET(fileno(stdout),&writefds);
+ }
+#endif
+ if (read_ssl)
+ FD_SET(SSL_get_fd(con),&readfds);
+ if (write_ssl)
+ FD_SET(SSL_get_fd(con),&writefds);
+
+/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
+ tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+
+/* printf("pending=%d\n",SSL_pending(con)); */
+ i=select(width,&readfds,&writefds,NULL,NULL);
+ if ( i < 0)
+ {
+ BIO_printf(bio_err,"bad select %d\n",sock_err());
+ goto shut;
+ /* goto end; */
+ }
+
+ if (FD_ISSET(SSL_get_fd(con),&writefds))
+ {
+ k=SSL_write(con,&(cbuf[cbuf_off]),
+ (unsigned int)cbuf_len);
+ switch (SSL_get_error(con,k))
+ {
+ case SSL_ERROR_NONE:
+ cbuf_off+=k;
+ cbuf_len-=k;
+ if (k <= 0) goto end;
+ /* we have done a write(con,NULL,0); */
+ if (cbuf_len <= 0)
+ {
+ read_tty=1;
+ write_ssl=0;
+ }
+ else /* if (cbuf_len > 0) */
+ {
+ read_tty=0;
+ write_ssl=1;
+ }
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ BIO_printf(bio_c_out,"write W BLOCK\n");
+ write_ssl=1;
+ read_tty=0;
+ break;
+ case SSL_ERROR_WANT_READ:
+ BIO_printf(bio_c_out,"write R BLOCK\n");
+ write_tty=0;
+ read_ssl=1;
+ write_ssl=0;
+ break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_printf(bio_c_out,"write X BLOCK\n");
+ break;
+ case SSL_ERROR_ZERO_RETURN:
+ if (cbuf_len != 0)
+ {
+ BIO_printf(bio_c_out,"shutdown\n");
+ goto shut;
+ }
+ else
+ {
+ read_tty=1;
+ write_ssl=0;
+ break;
+ }
+
+ case SSL_ERROR_SYSCALL:
+ if ((k != 0) || (cbuf_len != 0))
+ {
+ BIO_printf(bio_err,"write:errno=%d\n",
+ errno);
+ goto shut;
+ }
+ else
+ {
+ read_tty=1;
+ write_ssl=0;
+ }
+ break;
+ case SSL_ERROR_SSL:
+ ERR_print_errors(bio_err);
+ goto shut;
+ }
+ }
+#ifndef WINDOWS
+ else if (FD_ISSET(fileno(stdout),&writefds))
+ {
+ i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
+
+ if (i <= 0)
+ {
+ BIO_printf(bio_c_out,"DONE\n");
+ goto shut;
+ /* goto end; */
+ }
+
+ sbuf_len-=i;;
+ sbuf_off+=i;
+ if (sbuf_len <= 0)
+ {
+ read_ssl=1;
+ write_tty=0;
+ }
+ }
+#endif
+ else if (FD_ISSET(SSL_get_fd(con),&readfds))
+ {
+ k=SSL_read(con,sbuf,BUFSIZZ);
+
+ switch (SSL_get_error(con,k))
+ {
+ case SSL_ERROR_NONE:
+ if (k <= 0)
+ goto end;
+ sbuf_off=0;
+ sbuf_len=k;
+
+ read_ssl=0;
+ write_tty=1;
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ BIO_printf(bio_c_out,"read W BLOCK\n");
+ write_ssl=1;
+ read_tty=0;
+ break;
+ case SSL_ERROR_WANT_READ:
+ BIO_printf(bio_c_out,"read R BLOCK\n");
+ write_tty=0;
+ read_ssl=1;
+ if ((read_tty == 0) && (write_ssl == 0))
+ write_ssl=1;
+ break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_printf(bio_c_out,"read X BLOCK\n");
+ break;
+ case SSL_ERROR_SYSCALL:
+ BIO_printf(bio_err,"read:errno=%d\n",errno);
+ goto shut;
+ case SSL_ERROR_ZERO_RETURN:
+ BIO_printf(bio_c_out,"closed\n");
+ goto shut;
+ case SSL_ERROR_SSL:
+ ERR_print_errors(bio_err);
+ goto shut;
+ break;
+ }
+ }
+
+#ifndef WINDOWS
+ else if (FD_ISSET(fileno(stdin),&readfds))
+ {
+ i=read(fileno(stdin),cbuf,BUFSIZZ);
+
+ if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
+ {
+ BIO_printf(bio_err,"DONE\n");
+ goto shut;
+ }
+
+ if ((!c_quiet) && (cbuf[0] == 'R'))
+ {
+ SSL_renegotiate(con);
+ read_tty=0;
+ write_ssl=1;
+ }
+ else
+ {
+ cbuf_len=i;
+ cbuf_off=0;
+ }
+
+ read_tty=0;
+ write_ssl=1;
+ }
+#endif
+ }
+shut:
+ SSL_shutdown(con);
+ SHUTDOWN(SSL_get_fd(con));
+ ret=0;
+end:
+ if (con != NULL) SSL_free(con);
+ if (con2 != NULL) SSL_free(con2);
+ if (ctx != NULL) SSL_CTX_free(ctx);
+ if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
+ if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
+ if (bio_c_out != NULL)
+ {
+ BIO_free(bio_c_out);
+ bio_c_out=NULL;
+ }
+ EXIT(ret);
+ }
+
+
+static void print_stuff(bio,s,full)
+BIO *bio;
+SSL *s;
+int full;
+ {
+ X509 *peer;
+ char *p;
+ static char *space=" ";
+ char buf[BUFSIZ];
+ STACK *sk;
+ SSL_CIPHER *c;
+ X509_NAME *xn;
+ int j,i;
+
+ if (full)
+ {
+ sk=SSL_get_peer_cert_chain(s);
+ if (sk != NULL)
+ {
+ BIO_printf(bio,"---\nCertficate chain\n");
+ for (i=0; i<sk_num(sk); i++)
+ {
+ X509_NAME_oneline(X509_get_subject_name((X509 *)
+ sk_value(sk,i)),buf,BUFSIZ);
+ BIO_printf(bio,"%2d s:%s\n",i,buf);
+ X509_NAME_oneline(X509_get_issuer_name((X509 *)
+ sk_value(sk,i)),buf,BUFSIZ);
+ BIO_printf(bio," i:%s\n",buf);
+ }
+ }
+
+ BIO_printf(bio,"---\n");
+ peer=SSL_get_peer_certificate(s);
+ if (peer != NULL)
+ {
+ BIO_printf(bio,"Server certificate\n");
+ PEM_write_bio_X509(bio,peer);
+ X509_NAME_oneline(X509_get_subject_name(peer),
+ buf,BUFSIZ);
+ BIO_printf(bio,"subject=%s\n",buf);
+ X509_NAME_oneline(X509_get_issuer_name(peer),
+ buf,BUFSIZ);
+ BIO_printf(bio,"issuer=%s\n",buf);
+ X509_free(peer);
+ }
+ else
+ BIO_printf(bio,"no peer certificate available\n");
+
+ sk=SSL_get_client_CA_list(s);
+ if ((sk != NULL) && (sk_num(sk) > 0))
+ {
+ BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
+ for (i=0; i<sk_num(sk); i++)
+ {
+ xn=(X509_NAME *)sk_value(sk,i);
+ X509_NAME_oneline(xn,buf,sizeof(buf));
+ BIO_write(bio,buf,strlen(buf));
+ BIO_write(bio,"\n",1);
+ }
+ }
+ else
+ {
+ BIO_printf(bio,"---\nNo client certificate CA names sent\n");
+ }
+ p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
+ if (p != NULL)
+ {
+ BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
+ j=i=0;
+ while (*p)
+ {
+ if (*p == ':')
+ {
+ BIO_write(bio,space,15-j);
+ i++;
+ j=0;
+ BIO_write(bio,((i%3)?" ":"\n"),1);
+ }
+ else
+ {
+ BIO_write(bio,p,1);
+ j++;
+ }
+ p++;
+ }
+ BIO_write(bio,"\n",1);
+ }
+
+ BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
+ BIO_number_read(SSL_get_rbio(s)),
+ BIO_number_written(SSL_get_wbio(s)));
+ }
+ BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
+ c=SSL_get_current_cipher(s);
+ BIO_printf(bio,"%s, Cipher is %s\n",
+ SSL_CIPHER_get_version(c),
+ SSL_CIPHER_get_name(c));
+ SSL_SESSION_print(bio,SSL_get_session(s));
+ BIO_printf(bio,"---\n");
+ }
+
diff --git a/apps/s_server.c b/apps/s_server.c
new file mode 100644
index 0000000..d1e406c
--- /dev/null
+++ b/apps/s_server.c
@@ -0,0 +1,1112 @@
+/* apps/s_server.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "lhash.h"
+#include "bn.h"
+#define USE_SOCKETS
+#include "apps.h"
+#include "err.h"
+#include "pem.h"
+#include "x509.h"
+#include "ssl.h"
+#include "s_apps.h"
+
+#ifndef NOPROTO
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
+static int sv_body(char *hostname, int s);
+static int www_body(char *hostname, int s);
+static void close_accept_socket(void );
+static void sv_usage(void);
+static int init_ssl_connection(SSL *s);
+static void print_stats(BIO *bp,SSL_CTX *ctx);
+static DH *load_dh_param(void );
+static DH *get_dh512(void);
+#else
+static RSA MS_CALLBACK *tmp_rsa_cb();
+static int sv_body();
+static int www_body();
+static void close_accept_socket();
+static void sv_usage();
+static int init_ssl_connection();
+static void print_stats();
+static DH *load_dh_param();
+static DH *get_dh512();
+#endif
+
+
+#ifndef S_ISDIR
+#define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
+#endif
+
+static unsigned char dh512_p[]={
+ 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+ 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+ 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+ 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+ 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+ 0x47,0x74,0xE8,0x33,
+ };
+static unsigned char dh512_g[]={
+ 0x02,
+ };
+
+static DH *get_dh512()
+ {
+ DH *dh=NULL;
+
+#ifndef NO_DH
+ if ((dh=DH_new()) == NULL) return(NULL);
+ dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+ dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+ if ((dh->p == NULL) || (dh->g == NULL))
+ return(NULL);
+#endif
+ return(dh);
+ }
+
+/* static int load_CA(SSL_CTX *ctx, char *file);*/
+
+#undef BUFSIZZ
+#define BUFSIZZ 8*1024
+static int accept_socket= -1;
+
+#define TEST_CERT "server.pem"
+#undef PROG
+#define PROG s_server_main
+
+#define DH_PARAM "server.pem"
+
+extern int verify_depth;
+
+static char *cipher=NULL;
+int verify=SSL_VERIFY_NONE;
+char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+static int s_nbio_test=0;
+static SSL_CTX *ctx=NULL;
+static int www=0;
+
+static BIO *bio_s_out=NULL;
+static int s_debug=0;
+static int s_quiet=0;
+
+static void sv_usage()
+ {
+ BIO_printf(bio_err,"usage: s_server [args ...]\n");
+ BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err," -accpet arg - port to accept on (default is %d\n",PORT);
+ BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
+ BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
+ BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
+ BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
+ BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n");
+ BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
+#ifdef FIONBIO
+ BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
+#endif
+ BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
+ BIO_printf(bio_err," -debug - Print more output\n");
+ BIO_printf(bio_err," -state - Print the SSL states\n");
+ BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
+ BIO_printf(bio_err," -cipher arg - play with 'ssleay ciphers' to see what goes here\n");
+ BIO_printf(bio_err," -quiet - No server output\n");
+ BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
+ BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
+ BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
+ BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n");
+ BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
+ BIO_printf(bio_err," -WWW - Returns requested page from to a 'GET <path> HTTP/1.0'\n");
+ }
+
+static int local_argc;
+static char **local_argv;
+static int hack;
+
+int MAIN(argc, argv)
+int argc;
+char *argv[];
+ {
+ short port=PORT;
+ char *CApath=NULL,*CAfile=NULL;
+ int badop=0,bugs=0;
+ int ret=1;
+ int no_tmp_rsa=0,nocert=0;
+ int state=0;
+ SSL_METHOD *meth=NULL;
+ DH *dh=NULL;
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+ meth=SSLv23_server_method();
+#elif !defined(NO_SSL3)
+ meth=SSLv3_server_method();
+#elif !defined(NO_SSL2)
+ meth=SSLv2_server_method();
+#endif
+
+ local_argc=argc;
+ local_argv=argv;
+
+ apps_startup();
+ s_quiet=0;
+ s_debug=0;
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+ verify_depth=0;
+#ifdef FIONBIO
+ s_nbio=0;
+#endif
+ s_nbio_test=0;
+
+ argc--;
+ argv++;
+
+ while (argc >= 1)
+ {
+ if ((strcmp(*argv,"-port") == 0) ||
+ (strcmp(*argv,"-accept") == 0))
+ {
+ if (--argc < 1) goto bad;
+ if (!extract_port(*(++argv),&port))
+ goto bad;
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+ {
+ verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1) goto bad;
+ verify_depth=atoi(*(++argv));
+ BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+ }
+ else if (strcmp(*argv,"-Verify") == 0)
+ {
+ verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
+ SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1) goto bad;
+ verify_depth=atoi(*(++argv));
+ BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
+ }
+ else if (strcmp(*argv,"-cert") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_cert_file= *(++argv);
+ }
+ else if (strcmp(*argv,"-key") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_key_file= *(++argv);
+ }
+ else if (strcmp(*argv,"-nocert") == 0)
+ {
+ nocert=1;
+ }
+ else if (strcmp(*argv,"-CApath") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CApath= *(++argv);
+ }
+ else if (strcmp(*argv,"-cipher") == 0)
+ {
+ if (--argc < 1) goto bad;
+ cipher= *(++argv);
+ }
+ else if (strcmp(*argv,"-CAfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAfile= *(++argv);
+ }
+#ifdef FIONBIO
+ else if (strcmp(*argv,"-nbio") == 0)
+ { s_nbio=1; }
+#endif
+ else if (strcmp(*argv,"-nbio_test") == 0)
+ {
+#ifdef FIONBIO
+ s_nbio=1;
+#endif
+ s_nbio_test=1;
+ }
+ else if (strcmp(*argv,"-debug") == 0)
+ { s_debug=1; }
+ else if (strcmp(*argv,"-hack") == 0)
+ { hack=1; }
+ else if (strcmp(*argv,"-state") == 0)
+ { state=1; }
+ else if (strcmp(*argv,"-quiet") == 0)
+ { s_quiet=1; }
+ else if (strcmp(*argv,"-bugs") == 0)
+ { bugs=1; }
+ else if (strcmp(*argv,"-no_tmp_rsa") == 0)
+ { no_tmp_rsa=1; }
+ else if (strcmp(*argv,"-www") == 0)
+ { www=1; }
+ else if (strcmp(*argv,"-WWW") == 0)
+ { www=2; }
+#ifndef NO_SSL2
+ else if (strcmp(*argv,"-ssl2") == 0)
+ { meth=SSLv2_server_method(); }
+#endif
+#ifndef NO_SSL3
+ else if (strcmp(*argv,"-ssl3") == 0)
+ { meth=SSLv3_server_method(); }
+#endif
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badop=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+ if (badop)
+ {
+bad:
+ sv_usage();
+ goto end;
+ }
+
+ if (bio_s_out == NULL)
+ {
+ if (s_quiet && !s_debug)
+ {
+ bio_s_out=BIO_new(BIO_s_null());
+ }
+ else
+ {
+ if (bio_s_out == NULL)
+ bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+ }
+ }
+
+#if !defined(NO_RSA) || !defined(NO_DSA)
+ if (nocert)
+#endif
+ {
+ s_cert_file=NULL;
+ s_key_file=NULL;
+ }
+
+ SSL_load_error_strings();
+ SSLeay_add_ssl_algorithms();
+
+ ctx=SSL_CTX_new(meth);
+ if (ctx == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
+ if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+ if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
+
+ if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+
+#if 0
+ if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+#endif
+
+#if 0
+ if (s_cert_file == NULL)
+ {
+ BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");
+ goto end;
+ }
+#endif
+
+ if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx)))
+ {
+ BIO_printf(bio_err,"X509_load_verify_locations\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+#ifndef NO_DH
+ /* EAY EAY EAY evil hack */
+ dh=load_dh_param();
+ if (dh != NULL)
+ {
+ BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+ }
+ else
+ {
+ BIO_printf(bio_s_out,"Using default temp DH parameters\n");
+ dh=get_dh512();
+ }
+ BIO_flush(bio_s_out);
+
+ SSL_CTX_set_tmp_dh(ctx,dh);
+ DH_free(dh);
+#endif
+
+ if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
+ goto end;
+
+#if 1
+ SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+#else
+ if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
+ {
+ RSA *rsa;
+
+ BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");
+ BIO_flush(bio_s_out);
+
+ rsa=RSA_generate_key(512,RSA_F4,NULL);
+
+ if (!SSL_CTX_set_tmp_rsa(ctx,rsa))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ RSA_free(rsa);
+ BIO_printf(bio_s_out,"\n");
+ }
+#endif
+
+ if (cipher != NULL)
+ SSL_CTX_set_cipher_list(ctx,cipher);
+ SSL_CTX_set_verify(ctx,verify,verify_callback);
+
+ SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+ BIO_printf(bio_s_out,"ACCEPT\n");
+ if (www)
+ do_server(port,&accept_socket,www_body);
+ else
+ do_server(port,&accept_socket,sv_body);
+ print_stats(bio_s_out,ctx);
+ ret=0;
+end:
+ if (ctx != NULL) SSL_CTX_free(ctx);
+ if (bio_s_out != NULL)
+ {
+ BIO_free(bio_s_out);
+ bio_s_out=NULL;
+ }
+ EXIT(ret);
+ }
+
+static void print_stats(bio,ssl_ctx)
+BIO *bio;
+SSL_CTX *ssl_ctx;
+ {
+ BIO_printf(bio,"%4ld items in the session cache\n",
+ SSL_CTX_sess_number(ssl_ctx));
+ BIO_printf(bio,"%4d client connects (SSL_connect())\n",
+ SSL_CTX_sess_connect(ssl_ctx));
+ BIO_printf(bio,"%4d client connects that finished\n",
+ SSL_CTX_sess_connect_good(ssl_ctx));
+ BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
+ SSL_CTX_sess_accept(ssl_ctx));
+ BIO_printf(bio,"%4d server accepts that finished\n",
+ SSL_CTX_sess_accept_good(ssl_ctx));
+ BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
+ BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
+ BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
+ BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
+ }
+
+static int sv_body(hostname, s)
+char *hostname;
+int s;
+ {
+ char *buf=NULL;
+ fd_set readfds;
+ int ret=1,width;
+ int k,i;
+ unsigned long l;
+ SSL *con=NULL;
+ BIO *sbio;
+
+ if ((buf=Malloc(BUFSIZZ)) == NULL)
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto err;
+ }
+#ifdef FIONBIO
+ if (s_nbio)
+ {
+ unsigned long sl=1;
+
+ if (!s_quiet)
+ BIO_printf(bio_err,"turning on non blocking io\n");
+ socket_ioctl(s,FIONBIO,&sl);
+ }
+#endif
+
+ if (con == NULL)
+ con=(SSL *)SSL_new(ctx);
+ SSL_clear(con);
+
+ sbio=BIO_new_socket(s,BIO_NOCLOSE);
+ if (s_nbio_test)
+ {
+ BIO *test;
+
+ test=BIO_new(BIO_f_nbio_test());
+ sbio=BIO_push(test,sbio);
+ }
+ SSL_set_bio(con,sbio,sbio);
+ SSL_set_accept_state(con);
+ /* SSL_set_fd(con,s); */
+
+ if (s_debug)
+ {
+ con->debug=1;
+ BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
+ BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
+ }
+
+ width=s+1;
+ for (;;)
+ {
+ FD_ZERO(&readfds);
+#ifndef WINDOWS
+ FD_SET(fileno(stdin),&readfds);
+#endif
+ FD_SET(s,&readfds);
+ i=select(width,&readfds,NULL,NULL,NULL);
+ if (i <= 0) continue;
+ if (FD_ISSET(fileno(stdin),&readfds))
+ {
+ i=read(fileno(stdin),buf,BUFSIZZ);
+ if (!s_quiet)
+ {
+ if ((i <= 0) || (buf[0] == 'Q'))
+ {
+ BIO_printf(bio_s_out,"DONE\n");
+ SHUTDOWN(s);
+ close_accept_socket();
+ ret= -11;
+ goto err;
+ }
+ if ((i <= 0) || (buf[0] == 'q'))
+ {
+ BIO_printf(bio_s_out,"DONE\n");
+ SHUTDOWN(s);
+ /* close_accept_socket();
+ ret= -11;*/
+ goto err;
+ }
+ if (buf[0] == 'r')
+ {
+ SSL_renegotiate(con);
+ i=0; /*13; */
+ continue;
+ strcpy(buf,"server side RE-NEGOTIATE\n");
+ }
+ if (buf[0] == 'R')
+ {
+ SSL_set_verify(con,
+ SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
+ SSL_renegotiate(con);
+ i=0; /* 13; */
+ continue;
+ strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n");
+ }
+ if (buf[0] == 'P')
+ {
+ static char *str="Lets print some clear text\n";
+ BIO_write(SSL_get_wbio(con),str,strlen(str));
+ }
+ if (buf[0] == 'S')
+ {
+ print_stats(bio_s_out,SSL_get_SSL_CTX(con));
+ }
+ }
+ l=k=0;
+ for (;;)
+ {
+ /* should do a select for the write */
+ k=SSL_write(con,&(buf[l]),(unsigned int)i);
+ if (
+#ifdef FIONBIO
+ s_nbio &&
+#endif
+ BIO_sock_should_retry(k))
+ {
+ BIO_printf(bio_s_out,"Write BLOCK\n");
+ continue;
+ }
+ if (k <= 0)
+ {
+ ERR_print_errors(bio_err);
+ BIO_printf(bio_s_out,"DONE\n");
+ ret=1;
+ goto err;
+ }
+ l+=k;
+ i-=k;
+ if (i <= 0) break;
+ }
+ }
+ if (FD_ISSET(s,&readfds))
+ {
+ if (!SSL_is_init_finished(con))
+ {
+ i=init_ssl_connection(con);
+
+ if (i < 0)
+ {
+ ret=0;
+ goto err;
+ }
+ else if (i == 0)
+ {
+ ret=1;
+ goto err;
+ }
+ }
+ else
+ {
+ i=SSL_read(con,(char *)buf,BUFSIZZ);
+ if ((i <= 0) &&
+#ifdef FIONBIO
+ s_nbio &&
+#endif
+ BIO_sock_should_retry(i))
+ {
+ BIO_printf(bio_s_out,"Read BLOCK\n");
+ }
+ else if (i <= 0)
+ {
+ ERR_print_errors(bio_err);
+ BIO_printf(bio_s_out,"DONE\n");
+ ret=1;
+ goto err;
+ }
+ else
+ write(fileno(stdout),buf,
+ (unsigned int)i);
+ }
+ }
+ }
+err:
+ BIO_printf(bio_s_out,"shutting down SSL\n");
+#if 1
+ SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(con);
+#endif
+ if (con != NULL) SSL_free(con);
+ BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+ if (buf != NULL)
+ {
+ memset(buf,0,BUFSIZZ);
+ Free(buf);
+ }
+ if (ret >= 0)
+ BIO_printf(bio_s_out,"ACCEPT\n");
+ return(ret);
+ }
+
+static void close_accept_socket()
+ {
+ BIO_printf(bio_err,"shutdown accept socket\n");
+ if (accept_socket >= 0)
+ {
+ SHUTDOWN2(accept_socket);
+ }
+ }
+
+static int init_ssl_connection(con)
+SSL *con;
+ {
+ int i;
+ char *str;
+ X509 *peer;
+ int verify_error;
+ MS_STATIC char buf[BUFSIZ];
+
+ if ((i=SSL_accept(con)) <= 0)
+ {
+ if (BIO_sock_should_retry(i))
+ {
+ BIO_printf(bio_s_out,"DELAY\n");
+ return(1);
+ }
+
+ BIO_printf(bio_err,"ERROR\n");
+ verify_error=SSL_get_verify_result(con);
+ if (verify_error != X509_V_OK)
+ {
+ BIO_printf(bio_err,"verify error:%s\n",
+ X509_verify_cert_error_string(verify_error));
+ }
+ else
+ ERR_print_errors(bio_err);
+ return(0);
+ }
+
+ PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
+
+ peer=SSL_get_peer_certificate(con);
+ if (peer != NULL)
+ {
+ BIO_printf(bio_s_out,"Client certificate\n");
+ PEM_write_bio_X509(bio_s_out,peer);
+ X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
+ BIO_printf(bio_s_out,"subject=%s\n",buf);
+ X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
+ BIO_printf(bio_s_out,"issuer=%s\n",buf);
+ X509_free(peer);
+ }
+
+ if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
+ BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
+ str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+ BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
+ if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
+ return(1);
+ }
+
+static DH *load_dh_param()
+ {
+ DH *ret=NULL;
+ BIO *bio;
+
+#ifndef NO_DH
+ if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
+ goto err;
+ ret=PEM_read_bio_DHparams(bio,NULL,NULL);
+err:
+ if (bio != NULL) BIO_free(bio);
+#endif
+ return(ret);
+ }
+
+#if 0
+static int load_CA(ctx,file)
+SSL_CTX *ctx;
+char *file;
+ {
+ FILE *in;
+ X509 *x=NULL;
+
+ if ((in=fopen(file,"r")) == NULL)
+ return(0);
+
+ for (;;)
+ {
+ if (PEM_read_X509(in,&x,NULL) == NULL)
+ break;
+ SSL_CTX_add_client_CA(ctx,x);
+ }
+ if (x != NULL) X509_free(x);
+ fclose(in);
+ return(1);
+ }
+#endif
+
+static int www_body(hostname, s)
+char *hostname;
+int s;
+ {
+ char buf[1024];
+ int ret=1;
+ int i,j,k,blank,dot;
+ struct stat st_buf;
+ SSL *con;
+ SSL_CIPHER *c;
+ BIO *io,*ssl_bio,*sbio;
+
+ io=BIO_new(BIO_f_buffer());
+ ssl_bio=BIO_new(BIO_f_ssl());
+ if ((io == NULL) || (ssl_bio == NULL)) goto err;
+
+#ifdef FIONBIO
+ if (s_nbio)
+ {
+ unsigned int long sl=1;
+
+ if (!s_quiet)
+ BIO_printf(bio_err,"turning on non blocking io\n");
+ socket_ioctl(s,FIONBIO,&sl);
+ }
+#endif
+
+ /* lets make the output buffer a reasonable size */
+ if (!BIO_set_write_buffer_size(io,16*1024)) goto err;
+
+ if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+
+ sbio=BIO_new_socket(s,BIO_NOCLOSE);
+ if (s_nbio_test)
+ {
+ BIO *test;
+
+ test=BIO_new(BIO_f_nbio_test());
+ sbio=BIO_push(test,sbio);
+ }
+ SSL_set_bio(con,sbio,sbio);
+ SSL_set_accept_state(con);
+
+ /* SSL_set_fd(con,s); */
+ BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
+ BIO_push(io,ssl_bio);
+
+ if (s_debug)
+ {
+ con->debug=1;
+ BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
+ BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
+ }
+
+ blank=0;
+ for (;;)
+ {
+ if (hack)
+ {
+ i=SSL_accept(con);
+
+ switch (SSL_get_error(con,i))
+ {
+ case SSL_ERROR_NONE:
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ continue;
+ case SSL_ERROR_SYSCALL:
+ case SSL_ERROR_SSL:
+ case SSL_ERROR_ZERO_RETURN:
+ ret=1;
+ goto err;
+ break;
+ }
+
+ SSL_renegotiate(con);
+ SSL_write(con,NULL,0);
+ }
+
+ i=BIO_gets(io,buf,sizeof(buf)-1);
+ if (i < 0) /* error */
+ {
+ if (!BIO_should_retry(io))
+ {
+ if (!s_quiet)
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ else
+ {
+ BIO_printf(bio_s_out,"read R BLOCK\n");
+#ifndef MSDOS
+ sleep(1);
+#endif
+ continue;
+ }
+ }
+ else if (i == 0) /* end of input */
+ {
+ ret=1;
+ goto end;
+ }
+
+ /* else we have data */
+ if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
+ ((www == 2) && (strncmp("GET stats ",buf,10) == 0)))
+ {
+ char *p;
+ X509 *peer;
+ STACK *sk;
+ static char *space=" ";
+
+ BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ BIO_puts(io,"<pre>\n");
+/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
+ BIO_puts(io,"\n");
+ for (i=0; i<local_argc; i++)
+ {
+ BIO_puts(io,local_argv[i]);
+ BIO_write(io," ",1);
+ }
+ BIO_puts(io,"\n");
+
+ /* The following is evil and should not really
+ * be done */
+ BIO_printf(io,"Ciphers supported in s_server binary\n");
+ sk=SSL_get_ciphers(con);
+ j=sk_num(sk);
+ for (i=0; i<j; i++)
+ {
+ c=(SSL_CIPHER *)sk_value(sk,i);
+ BIO_printf(io,"%s:%-25s",
+ SSL_CIPHER_get_version(c),
+ SSL_CIPHER_get_name(c));
+ if ((((i+1)%3) == 0) && (i+1 != j))
+ BIO_puts(io,"\n");
+ }
+ BIO_puts(io,"\n");
+ p=SSL_get_shared_ciphers(con,buf,sizeof(buf));
+ if (p != NULL)
+ {
+ BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
+ j=i=0;
+ while (*p)
+ {
+ if (*p == ':')
+ {
+ BIO_write(io,space,15-j);
+ i++;
+ j=0;
+ BIO_write(io,((i%3)?" ":"\n"),1);
+ }
+ else
+ {
+ BIO_write(io,p,1);
+ j++;
+ }
+ p++;
+ }
+ BIO_puts(io,"\n");
+ }
+ BIO_printf(io,((con->hit)
+ ?"---\nReused, "
+ :"---\nNew, "));
+ c=SSL_get_current_cipher(con);
+ BIO_printf(io,"SSLv%d, Cipher is %s\n",
+ SSL_CIPHER_get_version(c),
+ SSL_CIPHER_get_name(c));
+ SSL_SESSION_print(io,SSL_get_session(con));
+ BIO_printf(io,"---\n");
+ print_stats(io,SSL_get_SSL_CTX(con));
+ BIO_printf(io,"---\n");
+ peer=SSL_get_peer_certificate(con);
+ if (peer != NULL)
+ {
+ BIO_printf(io,"Client certificate\n");
+ X509_print(io,peer);
+ PEM_write_bio_X509(io,peer);
+ }
+ else
+ BIO_puts(io,"no client certificate available\n");
+ break;
+ }
+ else if ((www == 2) && (strncmp("GET ",buf,4) == 0))
+ {
+ BIO *file;
+ char *p,*e;
+ static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+
+ /* skip the '/' */
+ p= &(buf[5]);
+ dot=0;
+ for (e=p; *e != '\0'; e++)
+ {
+ if (e[0] == ' ') break;
+ if ( (e[0] == '.') &&
+ (strncmp(&(e[-1]),"/../",4) == 0))
+ dot=1;
+ }
+
+ if (*e == '\0')
+ {
+ BIO_puts(io,text);
+ BIO_printf(io,"'%s' is an invalid file name\r\n",p);
+ break;
+ }
+ *e='\0';
+
+ if (dot)
+ {
+ BIO_puts(io,text);
+ BIO_printf(io,"'%s' contains '..' reference\r\n",p);
+ break;
+ }
+
+ if (*p == '/')
+ {
+ BIO_puts(io,text);
+ BIO_printf(io,"'%s' is an invalid path\r\n",p);
+ break;
+ }
+
+ /* append if a directory lookup */
+ if (e[-1] == '/')
+ strcat(p,"index.html");
+
+ /* if a directory, do the index thang */
+ if (stat(p,&st_buf) < 0)
+ {
+ BIO_puts(io,text);
+ BIO_printf(io,"Error accessing '%s'\r\n",p);
+ ERR_print_errors(io);
+ break;
+ }
+ if (S_ISDIR(st_buf.st_mode))
+ {
+ strcat(p,"/index.html");
+ }
+
+ if ((file=BIO_new_file(p,"r")) == NULL)
+ {
+ BIO_puts(io,text);
+ BIO_printf(io,"Error opening '%s'\r\n",p);
+ ERR_print_errors(io);
+ break;
+ }
+
+ if (!s_quiet)
+ BIO_printf(bio_err,"FILE:%s\n",p);
+
+ i=strlen(p);
+ if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
+ ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
+ ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
+ BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ else
+ BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+ /* send the file */
+ for (;;)
+ {
+ i=BIO_read(file,buf,1024);
+ if (i <= 0) break;
+
+ for (j=0; j<i; )
+ {
+ k=BIO_write(io,&(buf[j]),i-j);
+ if (k <= 0)
+ {
+ if (!BIO_should_retry(io))
+ break;
+ else
+ {
+ BIO_printf(bio_s_out,"rwrite W BLOCK\n");
+ }
+ }
+ else
+ {
+ j+=k;
+ }
+ }
+ }
+ BIO_free(file);
+ break;
+ }
+ }
+
+ for (;;)
+ {
+ i=(int)BIO_flush(io);
+ if (i <= 0)
+ {
+ if (!BIO_should_retry(io))
+ break;
+ }
+ else
+ break;
+ }
+end:
+#if 0
+ /* make sure we re-use sessions */
+ SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+ /* This kills performace */
+ SSL_shutdown(con);
+#endif
+
+err:
+
+ if (ret >= 0)
+ BIO_printf(bio_s_out,"ACCEPT\n");
+
+ if (io != NULL) BIO_free_all(io);
+/* if (ssl_bio != NULL) BIO_free(ssl_bio); */
+ return(ret);
+ }
+
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+SSL *s;
+int export;
+ {
+ static RSA *rsa_tmp=NULL;
+
+ if (rsa_tmp == NULL)
+ {
+ if (!s_quiet)
+ {
+ BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+ BIO_flush(bio_err);
+ }
+#ifndef NO_RSA
+ rsa_tmp=RSA_generate_key(512,RSA_F4,NULL);
+#endif
+ if (!s_quiet)
+ {
+ BIO_printf(bio_err,"\n");
+ BIO_flush(bio_err);
+ }
+ }
+ return(rsa_tmp);
+ }
diff --git a/apps/s_socket.c b/apps/s_socket.c
new file mode 100644
index 0000000..810061e
--- /dev/null
+++ b/apps/s_socket.c
@@ -0,0 +1,684 @@
+/* apps/s_socket.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+#define USE_SOCKETS
+#define NON_MAIN
+#include "apps.h"
+#undef USE_SOCKETS
+#undef NON_MAIN
+#include "s_apps.h"
+#include "ssl.h"
+
+#ifndef NOPROTO
+static struct hostent *GetHostByName(char *name);
+int sock_init(void );
+#else
+static struct hostent *GetHostByName();
+int sock_init();
+#endif
+
+#ifdef WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#ifdef WINDOWS
+static struct WSAData wsa_state;
+static int wsa_init_done=0;
+
+#ifdef WIN16
+static HWND topWnd=0;
+static FARPROC lpTopWndProc=NULL;
+static FARPROC lpTopHookProc=NULL;
+extern HINSTANCE _hInstance; /* nice global CRT provides */
+
+static LONG FAR PASCAL topHookProc(hwnd,message,wParam,lParam)
+HWND hwnd;
+UINT message;
+WPARAM wParam;
+LPARAM lParam;
+ {
+ if (hwnd == topWnd)
+ {
+ switch(message)
+ {
+ case WM_DESTROY:
+ case WM_CLOSE:
+ SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
+ sock_cleanup();
+ break;
+ }
+ }
+ return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);
+ }
+
+static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
+ {
+ topWnd=hwnd;
+ return(FALSE);
+ }
+
+#endif /* WIN32 */
+#endif /* WINDOWS */
+
+void sock_cleanup()
+ {
+#ifdef WINDOWS
+ if (wsa_init_done)
+ {
+ wsa_init_done=0;
+ WSACancelBlockingCall();
+ WSACleanup();
+ }
+#endif
+ }
+
+int sock_init()
+ {
+#ifdef WINDOWS
+ if (!wsa_init_done)
+ {
+ int err;
+
+#ifdef SIGINT
+ signal(SIGINT,(void (*)(int))sock_cleanup);
+#endif
+ wsa_init_done=1;
+ memset(&wsa_state,0,sizeof(wsa_state));
+ if (WSAStartup(0x0101,&wsa_state)!=0)
+ {
+ err=WSAGetLastError();
+ BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
+ return(0);
+ }
+
+#ifdef WIN16
+ EnumTaskWindows(GetCurrentTask(),enumproc,0L);
+ lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
+ lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
+
+ SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
+#endif /* WIN16 */
+ }
+#endif /* WINDOWS */
+ return(1);
+ }
+
+int init_client(sock, host, port)
+int *sock;
+char *host;
+int port;
+ {
+ unsigned char ip[4];
+ short p=0;
+
+ if (!host_ip(host,&(ip[0])))
+ {
+ return(0);
+ }
+ if (p != 0) port=p;
+ return(init_client_ip(sock,ip,port));
+ }
+
+int init_client_ip(sock, ip, port)
+int *sock;
+unsigned char ip[4];
+int port;
+ {
+ unsigned long addr;
+ struct sockaddr_in them;
+ int s,i;
+
+ if (!sock_init()) return(0);
+
+ memset((char *)&them,0,sizeof(them));
+ them.sin_family=AF_INET;
+ them.sin_port=htons((unsigned short)port);
+ addr=(unsigned long)
+ ((unsigned long)ip[0]<<24L)|
+ ((unsigned long)ip[1]<<16L)|
+ ((unsigned long)ip[2]<< 8L)|
+ ((unsigned long)ip[3]);
+ them.sin_addr.s_addr=htonl(addr);
+
+ s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+ i=0;
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+ if (i < 0) { perror("keepalive"); return(0); }
+
+ if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+ { close(s); perror("connect"); return(0); }
+ *sock=s;
+ return(1);
+ }
+
+int nbio_sock_error(sock)
+int sock;
+ {
+ int j,i,size;
+
+ size=sizeof(int);
+ i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
+ if (i < 0)
+ return(1);
+ else
+ return(j);
+ }
+
+int nbio_init_client_ip(sock, ip, port)
+int *sock;
+unsigned char ip[4];
+int port;
+ {
+ unsigned long addr;
+ struct sockaddr_in them;
+ int s,i;
+
+ if (!sock_init()) return(0);
+
+ memset((char *)&them,0,sizeof(them));
+ them.sin_family=AF_INET;
+ them.sin_port=htons((unsigned short)port);
+ addr= (unsigned long)
+ ((unsigned long)ip[0]<<24L)|
+ ((unsigned long)ip[1]<<16L)|
+ ((unsigned long)ip[2]<< 8L)|
+ ((unsigned long)ip[3]);
+ them.sin_addr.s_addr=htonl(addr);
+
+ if (*sock <= 0)
+ {
+ unsigned long l=1;
+
+ s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+ i=0;
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+ if (i < 0) { perror("keepalive"); return(0); }
+ *sock=s;
+
+#ifdef FIONBIO
+ socket_ioctl(s,FIONBIO,&l);
+#endif
+ }
+ else
+ s= *sock;
+
+ i=connect(s,(struct sockaddr *)&them,sizeof(them));
+ if (i == INVALID_SOCKET)
+ {
+ if (BIO_sock_should_retry(i))
+ return(-1);
+ else
+ return(0);
+ }
+ else
+ return(1);
+ }
+
+int do_server(port, ret, cb)
+int port;
+int *ret;
+int (*cb)();
+ {
+ int sock;
+ char *name;
+ int accept_socket;
+ int i;
+
+ if (!init_server(&accept_socket,port)) return(0);
+
+ if (ret != NULL)
+ {
+ *ret=accept_socket;
+ /* return(1);*/
+ }
+ for (;;)
+ {
+ if (do_accept(accept_socket,&sock,&name) == 0)
+ {
+ SHUTDOWN(accept_socket);
+ return(0);
+ }
+ i=(*cb)(name,sock);
+ if (name != NULL) Free(name);
+ SHUTDOWN(sock);
+ if (i < 0)
+ {
+ SHUTDOWN(accept_socket);
+ return(i);
+ }
+ }
+ }
+
+int init_server(sock, port)
+int *sock;
+int port;
+ {
+ int ret=0;
+ struct sockaddr_in server;
+ int s= -1,i;
+
+ if (!sock_init()) return(0);
+
+ memset((char *)&server,0,sizeof(server));
+ server.sin_family=AF_INET;
+ server.sin_port=htons((unsigned short)port);
+ server.sin_addr.s_addr=INADDR_ANY;
+ s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+
+ if (s == INVALID_SOCKET) goto err;
+ if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+ {
+#ifndef WINDOWS
+ perror("bind");
+#endif
+ goto err;
+ }
+ if (listen(s,5) == -1) goto err;
+ i=0;
+ *sock=s;
+ ret=1;
+err:
+ if ((ret == 0) && (s != -1))
+ {
+ SHUTDOWN(s);
+ }
+ return(ret);
+ }
+
+int do_accept(acc_sock, sock, host)
+int acc_sock;
+int *sock;
+char **host;
+ {
+ int ret,i;
+ struct hostent *h1,*h2;
+ static struct sockaddr_in from;
+ int len;
+/* struct linger ling; */
+
+ if (!sock_init()) return(0);
+
+#ifndef WINDOWS
+redoit:
+#endif
+
+ memset((char *)&from,0,sizeof(from));
+ len=sizeof(from);
+ ret=accept(acc_sock,(struct sockaddr *)&from,&len);
+ if (ret == INVALID_SOCKET)
+ {
+#ifdef WINDOWS
+ i=WSAGetLastError();
+ BIO_printf(bio_err,"accept error %d\n",i);
+#else
+ if (errno == EINTR)
+ {
+ /*check_timeout(); */
+ goto redoit;
+ }
+ fprintf(stderr,"errno=%d ",errno);
+ perror("accept");
+#endif
+ return(0);
+ }
+
+/*
+ ling.l_onoff=1;
+ ling.l_linger=0;
+ i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
+ if (i < 0) { perror("linger"); return(0); }
+ i=0;
+ i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+ if (i < 0) { perror("keepalive"); return(0); }
+*/
+
+ if (host == NULL) goto end;
+ /* I should use WSAAsyncGetHostByName() under windows */
+ h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
+ sizeof(from.sin_addr.s_addr),AF_INET);
+ if (h1 == NULL)
+ {
+ BIO_printf(bio_err,"bad gethostbyaddr\n");
+ *host=NULL;
+ /* return(0); */
+ }
+ else
+ {
+ if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL)
+ {
+ perror("Malloc");
+ return(0);
+ }
+ strcpy(*host,h1->h_name);
+
+ h2=GetHostByName(*host);
+ if (h2 == NULL)
+ {
+ BIO_printf(bio_err,"gethostbyname failure\n");
+ return(0);
+ }
+ i=0;
+ if (h2->h_addrtype != AF_INET)
+ {
+ BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+ return(0);
+ }
+ }
+end:
+ *sock=ret;
+ return(1);
+ }
+
+int socket_ioctl(fd,type,arg)
+int fd;
+long type;
+unsigned long *arg;
+ {
+ int i,err;
+#ifdef WINDOWS
+ i=ioctlsocket(fd,type,arg);
+#else
+ i=ioctl(fd,type,arg);
+#endif
+ if (i < 0)
+ {
+#ifdef WINDOWS
+ err=WSAGetLastError();
+#else
+ err=errno;
+#endif
+ BIO_printf(bio_err,"ioctl on socket failed:error %d\n",err);
+ }
+ return(i);
+ }
+
+int sock_err()
+ {
+#ifdef WINDOWS
+ return(WSAGetLastError());
+#else
+ return(errno);
+#endif
+ }
+
+int extract_host_port(str,host_ptr,ip,port_ptr)
+char *str;
+char **host_ptr;
+unsigned char *ip;
+short *port_ptr;
+ {
+ char *h,*p;
+
+ h=str;
+ p=strchr(str,':');
+ if (p == NULL)
+ {
+ BIO_printf(bio_err,"no port defined\n");
+ return(0);
+ }
+ *(p++)='\0';
+
+ if ((ip != NULL) && !host_ip(str,ip))
+ goto err;
+ if (host_ptr != NULL) *host_ptr=h;
+
+ if (!extract_port(p,port_ptr))
+ goto err;
+ return(1);
+err:
+ return(0);
+ }
+
+int host_ip(str,ip)
+char *str;
+unsigned char ip[4];
+ {
+ unsigned int in[4];
+ int i;
+
+ if (sscanf(str,"%d.%d.%d.%d",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+ {
+ for (i=0; i<4; i++)
+ if (in[i] > 255)
+ {
+ BIO_printf(bio_err,"invalid IP address\n");
+ goto err;
+ }
+ ip[0]=in[0];
+ ip[1]=in[1];
+ ip[2]=in[2];
+ ip[3]=in[3];
+ }
+ else
+ { /* do a gethostbyname */
+ struct hostent *he;
+
+ if (!sock_init()) return(0);
+
+ he=GetHostByName(str);
+ if (he == NULL)
+ {
+ BIO_printf(bio_err,"gethostbyname failure\n");
+ goto err;
+ }
+ /* cast to short because of win16 winsock definition */
+ if ((short)he->h_addrtype != AF_INET)
+ {
+ BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+ return(0);
+ }
+ ip[0]=he->h_addr_list[0][0];
+ ip[1]=he->h_addr_list[0][1];
+ ip[2]=he->h_addr_list[0][2];
+ ip[3]=he->h_addr_list[0][3];
+ }
+ return(1);
+err:
+ return(0);
+ }
+
+int extract_port(str,port_ptr)
+char *str;
+short *port_ptr;
+ {
+ int i;
+ struct servent *s;
+
+ i=atoi(str);
+ if (i != 0)
+ *port_ptr=(unsigned short)i;
+ else
+ {
+ s=getservbyname(str,"tcp");
+ if (s == NULL)
+ {
+ BIO_printf(bio_err,"getservbyname failure for %s\n",str);
+ return(0);
+ }
+ *port_ptr=ntohs((unsigned short)s->s_port);
+ }
+ return(1);
+ }
+
+#define GHBN_NUM 4
+static struct ghbn_cache_st
+ {
+ char name[128];
+ struct hostent ent;
+ unsigned long order;
+ } ghbn_cache[GHBN_NUM];
+
+static unsigned long ghbn_hits=0L;
+static unsigned long ghbn_miss=0L;
+
+static struct hostent *GetHostByName(name)
+char *name;
+ {
+ struct hostent *ret;
+ int i,lowi=0;
+ unsigned long low= (unsigned long)-1;
+
+ for (i=0; i<GHBN_NUM; i++)
+ {
+ if (low > ghbn_cache[i].order)
+ {
+ low=ghbn_cache[i].order;
+ lowi=i;
+ }
+ if (ghbn_cache[i].order > 0)
+ {
+ if (strncmp(name,ghbn_cache[i].name,128) == 0)
+ break;
+ }
+ }
+ if (i == GHBN_NUM) /* no hit*/
+ {
+ ghbn_miss++;
+ ret=gethostbyname(name);
+ if (ret == NULL) return(NULL);
+ /* else add to cache */
+ strncpy(ghbn_cache[lowi].name,name,128);
+ memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+ ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+ return(ret);
+ }
+ else
+ {
+ ghbn_hits++;
+ ret= &(ghbn_cache[i].ent);
+ ghbn_cache[i].order=ghbn_miss+ghbn_hits;
+ return(ret);
+ }
+ }
+
+#ifndef MSDOS
+int spawn(argc, argv, in, out)
+int argc;
+char **argv;
+int *in;
+int *out;
+ {
+ int pid;
+#define CHILD_READ p1[0]
+#define CHILD_WRITE p2[1]
+#define PARENT_READ p2[0]
+#define PARENT_WRITE p1[1]
+ int p1[2],p2[2];
+
+ if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
+
+ if ((pid=fork()) == 0)
+ { /* child */
+ if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
+ perror("dup2");
+ if (dup2(CHILD_WRITE,fileno(stderr)) < 0)
+ perror("dup2");
+ if (dup2(CHILD_READ,fileno(stdin)) < 0)
+ perror("dup2");
+ close(CHILD_READ);
+ close(CHILD_WRITE);
+
+ close(PARENT_READ);
+ close(PARENT_WRITE);
+ execvp(argv[0],argv);
+ perror("child");
+ exit(1);
+ }
+
+ /* parent */
+ *in= PARENT_READ;
+ *out=PARENT_WRITE;
+ close(CHILD_READ);
+ close(CHILD_WRITE);
+ return(pid);
+ }
+#endif /* MSDOS */
+
+
+#ifdef undef
+ /* Turn on synchronous sockets so that we can do a WaitForMultipleObjects
+ * on sockets */
+ {
+ SOCKET s;
+ int optionValue = SO_SYNCHRONOUS_NONALERT;
+ int err;
+
+ err = setsockopt(
+ INVALID_SOCKET,
+ SOL_SOCKET,
+ SO_OPENTYPE,
+ (char *)&optionValue,
+ sizeof(optionValue));
+ if (err != NO_ERROR) {
+ /* failed for some reason... */
+ BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n",
+ WSAGetLastError());
+ }
+ }
+#endif
diff --git a/apps/s_time.c b/apps/s_time.c
new file mode 100644
index 0000000..853a9dc
--- /dev/null
+++ b/apps/s_time.c
@@ -0,0 +1,648 @@
+/* apps/s_time.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef NO_SHUTDOWN
+
+/*-----------------------------------------
+ cntime - SSL client connection timer program
+ Written and donated by Larry Streepy <streepy@healthcare.com>
+ -----------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "x509.h"
+#include "ssl.h"
+#include "pem.h"
+#define USE_SOCKETS
+#include "apps.h"
+#include "s_apps.h"
+#include "err.h"
+#ifdef WIN32_STUFF
+#include "winmain.h"
+#include "wintext.h"
+#endif
+
+#ifndef MSDOS
+#define TIMES
+#endif
+
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+ time_t tms_utime;
+ time_t tms_stime;
+ time_t tms_uchild; /* I dunno... */
+ time_t tms_uchildsys; /* so these names are a guess :-) */
+ }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#ifdef _AIX
+#include <sys/select.h>
+#endif
+
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+/* The following if from times(3) man page. It may need to be changed
+*/
+#ifndef HZ
+#ifndef CLK_TCK
+#ifndef VMS
+#define HZ 100.0
+#else /* VMS */
+#define HZ 100.0
+#endif
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#undef PROG
+#define PROG s_time_main
+
+#define ioctl ioctlsocket
+
+#define SSL_CONNECT_NAME "localhost:4433"
+
+/*#define TEST_CERT "client.pem" */ /* no default cert. */
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*10
+
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+#define max(a,b) (((a) > (b)) ? (a) : (b))
+
+#undef SECONDS
+#define SECONDS 30
+extern int verify_depth;
+extern int verify_error;
+
+#ifndef NOPROTO
+static void s_time_usage(void);
+static int parseArgs( int argc, char **argv );
+static SSL *doConnection( SSL *scon );
+#else
+static void s_time_usage();
+static int parseArgs();
+static SSL *doConnection();
+#endif
+
+
+/***********************************************************************
+ * Static data declarations
+ */
+
+/* static char *port=PORT_STR;*/
+static char *host=SSL_CONNECT_NAME;
+static char *t_cert_file=NULL;
+static char *t_key_file=NULL;
+static char *CApath=NULL;
+static char *CAfile=NULL;
+static char *tm_cipher=NULL;
+static int tm_verify = SSL_VERIFY_NONE;
+static int maxTime = SECONDS;
+static SSL_CTX *tm_ctx=NULL;
+static SSL_METHOD *s_time_meth=NULL;
+static char *s_www_path=NULL;
+static long bytes_read=0;
+static int st_bugs=0;
+static int perform=0;
+
+#ifdef FIONBIO
+static int t_nbio=0;
+#endif
+
+#ifdef WIN32
+static int exitNow = 0; /* Set when it's time to exit main */
+#endif
+
+/***********************************************************************
+ * usage - display usage message
+ */
+static void s_time_usage()
+{
+ static char umsg[] = "\
+-time arg - max number of seconds to collect data, default %d\n\
+-verify arg - turn on peer certificate verification, arg == depth\n\
+-cert arg - certificate file to use, PEM format assumed\n\
+-key arg - RSA file to use, PEM format assumed, in cert file if\n\
+ not specified but cert fill is.\n\
+-CApath arg - PEM format directory of CA's\n\
+-CAfile arg - PEM format file of CA's\n\
+-cipher - prefered cipher to use, play with 'ssleay ciphers'\n\n";
+
+ printf( "usage: client <args>\n\n" );
+
+ printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
+#ifdef FIONBIO
+ printf("-nbio - Run with non-blocking IO\n");
+ printf("-ssl2 - Just use SSLv2\n");
+ printf("-ssl3 - Just use SSLv3\n");
+ printf("-bugs - Turn on SSL bug compatability\n");
+ printf("-new - Just time new connections\n");
+ printf("-reuse - Just time connection reuse\n");
+ printf("-www page - Retrieve 'page' from the site\n");
+#endif
+ printf( umsg,SECONDS );
+}
+
+/***********************************************************************
+ * parseArgs - Parse command line arguments and initialize data
+ *
+ * Returns 0 if ok, -1 on bad args
+ */
+static int parseArgs(argc,argv)
+int argc;
+char **argv;
+{
+ int badop = 0;
+
+ verify_depth=0;
+ verify_error=X509_V_OK;
+#ifdef FIONBIO
+ t_nbio=0;
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+ argc--;
+ argv++;
+
+ while (argc >= 1) {
+ if (strcmp(*argv,"-connect") == 0)
+ {
+ if (--argc < 1) goto bad;
+ host= *(++argv);
+ }
+#if 0
+ else if( strcmp(*argv,"-host") == 0)
+ {
+ if (--argc < 1) goto bad;
+ host= *(++argv);
+ }
+ else if( strcmp(*argv,"-port") == 0)
+ {
+ if (--argc < 1) goto bad;
+ port= *(++argv);
+ }
+#endif
+ else if (strcmp(*argv,"-reuse") == 0)
+ perform=2;
+ else if (strcmp(*argv,"-new") == 0)
+ perform=1;
+ else if( strcmp(*argv,"-verify") == 0) {
+
+ tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1) goto bad;
+ verify_depth=atoi(*(++argv));
+ BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+
+ } else if( strcmp(*argv,"-cert") == 0) {
+
+ if (--argc < 1) goto bad;
+ t_cert_file= *(++argv);
+
+ } else if( strcmp(*argv,"-key") == 0) {
+
+ if (--argc < 1) goto bad;
+ t_key_file= *(++argv);
+
+ } else if( strcmp(*argv,"-CApath") == 0) {
+
+ if (--argc < 1) goto bad;
+ CApath= *(++argv);
+
+ } else if( strcmp(*argv,"-CAfile") == 0) {
+
+ if (--argc < 1) goto bad;
+ CAfile= *(++argv);
+
+ } else if( strcmp(*argv,"-cipher") == 0) {
+
+ if (--argc < 1) goto bad;
+ tm_cipher= *(++argv);
+ }
+#ifdef FIONBIO
+ else if(strcmp(*argv,"-nbio") == 0) {
+ t_nbio=1;
+ }
+#endif
+ else if(strcmp(*argv,"-www") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_www_path= *(++argv);
+ }
+ else if(strcmp(*argv,"-bugs") == 0)
+ st_bugs=1;
+#ifndef NO_SSL2
+ else if(strcmp(*argv,"-ssl2") == 0)
+ s_time_meth=SSLv2_client_method();
+#endif
+#ifndef NO_SSL3
+ else if(strcmp(*argv,"-ssl3") == 0)
+ s_time_meth=SSLv3_client_method();
+#endif
+ else if( strcmp(*argv,"-time") == 0) {
+
+ if (--argc < 1) goto bad;
+ maxTime= atoi(*(++argv));
+ }
+ else {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badop=1;
+ break;
+ }
+
+ argc--;
+ argv++;
+ }
+
+ if (perform == 0) perform=3;
+
+ if(badop) {
+bad:
+ s_time_usage();
+ return -1;
+ }
+
+ return 0; /* Valid args */
+}
+
+/***********************************************************************
+ * TIME - time functions
+ */
+#define START 0
+#define STOP 1
+
+static double tm_Time_F(s)
+int s;
+ {
+ static double ret;
+#ifdef TIMES
+ static struct tms tstart,tend;
+
+ if(s == START) {
+ times(&tstart);
+ return(0);
+ } else {
+ times(&tend);
+ ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+ return((ret == 0.0)?1e-6:ret);
+ }
+#else /* !times() */
+ static struct timeb tstart,tend;
+ long i;
+
+ if(s == START) {
+ ftime(&tstart);
+ return(0);
+ } else {
+ ftime(&tend);
+ i=(long)tend.millitm-(long)tstart.millitm;
+ ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+ return((ret == 0.0)?1e-6:ret);
+ }
+#endif
+}
+
+/***********************************************************************
+ * MAIN - main processing area for client
+ * real name depends on MONOLITH
+ */
+int
+MAIN(argc,argv)
+int argc;
+char **argv;
+ {
+ double totalTime = 0.0;
+ int nConn = 0;
+ SSL *scon=NULL;
+ long finishtime=0;
+ int ret=1,i;
+ MS_STATIC char buf[1024*8];
+
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+ s_time_meth=SSLv23_client_method();
+#elif !defined(NO_SSL3)
+ s_time_meth=SSLv3_client_method();
+#elif !defined(NO_SSL2)
+ s_time_meth=SSLv2_client_method();
+#endif
+
+ /* parse the command line arguments */
+ if( parseArgs( argc, argv ) < 0 )
+ goto end;
+
+ SSLeay_add_ssl_algorithms();
+ if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
+
+ if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
+ SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
+ if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file))
+ goto end;
+
+ SSL_load_error_strings();
+
+ if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(tm_ctx)))
+ {
+ BIO_printf(bio_err,"error seting default verify locations\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (tm_cipher == NULL)
+ tm_cipher = getenv("SSL_CIPHER");
+
+ if (tm_cipher == NULL ) {
+ fprintf( stderr, "No CIPHER specified\n" );
+/* EXIT(1); */
+ }
+
+ if (!(perform & 1)) goto next;
+ printf( "Collecting connection statistics for %d seconds\n", maxTime );
+
+ /* Loop and time how long it takes to make connections */
+
+ bytes_read=0;
+ finishtime=(long)time(NULL)+maxTime;
+ tm_Time_F(START);
+ for (;;)
+ {
+ if (finishtime < time(NULL)) break;
+#ifdef WIN32_STUFF
+
+ if( flushWinMsgs(0) == -1 )
+ goto end;
+
+ if( waitingToDie || exitNow ) /* we're dead */
+ goto end;
+#endif
+
+ if( (scon = doConnection( NULL )) == NULL )
+ goto end;
+
+ if (s_www_path != NULL)
+ {
+ sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ SSL_write(scon,buf,strlen(buf));
+ while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
+ bytes_read+=i;
+ }
+
+#ifdef NO_SHUTDOWN
+ SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(scon);
+#endif
+ SHUTDOWN(SSL_get_fd(scon));
+
+ nConn += 1;
+ fputc(SSL_session_reused(scon)?'r':
+ (SSL_version(scon))+'0', stdout );
+ fflush(stdout);
+
+ SSL_free( scon );
+ scon=NULL;
+ }
+ totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+ i=(int)(time(NULL)-finishtime+maxTime);
+ printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+ printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+
+ /* Now loop and time connections using the same session id over and over */
+
+next:
+ if (!(perform & 2)) goto end;
+ printf( "\n\nNow timing with session id reuse.\n" );
+
+ /* Get an SSL object so we can reuse the session id */
+ if( (scon = doConnection( NULL )) == NULL )
+ {
+ fprintf( stderr, "Unable to get connection\n" );
+ goto end;
+ }
+
+ if (s_www_path != NULL)
+ {
+ sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ SSL_write(scon,buf,strlen(buf));
+ while (SSL_read(scon,buf,sizeof(buf)) > 0)
+ ;
+ }
+#ifdef NO_SHUTDOWN
+ SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(scon);
+#endif
+ SHUTDOWN(SSL_get_fd(scon));
+
+ nConn = 0;
+ totalTime = 0.0;
+
+ finishtime=time(NULL)+maxTime;
+
+ printf( "starting\n" );
+ bytes_read=0;
+ tm_Time_F(START);
+
+ for (;;)
+ {
+ if (finishtime < time(NULL)) break;
+
+#ifdef WIN32_STUFF
+ if( flushWinMsgs(0) == -1 )
+ goto end;
+
+ if( waitingToDie || exitNow ) /* we're dead */
+ goto end;
+#endif
+
+ if( (doConnection( scon )) == NULL )
+ goto end;
+
+ if (s_www_path)
+ {
+ sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+ SSL_write(scon,buf,strlen(buf));
+ while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
+ bytes_read+=i;
+ }
+
+#ifdef NO_SHUTDOWN
+ SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(scon);
+#endif
+ SHUTDOWN(SSL_get_fd(scon));
+
+ nConn += 1;
+ fputc(SSL_session_reused(scon)?'r':
+ (SSL_version(scon))+'0', stdout );
+ fflush(stdout);
+ }
+ totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
+
+
+ printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+ printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+
+ ret=0;
+end:
+ if (scon != NULL) SSL_free(scon);
+
+ if (tm_ctx != NULL)
+ {
+ SSL_CTX_free(tm_ctx);
+ tm_ctx=NULL;
+ }
+ EXIT(ret);
+ }
+
+/***********************************************************************
+ * doConnection - make a connection
+ * Args:
+ * scon = earlier ssl connection for session id, or NULL
+ * Returns:
+ * SSL * = the connection pointer.
+ */
+static SSL *
+doConnection(scon)
+SSL *scon;
+ {
+ BIO *conn;
+ SSL *serverCon;
+ int width, i;
+ fd_set readfds;
+
+ if ((conn=BIO_new(BIO_s_connect())) == NULL)
+ return(NULL);
+
+/* BIO_set_port(conn,port);*/
+ BIO_set_hostname(conn,host);
+
+ if (scon == NULL)
+ serverCon=(SSL *)SSL_new(tm_ctx);
+ else
+ {
+ serverCon=scon;
+ SSL_set_connect_state(serverCon);
+ }
+
+ SSL_set_bio(serverCon,conn,conn);
+
+#if 0
+ if( scon != NULL )
+ SSL_set_session(serverCon,SSL_get_session(scon));
+#endif
+
+ /* ok, lets connect */
+ for(;;) {
+ i=SSL_connect(serverCon);
+ if (BIO_sock_should_retry(i))
+ {
+ BIO_printf(bio_err,"DELAY\n");
+
+ i=SSL_get_fd(serverCon);
+ width=i+1;
+ FD_ZERO(&readfds);
+ FD_SET(i,&readfds);
+ select(width,&readfds,NULL,NULL,NULL);
+ continue;
+ }
+ break;
+ }
+ if(i <= 0)
+ {
+ BIO_printf(bio_err,"ERROR\n");
+ if (verify_error != X509_V_OK)
+ BIO_printf(bio_err,"verify error:%s\n",
+ X509_verify_cert_error_string(verify_error));
+ else
+ ERR_print_errors(bio_err);
+ if (scon == NULL)
+ SSL_free(serverCon);
+ return NULL;
+ }
+
+ return serverCon;
+ }
+
+
diff --git a/apps/server.pem b/apps/server.pem
new file mode 100644
index 0000000..eabb927
--- /dev/null
+++ b/apps/server.pem
@@ -0,0 +1,369 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
+MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
+mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
+xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
+irObpESxAZLySCmPPg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+notBefore=950413210656Z
+notAfter =970412210656Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
+ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
+VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
+MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
+3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
+YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
+hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
+dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
+zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
+-----END X509 CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
+-----BEGIN X509 CERTIFICATE-----
+MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
+LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
+MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
+b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
+EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
+bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
+ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
+hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
+ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
+bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
+fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
+R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
+Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
+-----END X509 CERTIFICATE-----
+-----BEGIN X509 CERTIFICATE-----
+
+MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
+bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
+BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
+BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
+ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
+ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
+H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
+WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
+MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
+LC7obsrHD8XAHG+ZRG==
+-----END X509 CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
+A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
+aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
+LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
+gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
+dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
+SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
+bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
+OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
+GJNMJ4L0AJ/ac+SmHZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
+subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+ /OU=Certification Services Division/CN=Thawte Server CA
+ /Email=server-certs@thawte.com
+issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+ /OU=Certification Services Division/CN=Thawte Server CA
+ /Email=server-certs@thawte.com
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
+hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
+N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
+ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
+bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
+aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
+F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
+Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
+KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
+SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
+7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
+qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
+NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
+A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
+FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
+Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
+G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
+c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
+w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
+GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
+3VZdLbCVIhNoEsysrxCpxcI=
+-----END CERTIFICATE-----
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
diff --git a/apps/server2.pem b/apps/server2.pem
new file mode 100644
index 0000000..8bb6641
--- /dev/null
+++ b/apps/server2.pem
@@ -0,0 +1,376 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5
+MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl
+cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm
+RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa
+6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf
+JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB
+gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6
+dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
+8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
+notBefore=950413210656Z
+notAfter =970412210656Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
+ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
+VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
+MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
+3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
+YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
+hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
+dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
+zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
+-----END X509 CERTIFICATE-----
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
+gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
+2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
+AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
+hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
+J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
+HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
+21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
+nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
+MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
+pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
+KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
+XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
+-----END RSA PRIVATE KEY-----
+-----BEGIN X509 CERTIFICATE-----
+MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
+LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
+MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
+b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
+EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
+bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
+ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
+hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
+ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
+bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
+fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
+R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
+Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
+-----END X509 CERTIFICATE-----
+-----BEGIN X509 CERTIFICATE-----
+
+MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
+Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
+GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
+bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
+BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
+BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
+ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
+ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
+H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
+WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
+MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
+LC7obsrHD8XAHG+ZRG==
+-----END X509 CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
+A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
+aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
+LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
+gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
+ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
+dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
+SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
+bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
+OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
+GJNMJ4L0AJ/ac+SmHZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
+OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
+NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
+40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
+22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
+BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
+Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
+xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
+cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
+wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
+vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
+AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
+z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
+xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
+HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
+yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
+xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
+7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
+h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
+QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
+hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
+-----END RSA PRIVATE KEY-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
+subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+ /OU=Certification Services Division/CN=Thawte Server CA
+ /Email=server-certs@thawte.com
+issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
+ /OU=Certification Services Division/CN=Thawte Server CA
+ /Email=server-certs@thawte.com
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
+hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
+N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
+ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
+bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
+aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
+F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
+Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
+KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
+SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
+7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
+qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
+VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
+VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
+NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
+A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
+FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
+Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
+G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
+c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
+w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
+GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
+3VZdLbCVIhNoEsysrxCpxcI=
+-----END CERTIFICATE-----
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
+c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
+Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
+ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
+W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
+QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
+9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
+TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
+8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+-----END CERTIFICATE-----
+
+ subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+ issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
+
+-----BEGIN CERTIFICATE-----
+MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
+YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
+MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
+YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
+SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
+U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
+RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
+3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
+z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
+hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
+YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
+LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
+KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
+Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
+ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
+dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
+IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
+ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
+TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
+LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
+BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
+53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
+2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
+p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+-----END CERTIFICATE-----
+
+ subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
+nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
+IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
+Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
+NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+-----END CERTIFICATE-----
+ subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+ issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
diff --git a/apps/sess_id.c b/apps/sess_id.c
new file mode 100644
index 0000000..03a8f46
--- /dev/null
+++ b/apps/sess_id.c
@@ -0,0 +1,305 @@
+/* apps/sess_id.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl.h"
+
+#undef PROG
+#define PROG sess_id_main
+
+#define FORMAT_UNDEF 0
+#define FORMAT_ASN1 1
+#define FORMAT_TEXT 2
+#define FORMAT_PEM 3
+
+static char *sess_id_usage[]={
+"usage: crl args\n",
+"\n",
+" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n",
+" -outform arg - output format - default PEM\n",
+" -in arg - input file - default stdin\n",
+" -out arg - output file - default stdout\n",
+" -text - print ssl session id details\n",
+" -cert - output certificaet \n",
+" -noout - no CRL output\n",
+NULL
+};
+
+#ifndef NOPROTO
+static SSL_SESSION *load_sess_id(char *file, int format);
+#else
+static SSL_SESSION *load_sess_id();
+#endif
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ SSL_SESSION *x=NULL;
+ int ret=1,i,num,badops=0;
+ BIO *out=NULL;
+ int informat,outformat;
+ char *infile=NULL,*outfile=NULL;
+ int cert=0,noout=0,text=0;
+ char **pp;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ argc--;
+ argv++;
+ num=0;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-text") == 0)
+ text= ++num;
+ else if (strcmp(*argv,"-cert") == 0)
+ cert= ++num;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout= ++num;
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ for (pp=sess_id_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,*pp);
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ x=load_sess_id(infile,informat);
+ if (x == NULL) { goto end; }
+
+#ifdef undef
+ /* just testing for memory leaks :-) */
+ {
+ SSL_SESSION *s;
+ char buf[1024*10],*p;
+ int i;
+
+ s=SSL_SESSION_new();
+
+ p= &buf;
+ i=i2d_SSL_SESSION(x,&p);
+ p= &buf;
+ d2i_SSL_SESSION(&s,&p,(long)i);
+ p= &buf;
+ d2i_SSL_SESSION(&s,&p,(long)i);
+ p= &buf;
+ d2i_SSL_SESSION(&s,&p,(long)i);
+ SSL_SESSION_free(s);
+ }
+#endif
+
+ if (!noout || text)
+ {
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+ }
+
+ if (text)
+ {
+ SSL_SESSION_print(out,x);
+
+ if (cert)
+ {
+ if (x->peer == NULL)
+ BIO_puts(out,"No certificate present\n");
+ else
+ X509_print(out,x->peer);
+ }
+ }
+
+ if (!noout && !cert)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=(int)i2d_SSL_SESSION_bio(out,x);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_SSL_SESSION(out,x);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err,"unable to write SSL_SESSION\n");
+ goto end;
+ }
+ }
+ else if (!noout && (x->peer != NULL)) /* just print the certificate */
+ {
+ if (outformat == FORMAT_ASN1)
+ i=(int)i2d_X509_bio(out,x->peer);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_X509(out,x->peer);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err,"unable to write X509\n");
+ goto end;
+ }
+ }
+ ret=0;
+end:
+ if (out != NULL) BIO_free(out);
+ if (x != NULL) SSL_SESSION_free(x);
+ EXIT(ret);
+ }
+
+static SSL_SESSION *load_sess_id(infile, format)
+char *infile;
+int format;
+ {
+ SSL_SESSION *x=NULL;
+ BIO *in=NULL;
+
+ in=BIO_new(BIO_s_file());
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (format == FORMAT_ASN1)
+ x=d2i_SSL_SESSION_bio(in,NULL);
+ else if (format == FORMAT_PEM)
+ x=PEM_read_bio_SSL_SESSION(in,NULL,NULL);
+ else {
+ BIO_printf(bio_err,"bad input format specified for input crl\n");
+ goto end;
+ }
+ if (x == NULL)
+ {
+ BIO_printf(bio_err,"unable to load SSL_SESSION\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+end:
+ if (in != NULL) BIO_free(in);
+ return(x);
+ }
+
diff --git a/apps/set/set-g-ca.pem b/apps/set/set-g-ca.pem
new file mode 100644
index 0000000..78499f0
--- /dev/null
+++ b/apps/set/set-g-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgYCYUeg8NJ9kO1q3z6vGCkAmPRfu5+Nur0FyGF79MADMw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtQ
+Q0ExMDIxMTgyODEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJyi5V7l1HohY6hN/2N9x6mvWeMy8rD1
+6lfXjgmiuGmhpaszWYaalesMcS2OGuG8Lq3PkaSzpVzqASKfIOjxLMsdpYyYJRub
+vRPDWi3xd8wlp9xUwWHKqn+ki8mPo0yN4eONwZZ4rcZr6K+tWd+5EJZSjuENJoQ/
+SRRmGRzdcS7XAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMjIwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwICBDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBn19R2
+AgGvpJDmfXrHTDdCoYyMkaP2MPzw0hFRwh+wqnw0/pqUXa7MrLXMqtD3rUyOWaNR
+9fYpJZd0Bh/1OeIc2+U+VNfUovLLuZ8nNemdxyq2KMYnHtnh7UdO7atZ+PFLVu8x
+a+J2Mtj8MGy12CJNTJcjLSrJ/1f3AuVrwELjlQ==
+-----END CERTIFICATE-----
diff --git a/apps/set/set-m-ca.pem b/apps/set/set-m-ca.pem
new file mode 100644
index 0000000..0e74caf
--- /dev/null
+++ b/apps/set/set-m-ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgEGvcf5aUnufALdVMa/dmPdflq1CoORGeK5DUwbqhVYcw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtN
+Q0ExMDIxMTgyNzEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuWwr63YrT1GIZpYKfIeiVFHESG/FZO
+7RAJKml/p12ZyZ7D5YPP4BBXVsa1H8e8arR1LKC4rdCArrtKKlBeBiMo9+NB+u35
+FnLnTmfzM4iZ2Syw35DXY8+Xn/LM7RJ1RG+vMNcTqpoUg7QPye7flq2Pt7vVROPn
+SZxPyVxmILe3AgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMjEwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIDCDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQApaj0W
+GgyR47URZEZ7z83yivvnVErqtodub/nR1fMgJ4bDC0ofjA0SzXBP1/3eDq9VkPuS
+EKUw9BpM2XrSUKhJ6F1CbBjWpM0M7GC1nTSxMxmV+XL+Ab/Gn2SwozUApWtht29/
+x9VLB8qsi6wN2aOsVdQMl5iVCjGQYfEkyuoIgA==
+-----END CERTIFICATE-----
diff --git a/apps/set/set_b_ca.pem b/apps/set/set_b_ca.pem
new file mode 100644
index 0000000..eba7d5c
--- /dev/null
+++ b/apps/set/set_b_ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIgYClSzXgB3u31VMarY+lXwPKU9DtoBMzaaivuVzV9a9kw
+DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
+ODI5MB4XDTk2MTAxNzAwMDAwMFoXDTk2MTExNjIzNTk1OVowRTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0JDQTEwMTcxMTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlBy
+b2R1Y3QgVHlwZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApPewvR0BwV02
+9E12ic48pMY/aMB6SkMEWPDx2hURr0DKYGJ6qMvzZn2pSfaVH1BqDtK6oK4Ye5Mj
+ItywwQIdXXO9Ut8+TLnvtzq9ByCJ0YThjZJBc7ZcpJxSV7QAoBON/lzxZuAVq3+L
+3uc39MgRwmBpRllZEpWrkojxs6166X0CAwEAAaOCAVcwggFTMFQGA1UdIwRNMEuh
+J6QlMCMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtSQ0ExMDExMTgyOYIgVqenwCYv
+mmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud
+EAEB/wQkMCKADzE5OTYxMDE3MTc1NzAwWoEPMTk5NjExMTYyMzU5NTlaMBsGA1Ud
+IAEB/wQRMA8wDQYLYIZIAYb4RQEHAQEwEgYDVR0TAQH/BAgwBgEB/wIBATAPBgSG
+jW8DAQH/BAQDAgABMHkGBIaNbwcBAf8EbjBsMCQCAQAwCQYFKw4DAhoFAAQUMmY3
+NGIxYWY0ZmNjMDYwZjc2NzYTD3RlcnNlIHN0YXRlbWVudIAXaHR0cDovL3d3dy52
+ZXJpc2lnbi5jb22BGmdldHNldC1jZW50ZXJAdmVyaXNpZ24uY29tMA0GCSqGSIb3
+DQEBBQUAA4IBAQAWoMS8Aj2sO0LDxRoMcnWTKY8nd8Jw2vl2Mgsm+0qCvcndICM5
+43N0y9uHlP8WeCZULbFz95gTL8mfP/QTu4EctMUkQgRHJnx80f0XSF3HE/X6zBbI
+9rit/bF6yP1mhkdss/vGanReDpki7q8pLx+VIIcxWst/366HP3dW1Fb7ECW/WmVV
+VMN93f/xqk9I4sXchVZcVKQT3W4tzv+qQvugrEi1dSEkbAy1CITEAEGiaFhGUyCe
+WPox3guRXaEHoINNeajGrISe6d//alsz5EEroBoLnM2ryqWfLAtRsf4rjNzTgklw
+lbiz0fw7bNkXKp5ZVr0wlnOjQnoSM6dTI0AV
+-----END CERTIFICATE-----
diff --git a/apps/set/set_c_ca.pem b/apps/set/set_c_ca.pem
new file mode 100644
index 0000000..48b2cbd
--- /dev/null
+++ b/apps/set/set_c_ca.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAuGgAwIBAgIgOnl8J6lAYNDdTWtIojWCGnloNf4ufHjOZ4Fkxwg5xOsw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
+MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
+MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtD
+Q0ExMDIxMTYxNjEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANA3a9+U8oXU3Dv1wJf8g0A7HjCRZAXc
+Y8E4OLOdye5aUssxifCE05qTPVqHMXo6cnCYcfroMdURhjQlswyTGtjQybgUnXjp
+pchw+V4D1DkN0ThErrMCh9ZFSykC0lUhQTRLESvbIb4Gal/HMAFAF5sj0GoOFi2H
+RRj7gpzBIU3xAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
+EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
+aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
+MTAyMjAxMTAwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
+SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIEEDB5
+BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
+Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
+ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBteLaZ
+u/TASC64UWPfhxYAUdys9DQ1pG/J1qPWNTkjOmpXFvW+7l/3nkxyRPgUoFNwx1e7
+XVVPr6zhy8LaaXppwfIZvVryzAUdbtijiUf/MO0hvV3w7e9NlCVProdU5H9EvCXr
++IV8rH8fdEkirIVyw0JGHkuWhkmtS1HEwai9vg==
+-----END CERTIFICATE-----
diff --git a/apps/set/set_d_ct.pem b/apps/set/set_d_ct.pem
new file mode 100644
index 0000000..9f8c7d8
--- /dev/null
+++ b/apps/set/set_d_ct.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdjCCAt+gAwIBAgIgRU5t24v72xVDpZ4iHpyoOAQaQmfio1yhTZAOkBfT2uUw
+DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0NDQTEwMjEx
+NjE2MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjQw
+MDAwMDBaFw05NjExMjMyMzU5NTlaMG4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdC
+cmFuZElEMSYwJAYDVQQLEx1Jc3N1aW5nIEZpbmFuY2lhbCBJbnN0aXR1dGlvbjEl
+MCMGA1UEAxMcR2lYb0t0VjViN1V0MHZKa2hkSG5RYmNzc2JrPTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDIUxgpNB1aoSW585WErtN8WInCRWCqDj3RGT2mJye0F4SM
+/iT5ywdWMasmw18vpEpDlMypfZnRkUAdfyHcRABVAgMBAAGjggFwMIIBbDB2BgNV
+HSMEbzBtoUmkRzBFMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLQkNBMTAxNzExMDQx
+IDAeBgNVBAMTF0JyYW5kIE5hbWU6UHJvZHVjdCBUeXBlgiA6eXwnqUBg0N1Na0ii
+NYIaeWg1/i58eM5ngWTHCDnE6zAOBgNVHQ8BAf8EBAMCB4AwLgYDVR0QAQH/BCQw
+IoAPMTk5NjEwMjQwMTA0MDBagQ8xOTk2MTEyMzIzNTk1OVowGAYDVR0gBBEwDzAN
+BgtghkgBhvhFAQcBATAMBgNVHRMBAf8EAjAAMA8GBIaNbwMBAf8EBAMCB4AweQYE
+ho1vBwEB/wRuMGwwJAIBADAJBgUrDgMCGgUABBQzOTgyMzk4NzIzNzg5MTM0OTc4
+MhMPdGVyc2Ugc3RhdGVtZW50gBdodHRwOi8vd3d3LnZlcmlzaWduLmNvbYEaZ2V0
+c2V0LWNlbnRlckB2ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEAVHCjhxeD
+mIFSkm3DpQAq7pGfcAFPWvSM9I9bK8qeFT1M5YQ+5fbPqaWlNcQlGKIe3cHd4+0P
+ndL5lb6UBhhA0kTzEYA38+HtBxPe/lokCv0bYfyWY9asUmvfbUrTYta0yjN7ixnV
+UqvxxHQHOAwhf6bcc7xNHapOxloWzGUU0RQ=
+-----END CERTIFICATE-----
diff --git a/apps/set/set_root.pem b/apps/set/set_root.pem
new file mode 100644
index 0000000..8dd104f
--- /dev/null
+++ b/apps/set/set_root.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAk+gAwIBAgIgVqenwCYvmmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYw
+DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
+ODI5MB4XDTk2MTAxMjAwMDAwMFoXDTk2MTExMTIzNTk1OVowIzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC1JDQTEwMTExODI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAukca0PVUGFIYX7EyrShi+dVi9GTNzG0V2Wtdw6DqFzKfedba/KpE
+zqnRDV/wRZlBn3oXPS6kNCFiBPRV9mEFXI7y2W+q8/vPurjRDIXMsqQ+dAhKwf4q
+rofJBTiET4NUN0YTtpx6aYuoVubjiOgKdbqnUArxAWWP2Dkco17ipEYyUtd4sTAe
+/xKR02AHpbYGYPSHjMDS/nzUJ7uX4d51phs0rt7If48ExJSnDV/KoHMfm42mdmH2
+g23005qdHKY3UXeh10tZmb3QtGTSvF6OqpRZ+e9/ALklu7ZcIjqbb944ci4QWemb
+ZNWiDFrWWUoO1k942BI/iZ8Fh8pETYSDBQIDAQABo4GGMIGDMA4GA1UdDwEB/wQE
+AwIBBjAuBgNVHRABAf8EJDAigA8xOTk2MTAxMjAxMzQwMFqBDzE5OTYxMTExMjM1
+OTU5WjAbBgNVHSABAf8EETAPMA0GC2CGSAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYB
+Af8CAQIwEAYEho1vAwEB/wQFAwMHAIAwDQYJKoZIhvcNAQEFBQADggEBAK4tntea
+y+ws7PdULwfqAS5osaoNvw73uBn5lROTpx91uhQbJyf0oZ3XG9GUuHZBpqG9qmr9
+vIL40RsvRpNMYgaNHKTxF716yx6rZmruAYZsrE3SpV63tQJCckKLPSge2E5uDhSQ
+O8UjusG+IRT9fKMXUHLv4OmZPOQVOSl1qTCN2XoJFqEPtC3Y9P4YR4xHL0P2jb1l
+DLdIbruuh+6omH+0XUZd5fKnQZTTi6gjl0iunj3wGnkcqGZtwr3j87ONiB/8tDwY
+vz8ceII4YYdX12PrNzn+fu3R5rChvPW4/ah/SaYQ2VQ0AupaIF4xrNJ/gLYYw0YO
+bxCrVJLd8tu9WgA=
+-----END CERTIFICATE-----
diff --git a/apps/speed.c b/apps/speed.c
new file mode 100644
index 0000000..e0aff27
--- /dev/null
+++ b/apps/speed.c
@@ -0,0 +1,1068 @@
+/* apps/speed.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#undef SECONDS
+#define SECONDS 3
+#define RSA_SECONDS 10
+#define DSA_SECONDS 10
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+#undef PROG
+#define PROG speed_main
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include "apps.h"
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "crypto.h"
+#include "rand.h"
+#include "err.h"
+
+#ifndef MSDOS
+#define TIMES
+#endif
+
+#ifndef VMS
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+#else /* VMS */
+#include <types.h>
+struct tms {
+ time_t tms_utime;
+ time_t tms_stime;
+ time_t tms_uchild; /* I dunno... */
+ time_t tms_uchildsys; /* so these names are a guess :-) */
+ }
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#ifdef sun
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#ifndef NO_DES
+#include "des.h"
+#endif
+#ifndef NO_MD2
+#include "md2.h"
+#endif
+#ifndef NO_MDC2
+#include "mdc2.h"
+#endif
+#ifndef NO_MD5
+#include "md5.h"
+#endif
+#if !defined(NO_SHA) && !defined(NO_SHA1)
+#include "sha.h"
+#endif
+#ifndef NO_RC4
+#include "rc4.h"
+#endif
+#ifndef NO_RC2
+#include "rc2.h"
+#endif
+#ifndef NO_IDEA
+#include "idea.h"
+#endif
+#ifndef NO_BLOWFISH
+#include "blowfish.h"
+#endif
+#ifndef NO_RSA
+#include "rsa.h"
+#endif
+#include "x509.h"
+#include "./testrsa.h"
+#ifndef NO_DSA
+#include "./testdsa.h"
+#endif
+
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# ifndef VMS
+# define HZ 100.0
+# else /* VMS */
+# define HZ 100.0
+# endif
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+
+#ifndef NOPROTO
+static double Time_F(int s);
+static void print_message(char *s,long num,int length);
+static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
+#else
+static double Time_F();
+static void print_message();
+static void pkey_print_message();
+#endif
+
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+#ifndef NOPROTO
+static SIGRETTYPE sig_done(int sig);
+#else
+static SIGRETTYPE sig_done();
+#endif
+
+static SIGRETTYPE sig_done(sig)
+int sig;
+ {
+ signal(SIGALRM,sig_done);
+ run=0;
+#ifdef LINT
+ sig=sig;
+#endif
+ }
+#endif
+
+#define START 0
+#define STOP 1
+
+static double Time_F(s)
+int s;
+ {
+ double ret;
+#ifdef TIMES
+ static struct tms tstart,tend;
+
+ if (s == START)
+ {
+ times(&tstart);
+ return(0);
+ }
+ else
+ {
+ times(&tend);
+ ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+ return((ret < 1e-3)?1e-3:ret);
+ }
+#else /* !times() */
+ static struct timeb tstart,tend;
+ long i;
+
+ if (s == START)
+ {
+ ftime(&tstart);
+ return(0);
+ }
+ else
+ {
+ ftime(&tend);
+ i=(long)tend.millitm-(long)tstart.millitm;
+ ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+ return((ret < 0.001)?0.001:ret);
+ }
+#endif
+ }
+
+int MAIN(argc,argv)
+int argc;
+char **argv;
+ {
+ unsigned char *buf=NULL,*buf2=NULL;
+ int ret=1;
+#define ALGOR_NUM 11
+#define SIZE_NUM 5
+#define RSA_NUM 4
+#define DSA_NUM 3
+ long count,rsa_count;
+ int i,j,k,rsa_num,rsa_num2;
+ unsigned int kk;
+#ifndef NO_MD2
+ unsigned char md2[MD2_DIGEST_LENGTH];
+#endif
+#ifndef NO_MDC2
+ unsigned char mdc2[MDC2_DIGEST_LENGTH];
+#endif
+#ifndef NO_MD5
+ unsigned char md5[MD5_DIGEST_LENGTH];
+#endif
+#if !defined(NO_SHA) || !defined(NO_SHA1)
+ unsigned char sha[SHA_DIGEST_LENGTH];
+#endif
+#ifndef NO_RC4
+ RC4_KEY rc4_ks;
+#endif
+#ifndef NO_RC2
+ RC2_KEY rc2_ks;
+#endif
+#ifndef NO_IDEA
+ IDEA_KEY_SCHEDULE idea_ks;
+#endif
+#ifndef NO_BLOWFISH
+ BF_KEY bf_ks;
+#endif
+ static unsigned char key16[16]=
+ {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+ 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+ unsigned char iv[8];
+#ifndef NO_DES
+ static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+ static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+ static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+ des_key_schedule sch,sch2,sch3;
+#endif
+#define D_MD2 0
+#define D_MDC2 1
+#define D_MD5 2
+#define D_SHA 3
+#define D_SHA1 4
+#define D_RC4 5
+#define D_CBC_DES 6
+#define D_EDE3_DES 7
+#define D_CBC_IDEA 8
+#define D_CBC_RC2 9
+#define D_CBC_BF 10
+ double d,results[ALGOR_NUM][SIZE_NUM];
+ static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
+ long c[ALGOR_NUM][SIZE_NUM];
+ static char *names[ALGOR_NUM]={
+ "md2","mdc2","md5","sha","sha1","rc4",
+ "des cbc","des ede3","idea cbc",
+ "rc2 cbc","blowfish cbc"};
+#define R_DSA_512 0
+#define R_DSA_1024 1
+#define R_DSA_2048 2
+#define R_RSA_512 0
+#define R_RSA_1024 1
+#define R_RSA_2048 2
+#define R_RSA_4096 3
+ RSA *rsa_key[RSA_NUM];
+ DSA *dsa_key[DSA_NUM];
+ long rsa_c[RSA_NUM][2];
+ long dsa_c[DSA_NUM][2];
+#ifndef NO_RSA
+ double rsa_results[RSA_NUM][2];
+#endif
+#ifndef NO_DSA
+ double dsa_results[DSA_NUM][2];
+#endif
+ static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
+ static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
+ static unsigned char *rsa_data[RSA_NUM]=
+ {test512,test1024,test2048,test4096};
+ static int rsa_data_length[RSA_NUM]={
+ sizeof(test512),sizeof(test1024),
+ sizeof(test2048),sizeof(test4096)};
+ int doit[ALGOR_NUM];
+ int rsa_doit[RSA_NUM];
+ int dsa_doit[DSA_NUM];
+ int pr_header=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ for (i=0; i<RSA_NUM; i++)
+ rsa_key[i]=NULL;
+
+ if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+ if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+
+ memset(c,0,sizeof(c));
+ memset(iv,0,sizeof(iv));
+
+ for (i=0; i<ALGOR_NUM; i++)
+ doit[i]=0;
+ for (i=0; i<RSA_NUM; i++)
+ rsa_doit[i]=0;
+ for (i=0; i<DSA_NUM; i++)
+ dsa_doit[i]=0;
+
+ j=0;
+ argc--;
+ argv++;
+ while (argc)
+ {
+#ifndef NO_MD2
+ if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
+ else
+#endif
+#ifndef NO_MDC2
+ if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
+ else
+#endif
+#ifndef NO_MD5
+ if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
+ else
+#endif
+#ifndef NO_SHA
+ if (strcmp(*argv,"sha") == 0) doit[D_SHA]=1;
+ else
+#endif
+#ifndef NO_SHA1
+ if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
+ else
+#endif
+#ifndef NO_RC4
+ if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
+ else
+#endif
+#ifndef NO_DEF
+ if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
+ else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
+ else
+#endif
+#ifndef NO_RSA
+#ifdef RSAref
+ if (strcmp(*argv,"rsaref") == 0)
+ {
+ RSA_set_default_method(RSA_PKCS1_RSAref());
+ j--;
+ }
+ else
+#endif
+ if (strcmp(*argv,"ssleay") == 0)
+ {
+ RSA_set_default_method(RSA_PKCS1_SSLeay());
+ j--;
+ }
+ else
+#endif /* !NO_RSA */
+ if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
+ else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
+ else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
+ else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2;
+ else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2;
+ else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
+ else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
+ else
+#ifndef NO_RC2
+ if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
+ else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
+ else
+#endif
+#ifndef NO_IDEA
+ if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
+ else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
+ else
+#endif
+#ifndef NO_BLOWFISH
+ if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
+ else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
+ else
+#endif
+#ifndef NO_DES
+ if (strcmp(*argv,"des") == 0)
+ {
+ doit[D_CBC_DES]=1;
+ doit[D_EDE3_DES]=1;
+ }
+ else
+#endif
+#ifndef NO_RSA
+ if (strcmp(*argv,"rsa") == 0)
+ {
+ rsa_doit[R_RSA_512]=1;
+ rsa_doit[R_RSA_1024]=1;
+ rsa_doit[R_RSA_2048]=1;
+ rsa_doit[R_RSA_4096]=1;
+ }
+ else
+#endif
+#ifndef NO_DSA
+ if (strcmp(*argv,"dsa") == 0)
+ {
+ dsa_doit[R_DSA_512]=1;
+ dsa_doit[R_DSA_1024]=1;
+ }
+ else
+#endif
+ {
+ BIO_printf(bio_err,"bad value, pick one of\n");
+ BIO_printf(bio_err,"md2 mdc2 md5 sha sha1\n");
+#ifndef NO_IDEA
+ BIO_printf(bio_err,"idea-cbc ");
+#endif
+#ifndef NO_RC2
+ BIO_printf(bio_err,"rc2-cbc ");
+#endif
+#ifndef NO_RC2
+ BIO_printf(bio_err,"bf-cbc");
+#endif
+#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH)
+ BIO_printf(bio_err,"\n");
+#endif
+ BIO_printf(bio_err,"des-cbc des-ede3 ");
+#ifndef NO_RC4
+ BIO_printf(bio_err,"rc4");
+#endif
+#ifndef NO_RSA
+ BIO_printf(bio_err,"\nrsa512 rsa1024 rsa2048 rsa4096\n");
+#endif
+#ifndef NO_DSA
+ BIO_printf(bio_err,"\ndsa512 dsa1024 dsa2048\n");
+#endif
+ BIO_printf(bio_err,"idea rc2 des rsa blowfish\n");
+ goto end;
+ }
+ argc--;
+ argv++;
+ j++;
+ }
+
+ if (j == 0)
+ {
+ for (i=0; i<ALGOR_NUM; i++)
+ doit[i]=1;
+ for (i=0; i<RSA_NUM; i++)
+ rsa_doit[i]=1;
+ for (i=0; i<DSA_NUM; i++)
+ dsa_doit[i]=1;
+ }
+ for (i=0; i<ALGOR_NUM; i++)
+ if (doit[i]) pr_header++;
+
+#ifndef TIMES
+ BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
+ BIO_printf(bio_err,"program when this computer is idle.\n");
+#endif
+
+#ifndef NO_RSA
+ for (i=0; i<RSA_NUM; i++)
+ {
+ unsigned char *p;
+
+ p=rsa_data[i];
+ rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
+ if (rsa_key[i] == NULL)
+ {
+ BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
+ goto end;
+ }
+ }
+#endif
+
+#ifndef NO_DSA
+ dsa_key[0]=get_dsa512();
+ dsa_key[1]=get_dsa1024();
+ dsa_key[2]=get_dsa2048();
+#endif
+
+#ifndef NO_DES
+ des_set_key((C_Block *)key,sch);
+ des_set_key((C_Block *)key2,sch2);
+ des_set_key((C_Block *)key3,sch3);
+#endif
+#ifndef NO_IDEA
+ idea_set_encrypt_key(key16,&idea_ks);
+#endif
+#ifndef NO_RC4
+ RC4_set_key(&rc4_ks,16,key16);
+#endif
+#ifndef NO_RC2
+ RC2_set_key(&rc2_ks,16,key16,128);
+#endif
+#ifndef NO_BLOWFISH
+ BF_set_key(&bf_ks,16,key16);
+#endif
+
+ memset(rsa_c,0,sizeof(rsa_c));
+#ifndef SIGALRM
+ BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
+ count=10;
+ do {
+ long i;
+ count*=2;
+ Time_F(START);
+ for (i=count; i; i--)
+ des_ecb_encrypt((C_Block *)buf,(C_Block *)buf,
+ &(sch[0]),DES_ENCRYPT);
+ d=Time_F(STOP);
+ } while (d <3);
+ c[D_MD2][0]=count/10;
+ c[D_MDC2][0]=count/10;
+ c[D_MD5][0]=count;
+ c[D_SHA][0]=count;
+ c[D_SHA1][0]=count;
+ c[D_RC4][0]=count*5;
+ c[D_CBC_DES][0]=count;
+ c[D_EDE3_DES][0]=count/3;
+ c[D_CBC_IDEA][0]=count;
+ c[D_CBC_RC2][0]=count;
+ c[D_CBC_BF][0]=count;
+
+ for (i=1; i<SIZE_NUM; i++)
+ {
+ c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
+ c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
+ c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
+ c[D_SHA][i]=c[D_SHA][0]*4*lengths[0]/lengths[i];
+ c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
+ }
+ for (i=1; i<SIZE_NUM; i++)
+ {
+ long l0,l1;
+
+ l0=(long)lengths[i-1];
+ l1=(long)lengths[i];
+ c[D_RC4][i]=c[D_RC4][i-1]*l0/l1;
+ c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1;
+ c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
+ c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
+ c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
+ c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
+ }
+ rsa_c[R_RSA_512][0]=count/2000;
+ rsa_c[R_RSA_512][1]=count/400;
+ for (i=1; i<RSA_NUM; i++)
+ {
+ rsa_c[i][0]=rsa_c[i-1][0]/8;
+ rsa_c[i][1]=rsa_c[i-1][1]/4;
+ if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
+ rsa_doit[i]=0;
+ else
+ {
+ if (rsa_c[i] == 0)
+ {
+ rsa_c[i][0]=1;
+ rsa_c[i][1]=20;
+ }
+ }
+ }
+
+ dsa_c[R_DSA_512][0]=count/1000;
+ dsa_c[R_DSA_512][1]=count/1000/2;
+ for (i=1; i<DSA_NUM; i++)
+ {
+ dsa_c[i][0]=dsa_c[i-1][0]/4;
+ dsa_c[i][1]=dsa_c[i-1][1]/4;
+ if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
+ dsa_doit[i]=0;
+ else
+ {
+ if (dsa_c[i] == 0)
+ {
+ dsa_c[i][0]=1;
+ dsa_c[i][1]=1;
+ }
+ }
+ }
+
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+ signal(SIGALRM,sig_done);
+#endif
+
+#ifndef NO_MD2
+ if (doit[D_MD2])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_MD2][j]); count++)
+ MD2(buf,(unsigned long)lengths[j],&(md2[0]));
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_MD2],d);
+ results[D_MD2][j]=((double)count)/d*lengths[j];
+ }
+ }
+#endif
+#ifndef NO_MDC2
+ if (doit[D_MDC2])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_MDC2][j]); count++)
+ MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_MDC2],d);
+ results[D_MDC2][j]=((double)count)/d*lengths[j];
+ }
+ }
+#endif
+
+#ifndef NO_MD5
+ if (doit[D_MD5])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_MD5][j]); count++)
+ MD5(buf,(unsigned long)lengths[j],&(md5[0]));
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_MD5],d);
+ results[D_MD5][j]=((double)count)/d*lengths[j];
+ }
+ }
+#endif
+
+#ifndef NO_SHA
+ if (doit[D_SHA])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_SHA],c[D_SHA][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_SHA][j]); count++)
+ SHA(buf,(unsigned long)lengths[j],&(sha[0]));
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_SHA],d);
+ results[D_SHA][j]=((double)count)/d*lengths[j];
+ }
+ }
+#endif
+#ifndef NO_SHA1
+ if (doit[D_SHA1])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_SHA1][j]); count++)
+ SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_SHA1],d);
+ results[D_SHA1][j]=((double)count)/d*lengths[j];
+ }
+ }
+#endif
+#ifndef NO_RC4
+ if (doit[D_RC4])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_RC4][j]); count++)
+ RC4(&rc4_ks,(unsigned int)lengths[j],
+ buf,buf);
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_RC4],d);
+ results[D_RC4][j]=((double)count)/d*lengths[j];
+ }
+ }
+#endif
+#ifndef NO_DES
+ if (doit[D_CBC_DES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
+ des_ncbc_encrypt((C_Block *)buf,
+ (C_Block *)buf,
+ (long)lengths[j],sch,
+ (C_Block *)&(iv[0]),DES_ENCRYPT);
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_CBC_DES],d);
+ results[D_CBC_DES][j]=((double)count)/d*lengths[j];
+ }
+ }
+
+ if (doit[D_EDE3_DES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
+ des_ede3_cbc_encrypt((C_Block *)buf,
+ (C_Block *)buf,
+ (long)lengths[j],sch,sch2,sch3,
+ (C_Block *)&(iv[0]),DES_ENCRYPT);
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_EDE3_DES],d);
+ results[D_EDE3_DES][j]=((double)count)/d*lengths[j];
+ }
+ }
+#endif
+#ifndef NO_IDEA
+ if (doit[D_CBC_IDEA])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
+ idea_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&idea_ks,
+ (unsigned char *)&(iv[0]),IDEA_ENCRYPT);
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_CBC_IDEA],d);
+ results[D_CBC_IDEA][j]=((double)count)/d*lengths[j];
+ }
+ }
+#endif
+#ifndef NO_RC2
+ if (doit[D_CBC_RC2])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
+ RC2_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&rc2_ks,
+ (unsigned char *)&(iv[0]),RC2_ENCRYPT);
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_CBC_RC2],d);
+ results[D_CBC_RC2][j]=((double)count)/d*lengths[j];
+ }
+ }
+#endif
+#ifndef NO_BLOWFISH
+ if (doit[D_CBC_BF])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
+ BF_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&bf_ks,
+ (unsigned char *)&(iv[0]),BF_ENCRYPT);
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %s's in %.2fs\n",
+ count,names[D_CBC_BF],d);
+ results[D_CBC_BF][j]=((double)count)/d*lengths[j];
+ }
+ }
+#endif
+
+ RAND_bytes(buf,30);
+#ifndef NO_RSA
+ for (j=0; j<RSA_NUM; j++)
+ {
+ if (!rsa_doit[j]) continue;
+ pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
+ RSA_SECONDS);
+ Time_F(START);
+ for (count=0,run=1; COND(rsa_c[j][0]); count++)
+ {
+ rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
+ RSA_PKCS1_PADDING);
+ if (rsa_num <= 0)
+ {
+ BIO_printf(bio_err,"RSA private encrypt failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
+ }
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n",
+ count,rsa_bits[j],d);
+ rsa_results[j][0]=d/(double)count;
+ rsa_count=count;
+
+ pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
+ RSA_SECONDS);
+ Time_F(START);
+ for (count=0,run=1; COND(rsa_c[j][1]); count++)
+ {
+ rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
+ RSA_PKCS1_PADDING);
+ if (rsa_num2 <= 0)
+ {
+ BIO_printf(bio_err,"RSA public encrypt failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
+ }
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
+ count,rsa_bits[j],d);
+ rsa_results[j][1]=d/(double)count;
+
+ if (rsa_count <= 1)
+ {
+ /* if longer than 10s, don't do any more */
+ for (j++; j<RSA_NUM; j++)
+ rsa_doit[j]=0;
+ }
+ }
+#endif
+
+ RAND_bytes(buf,20);
+#ifndef NO_DSA
+ for (j=0; j<DSA_NUM; j++)
+ {
+ if (!dsa_doit[j]) continue;
+ DSA_generate_key(dsa_key[j]);
+/* DSA_sign_setup(dsa_key[j],NULL); */
+ pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
+ DSA_SECONDS);
+ Time_F(START);
+ for (count=0,run=1; COND(dsa_c[j][0]); count++)
+ {
+ rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+ &kk,dsa_key[j]);
+ if (rsa_num <= 0)
+ {
+ BIO_printf(bio_err,"DSA sign failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
+ }
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
+ count,dsa_bits[j],d);
+ dsa_results[j][0]=d/(double)count;
+ rsa_count=count;
+
+ pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
+ DSA_SECONDS);
+ Time_F(START);
+ for (count=0,run=1; COND(dsa_c[j][1]); count++)
+ {
+ rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+ kk,dsa_key[j]);
+ if (rsa_num2 <= 0)
+ {
+ BIO_printf(bio_err,"DSA verify failure\n");
+ ERR_print_errors(bio_err);
+ count=1;
+ break;
+ }
+ }
+ d=Time_F(STOP);
+ BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
+ count,dsa_bits[j],d);
+ dsa_results[j][1]=d/(double)count;
+
+ if (rsa_count <= 1)
+ {
+ /* if longer than 10s, don't do any more */
+ for (j++; j<DSA_NUM; j++)
+ dsa_doit[j]=0;
+ }
+ }
+#endif
+
+ fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
+ fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+ printf("options:");
+ printf("%s ",BN_options());
+#ifndef NO_MD2
+ printf("%s ",MD2_options());
+#endif
+#ifndef NO_RC4
+ printf("%s ",RC4_options());
+#endif
+#ifndef NO_DES
+ printf("%s ",des_options());
+#endif
+#ifndef NO_IDEA
+ printf("%s ",idea_options());
+#endif
+#ifndef NO_BLOWFISH
+ printf("%s ",BF_options());
+#endif
+ fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_CFLAGS));
+
+ if (pr_header)
+ {
+ fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
+ fprintf(stdout,"type ");
+ for (j=0; j<SIZE_NUM; j++)
+ fprintf(stdout,"%7d bytes",lengths[j]);
+ fprintf(stdout,"\n");
+ }
+
+ for (k=0; k<ALGOR_NUM; k++)
+ {
+ if (!doit[k]) continue;
+ fprintf(stdout,"%-12s",names[k]);
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ if (results[k][j] > 10000)
+ fprintf(stdout," %11.2fk",results[k][j]/1e3);
+ else
+ fprintf(stdout," %11.2f ",results[k][j]);
+ }
+ fprintf(stdout,"\n");
+ }
+#ifndef NO_RSA
+ j=1;
+ for (k=0; k<RSA_NUM; k++)
+ {
+ if (!rsa_doit[k]) continue;
+ if (j) { printf("%18ssign verify\n"," "); j=0; }
+ fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs",
+ rsa_bits[k],rsa_results[k][0],rsa_results[k][1]);
+ fprintf(stdout,"\n");
+ }
+#endif
+#ifndef NO_DSA
+ j=1;
+ for (k=0; k<DSA_NUM; k++)
+ {
+ if (!dsa_doit[k]) continue;
+ if (j) { printf("%18ssign verify\n"," "); j=0; }
+ fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs",
+ dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
+ fprintf(stdout,"\n");
+ }
+#endif
+ ret=0;
+end:
+ if (buf != NULL) Free(buf);
+ if (buf2 != NULL) Free(buf2);
+#ifndef NO_RSA
+ for (i=0; i<RSA_NUM; i++)
+ if (rsa_key[i] != NULL)
+ RSA_free(rsa_key[i]);
+#endif
+#ifndef NO_DSA
+ for (i=0; i<DSA_NUM; i++)
+ if (dsa_key[i] != NULL)
+ DSA_free(dsa_key[i]);
+#endif
+ EXIT(ret);
+ }
+
+static void print_message(s,num,length)
+char *s;
+long num;
+int length;
+ {
+#ifdef SIGALRM
+ BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
+ BIO_flush(bio_err);
+ alarm(SECONDS);
+#else
+ BIO_printf(bio_err,"Doing %s %ld times on %d size blocks: ",s,num,length);
+ BIO_flush(bio_err);
+#endif
+#ifdef LINT
+ num=num;
+#endif
+ }
+
+static void pkey_print_message(str,str2,num,bits,tm)
+char *str;
+char *str2;
+long num;
+int bits;
+int tm;
+ {
+#ifdef SIGALRM
+ BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
+ BIO_flush(bio_err);
+ alarm(RSA_SECONDS);
+#else
+ BIO_printf(bio_err,"Doing %ld %d bit %s %s's: ",num,bits,str,str2);
+ BIO_flush(bio_err);
+#endif
+#ifdef LINT
+ num=num;
+#endif
+ }
diff --git a/apps/ssleay.c b/apps/ssleay.c
new file mode 100644
index 0000000..f69f14a
--- /dev/null
+++ b/apps/ssleay.c
@@ -0,0 +1,339 @@
+/* apps/ssleay.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define DEBUG
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "bio.h"
+#include "crypto.h"
+#include "lhash.h"
+#include "conf.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl.h"
+#define SSLEAY /* turn off a few special case MONOLITH macros */
+#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+#define SSLEAY_SRC
+#include "apps.h"
+#include "s_apps.h"
+#include "err.h"
+
+
+#ifndef NOPROTO
+static unsigned long MS_CALLBACK hash(FUNCTION *a);
+static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+static LHASH *prog_init(void );
+static int do_cmd(LHASH *prog,int argc,char *argv[]);
+static void sig_stop(int i);
+#else
+static unsigned long MS_CALLBACK hash();
+static int MS_CALLBACK cmp();
+static LHASH *prog_init();
+static int do_cmd();
+static void sig_stop();
+#endif
+
+LHASH *config=NULL;
+char *default_config_file=NULL;
+
+#ifdef DEBUG
+static void sig_stop(i)
+int i;
+ {
+ char *a=NULL;
+
+ *a='\0';
+ }
+#endif
+
+/* Make sure there is only one when MONOLITH is defined */
+#ifdef MONOLITH
+BIO *bio_err=NULL;
+#endif
+
+int main(Argc,Argv)
+int Argc;
+char *Argv[];
+ {
+ ARGS arg;
+#define PROG_NAME_SIZE 16
+ char pname[PROG_NAME_SIZE];
+ FUNCTION f,*fp;
+ MS_STATIC char *prompt,buf[1024],config_name[256];
+ int n,i,ret=0;
+ int argc;
+ char **argv,*p;
+ LHASH *prog=NULL;
+ long errline;
+
+ arg.data=NULL;
+ arg.count=0;
+
+ /* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
+ apps_startup();
+
+#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
+#ifdef SIGBUS
+ signal(SIGBUS,sig_stop);
+#endif
+#ifdef SIGSEGV
+ signal(SIGSEGV,sig_stop);
+#endif
+#endif
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ ERR_load_crypto_strings();
+
+ /* Lets load up our environment a little */
+ p=getenv("SSLEAY_CONF");
+ if (p == NULL)
+ {
+ strcpy(config_name,X509_get_default_cert_area());
+ strcat(config_name,"/lib/");
+ strcat(config_name,SSLEAY_CONF);
+ p=config_name;
+ }
+
+ default_config_file=p;
+
+ config=CONF_load(config,p,&errline);
+ if (config == NULL) ERR_clear_error();
+
+ prog=prog_init();
+
+ /* first check the program name */
+ program_name(Argv[0],pname,PROG_NAME_SIZE);
+
+ f.name=pname;
+ fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
+ if (fp != NULL)
+ {
+ Argv[0]=pname;
+ ret=fp->func(Argc,Argv);
+ goto end;
+ }
+
+ /* ok, now check that there are not arguments, if there are,
+ * run with them, shifting the ssleay off the front */
+ if (Argc != 1)
+ {
+ Argc--;
+ Argv++;
+ ret=do_cmd(prog,Argc,Argv);
+ if (ret < 0) ret=0;
+ goto end;
+ }
+
+ /* ok, lets enter the old 'SSLeay>' mode */
+
+ for (;;)
+ {
+ ret=0;
+ p=buf;
+ n=1024;
+ i=0;
+ for (;;)
+ {
+ p[0]='\0';
+ if (i++)
+ prompt=">";
+ else prompt="SSLeay>";
+ fputs(prompt,stdout);
+ fflush(stdout);
+ fgets(p,n,stdin);
+ if (p[0] == '\0') goto end;
+ i=strlen(p);
+ if (i <= 1) break;
+ if (p[i-2] != '\\') break;
+ i-=2;
+ p+=i;
+ n-=i;
+ }
+ if (!chopup_args(&arg,buf,&argc,&argv)) break;
+
+ ret=do_cmd(prog,argc,argv);
+ if (ret < 0)
+ {
+ ret=0;
+ goto end;
+ }
+ if (ret != 0)
+ BIO_printf(bio_err,"error in %s\n",argv[0]);
+ }
+ BIO_printf(bio_err,"bad exit\n");
+ ret=1;
+end:
+ if (config != NULL)
+ {
+ CONF_free(config);
+ config=NULL;
+ }
+ if (prog != NULL) lh_free(prog);
+ if (arg.data != NULL) Free(arg.data);
+ ERR_remove_state(0);
+
+ EVP_cleanup();
+
+ CRYPTO_mem_leaks(bio_err);
+ if (bio_err != NULL)
+ {
+ BIO_free(bio_err);
+ bio_err=NULL;
+ }
+ EXIT(ret);
+ }
+
+static int do_cmd(prog,argc,argv)
+LHASH *prog;
+int argc;
+char *argv[];
+ {
+ FUNCTION f,*fp;
+ int i,ret=1,tp,nl;
+
+ if ((argc <= 0) || (argv[0] == NULL))
+ { ret=0; goto end; }
+ f.name=argv[0];
+ fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
+ if (fp != NULL)
+ {
+ ret=fp->func(argc,argv);
+ }
+ else if ((strcmp(argv[0],"quit") == 0) ||
+ (strcmp(argv[0],"q") == 0) ||
+ (strcmp(argv[0],"exit") == 0) ||
+ (strcmp(argv[0],"bye") == 0))
+ {
+ ret= -1;
+ goto end;
+ }
+ else
+ {
+ BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
+ argv[0]);
+ i=0;
+ fp=functions;
+ tp=0;
+ for (fp=functions; fp->name != NULL; fp++)
+ {
+ nl=0;
+ if (((i++) % 5) == 0)
+ {
+ BIO_printf(bio_err,"\n");
+ nl=1;
+ }
+ if (fp->type != tp)
+ {
+ tp=fp->type;
+ if (!nl) BIO_printf(bio_err,"\n");
+ if (tp == FUNC_TYPE_MD)
+ {
+ i=1;
+ BIO_printf(bio_err,
+ "Message Digest commands - see the dgst command for more details\n");
+ }
+ else if (tp == FUNC_TYPE_CIPHER)
+ {
+ i=1;
+ BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
+ }
+ }
+ BIO_printf(bio_err,"%-15s",fp->name);
+ }
+ BIO_printf(bio_err,"\nquit\n");
+ ret=0;
+ }
+end:
+ return(ret);
+ }
+
+static LHASH *prog_init()
+ {
+ LHASH *ret;
+ FUNCTION *f;
+
+ if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
+
+ for (f=functions; f->name != NULL; f++)
+ lh_insert(ret,(char *)f);
+ return(ret);
+ }
+
+static int MS_CALLBACK cmp(a,b)
+FUNCTION *a,*b;
+ {
+ return(strncmp(a->name,b->name,8));
+ }
+
+static unsigned long MS_CALLBACK hash(a)
+FUNCTION *a;
+ {
+ return(lh_strhash(a->name));
+ }
+
+#undef SSLEAY
diff --git a/apps/ssleay.cnf b/apps/ssleay.cnf
new file mode 100644
index 0000000..0b3bfa6
--- /dev/null
+++ b/apps/ssleay.cnf
@@ -0,0 +1,116 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE = $ENV::HOME/.rnd
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem# The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = x509v3_extensions # The extentions to add to the cert
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = md5 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = CryptSoft Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 40
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ x509v3_extensions ]
+
+nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
+nsComment = "This is a comment"
+
+# under ASN.1, the 0 bit would be encoded as 80
+nsCertType = 0x40
+
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+#nsCertSequence
+#nsCertExt
+#nsDataType
+
diff --git a/apps/stuff/pkcs12.der b/apps/stuff/pkcs12.der
new file mode 100644
index 0000000..49c28b4
--- /dev/null
+++ b/apps/stuff/pkcs12.der
Binary files differ
diff --git a/apps/stuff/pkcs7.ex1 b/apps/stuff/pkcs7.ex1
new file mode 100644
index 0000000..0eed41b
--- /dev/null
+++ b/apps/stuff/pkcs7.ex1
@@ -0,0 +1,25 @@
+-----BEGIN xxx-----
+MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIB
+rTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMT
+UGVyc29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4
+MDIxODM4NTdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZp
+Y2F0ZTEYMBYGA1UEAxMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAMy8QcW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamI
+DElX/qw9mIQu4xNj1FfepfJNxzPvA0OtMKhy6+bkrlyMEU8CAwEAATAN
+BgkqhkiG9w0BAQIFAANPAAYn7jDgirhiIL4wnP8nGzUisGSpsFsF4/7z
+2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d82H5+Ndfhi2mRp4YHiGHz0Hl
+K6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANBgkqhkiG9w0BAQIFADBf
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHks
+IEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3MjM1OTU5
+WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJp
+dHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTAN
+BgkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1F
+pI9tXQ1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8
+nOkkuBi+AQvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7x
+Ddp49oZm9GoNcPhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6
+Wqf430Xe9Et5+jgnMTiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFc
+miin80RB8AAAMYAAAAAAAAAAAA==
+-----END xxx-----
diff --git a/apps/stuff/pkcs7.ex2 b/apps/stuff/pkcs7.ex2
new file mode 100644
index 0000000..2b21a67
--- /dev/null
+++ b/apps/stuff/pkcs7.ex2
@@ -0,0 +1,11 @@
+-----BEGIN PRIVACY-ENHANCED MESSAGE-----
+MIAGCSqGSIb3DQEHBqCAMIACAQAwgAYJKoZIhvcNAQcBMBEGBSsOAwIHBAifqtdy
+x6uIMYCCARgvFzJtOZBn773DtmXlx037ck3giqnV0WC0QAx5f+fesAiGaxMqWcir
+r9XvT0nT0LgSQ/8tiLCDBEKdyCNgdcJAduy3D0r2sb5sNTT0TyL9uydG3w55vTnW
+aPbCPCWLudArI1UHDZbnoJICrVehxG/sYX069M8v6VO8PsJS7//hh1yM+0nekzQ5
+l1p0j7uWKu4W0csrlGqhLvEJanj6dQAGSTNCOoH3jzEXGQXntgesk8poFPfHdtj0
+5RH4MuJRajDmoEjlrNcnGl/BdHAd2JaCo6uZWGcnGAgVJ/TVfSVSwN5nlCK87tXl
+nL7DJwaPRYwxb3mnPKNq7ATiJPf5u162MbwxrddmiE7e3sST7naSN+GS0ateY5X7
+AAAAAAAAAAA=
+-----END PRIVACY-ENHANCED MESSAGE-----
+
diff --git a/apps/stuff/pkcs7.ex3 b/apps/stuff/pkcs7.ex3
new file mode 100644
index 0000000..b2eabef
--- /dev/null
+++ b/apps/stuff/pkcs7.ex3
@@ -0,0 +1,12 @@
+-----BEGIN PRIVACY-ENHANCED MESSAGE-----
+MIAGCSqGSIb3DQEHA6CAMIACAQAxgDCBqQIBADBTME0xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29u
+YSBDZXJ0aWZpY2F0ZQICALYwDQYJKoZIhvcNAQEBBQAEQCU/R+YCJSUsV6XLilHG
+cNVzwqKcWzmT/rZ+duOv8Ggb7oO/d8H3xUVGQ2LsX4kYGq2szwj8Q6eWhsmhf4oz
+lvMAADCABgkqhkiG9w0BBwEwEQYFKw4DAgcECFif7BadXlw3oIAEgZBNcMexKe16
++mNxx8YQPukBCL0bWqS86lvws/AgRkKPELmysBi5lco8MBCsWK/fCyrnxIRHs1oK
+BXBVlsAhKkkusk1kCf/GbXSAphdSgG+d6LxrNZwHbBFOX6A2hYS63Iczd5bOVDDW
+Op2gcgUtMJq6k2LFrs4L7HHqRPPlqNJ6j5mFP4xkzOCNIQynpD1rV6EECMIk/T7k
+1JLSAAAAAAAAAAAAAA==
+-----END PRIVACY-ENHANCED MESSAGE-----
+
diff --git a/apps/stuff/pkcs7.pem b/apps/stuff/pkcs7.pem
new file mode 100644
index 0000000..eef654c
--- /dev/null
+++ b/apps/stuff/pkcs7.pem
@@ -0,0 +1,46 @@
+-----BEGIN PKCS7-----
+MIIIEgYJKoZIhvcNAQcCMIIIAwIBATEAMAsGCSqGSIb3DQEHAaCCBDUwggIhMIIB
+jgIFAnIAAGcwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
+F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk1MDUxNzAwMDAwMFoXDTk1MTEx
+NjIzNTk1OVowdzELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5h
+MRIwEAYDVQQHEwlDaGFybG90dGUxIzAhBgNVBAoTGlZuZXQgSW50ZXJuZXQgQWNj
+ZXNzLCBJbmMuMRYwFAYDVQQDFA13d3cqLnZuZXQubmV0MHwwDQYJKoZIhvcNAQEB
+BQADawAwaAJhAOngW+io4W1lAp1b2k4+KqICaLHatp6AWkPLpa3Li2mwmggSGeRD
+AmTI4FQB0EFrDMfKLOteHgGoDJ0vifmV5cKvevRt5Gn+xPn54Halu7i145iUldyv
+oViUNpWmLJhKTQIDAQABMA0GCSqGSIb3DQEBAgUAA34AQkyfJje6H8fxtN68TvXV
+RibnPpQol2jMbh0VnK9cP9ePvsXy+7JoGuWxj6zlgjZGwia49xITggZ+0b+wP51l
+5e8xEEc2K7eC5QVD0qh/NSqdPcVP+UG6UK/LT25w/yLuZgqJ3g87kGbOo9myLhkZ
+3jr3kXnsriBmwmqcjgUwggIMMIIBlgIFAkAAAEUwDQYJKoZIhvcNAQECBQAwXzEL
+MAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4w
+LAYDVQQLEyVMb3cgQXNzdXJhbmNlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
+DTk0MTEwOTIzMTk0NFoXDTk5MTIzMTIzMTk0NFowXzELMAkGA1UEBhMCVVMxIDAe
+BgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUA
+A4GJADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwji
+ioII0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJ
+VphIuR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJ
+KoZIhvcNAQECBQADYQAjOCnuhWTdRq+8PhUBSzKbOhmafQQPQ8Ltw+49U8N1zgq9
+1ROaW46znUQykAPUdaAIflEfV2e0ULuyOWCwDJ2ME7NUmWL86SLkk6QLC9iItjva
+h+tdpLV/+TerjmrxCWChggOyMIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1
+MDIwMjEyMjZaFw05NTA2MDEwMDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcy
+NDI2WjAWAgUCQQAACRcNOTUwMjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAx
+MjQ5WjAWAgUCQQAADBcNOTUwMjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0
+MDQ5WjAWAgUCQQAAFhcNOTUwMzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0
+MDQxWjAWAgUCQQAAHxcNOTUwMzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAw
+NzExWjAWAgUCcgAAERcNOTUwMzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDEx
+MzIxWjAWAgUCcgAAHhcNOTUwNDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcx
+NzI0WjAWAgUCcgAAOBcNOTUwNDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIx
+MjI2WjANBgkqhkiG9w0BAQIFAAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6q
+QmK92W0hW158wpJg+ovV3+wQwvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3M
+rJBnZ4GaZDu4FutZh72MR3GtJaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFA
+yp0vMIIBHTCBqDANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UE
+ChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFu
+Y2UgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTk1MDUwMTE5MjcyOVoXDTk1MDYw
+MTA4MDAwMFowGDAWAgUCQAAAXhcNOTUwMjA4MDE0NjIyWjANBgkqhkiG9w0BAQIF
+AANhAF70VxEAKgGlS2otYkWSqYJ286MMDbdAIoEGCDTtVuLCOP3YKHOSTjFhbIhL
+5mBd+Q/W+lKSqdoyYhdObaBk4I4Wk+/BE2QK1x4QhtYG144spESXIRIKAbhffg1g
+rRe/ETEA
+-----END PKCS7-----
diff --git a/apps/test.ssl b/apps/test.ssl
new file mode 100644
index 0000000..d0566e0
--- /dev/null
+++ b/apps/test.ssl
@@ -0,0 +1,16 @@
+www.microsoft.com:443
+sectest.microsoft.com:443
+https://sectest.microsoft.com/ClientAuth/test.asp
+ssl3.netscape.com:443
+ssl3.netscape.com:444
+www.openmarket.com:443 - no session ID caching. - no swap
+
+Servers
+bad www.openmarket.com Open-Market-Secure-WebServer/V2.1
+bad www.microsoft.com Server: Microsoft-IIS/3.0
+good transact.netscape.com Netscape-Enterprise/2.01
+
+clients
+good netscape
+hmm MSIE
+
diff --git a/apps/testCA.pem b/apps/testCA.pem
new file mode 100644
index 0000000..dcb710a
--- /dev/null
+++ b/apps/testCA.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX
+MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq
+hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL
+VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI
+hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S
+uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/
+-----END CERTIFICATE REQUEST-----
diff --git a/apps/testdsa.h b/apps/testdsa.h
new file mode 100644
index 0000000..8e8aea6
--- /dev/null
+++ b/apps/testdsa.h
@@ -0,0 +1,155 @@
+/* NOCW */
+#ifndef NOPROTO
+DSA *get_dsa512(void );
+DSA *get_dsa1024(void );
+DSA *get_dsa2048(void );
+#else
+DSA *get_dsa512();
+DSA *get_dsa1024();
+DSA *get_dsa2048();
+#endif
+
+static unsigned char dsa512_p[]={
+ 0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
+ 0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
+ 0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9,
+ 0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD,
+ 0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,
+ 0xA2,0x76,0x7D,0x31,
+ };
+static unsigned char dsa512_q[]={
+ 0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
+ 0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,
+ };
+static unsigned char dsa512_g[]={
+ 0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,
+ 0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
+ 0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF,
+ 0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE,
+ 0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12,
+ 0xA2,0x03,0x9D,0x20,
+ };
+
+DSA *get_dsa512()
+ {
+ DSA *dsa;
+
+ if ((dsa=DSA_new()) == NULL) return(NULL);
+ dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
+ dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
+ dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
+ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+ return(NULL);
+ return(dsa);
+ }
+
+static unsigned char dsa1024_p[]={
+ 0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
+ 0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
+ 0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,
+ 0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,
+ 0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,
+ 0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,
+ 0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,
+ 0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,
+ 0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,
+ 0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
+ 0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
+ };
+static unsigned char dsa1024_q[]={
+ 0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
+ 0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
+ };
+static unsigned char dsa1024_g[]={
+ 0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
+ 0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
+ 0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,
+ 0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,
+ 0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,
+ 0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,
+ 0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,
+ 0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,
+ 0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,
+ 0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,
+ 0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,
+ };
+
+DSA *get_dsa1024()
+ {
+ DSA *dsa;
+
+ if ((dsa=DSA_new()) == NULL) return(NULL);
+ dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
+ dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
+ dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
+ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+ return(NULL);
+ return(dsa);
+ }
+
+static unsigned char dsa2048_p[]={
+ 0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
+ 0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
+ 0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,
+ 0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,
+ 0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,
+ 0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,
+ 0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,
+ 0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,
+ 0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,
+ 0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,
+ 0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,
+ 0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,
+ 0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,
+ 0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,
+ 0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,
+ 0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,
+ 0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,
+ 0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,
+ 0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,
+ 0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,
+ 0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
+ 0xF8,0x68,0xCF,0x9B,
+ };
+static unsigned char dsa2048_q[]={
+ 0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
+ 0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
+ };
+static unsigned char dsa2048_g[]={
+ 0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
+ 0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
+ 0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,
+ 0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,
+ 0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,
+ 0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,
+ 0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,
+ 0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,
+ 0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,
+ 0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,
+ 0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,
+ 0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,
+ 0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,
+ 0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,
+ 0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,
+ 0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,
+ 0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,
+ 0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,
+ 0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,
+ 0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,
+ 0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,
+ 0xF8,0xB2,0xE5,0x38,
+ };
+
+DSA *get_dsa2048()
+ {
+ DSA *dsa;
+
+ if ((dsa=DSA_new()) == NULL) return(NULL);
+ dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
+ dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
+ dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
+ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+ return(NULL);
+ return(dsa);
+ }
+
diff --git a/apps/testrsa.h b/apps/testrsa.h
new file mode 100644
index 0000000..5f83878
--- /dev/null
+++ b/apps/testrsa.h
@@ -0,0 +1,531 @@
+/* apps/testrsa.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static unsigned char test512[]={
+ 0x30,0x82,0x01,0x39,0x02,0x01,0x00,0x02,0x40,0x48,
+ 0xd3,0xa9,0x8f,0x3b,0x92,0xce,0x20,0xcc,0xc7,0xe8,
+ 0x1f,0x28,0x67,0xdb,0xd1,0xb3,0x06,0x94,0x7d,0x9b,
+ 0x88,0x05,0x9d,0xf5,0xab,0x36,0xaa,0x3f,0x15,0xcd,
+ 0x40,0x0a,0x76,0xfd,0xab,0x33,0xfa,0x07,0x31,0xc8,
+ 0x0d,0xa8,0x23,0x60,0x4e,0xd4,0xda,0x2e,0xed,0xbc,
+ 0x43,0x8a,0xc0,0xd8,0xd9,0xf4,0xcb,0xfa,0x12,0xa2,
+ 0xec,0x49,0x31,0x02,0x03,0x01,0x00,0x01,0x02,0x40,
+ 0x02,0x5e,0x80,0x61,0x9c,0x7a,0x86,0x22,0x23,0x07,
+ 0x4d,0xd1,0xd5,0xaa,0xab,0x48,0x03,0x1e,0xef,0xad,
+ 0xb6,0x65,0x92,0x69,0x35,0x18,0xc0,0xca,0x81,0x0a,
+ 0xe0,0x86,0x6f,0xec,0x00,0x0f,0x1d,0x08,0x43,0xc8,
+ 0x82,0x7d,0x89,0xc4,0x3a,0xc4,0x44,0x6a,0x10,0xc6,
+ 0xdd,0xd0,0x63,0x1c,0x65,0xd6,0x09,0xc5,0x00,0x51,
+ 0x2b,0xc3,0x7c,0xc1,0x02,0x21,0x00,0x8f,0x03,0xfc,
+ 0x35,0x08,0xae,0x85,0x41,0x35,0x30,0x02,0xbd,0x96,
+ 0xaa,0x84,0x60,0x75,0xb5,0x0c,0x2b,0x64,0xbf,0x28,
+ 0x26,0xe2,0x76,0xfd,0xec,0xdc,0x94,0x36,0xcd,0x02,
+ 0x21,0x00,0x82,0x5c,0x6f,0x13,0x93,0x98,0x41,0xf7,
+ 0x81,0x54,0x3f,0xd7,0x8e,0x06,0x64,0xd9,0x29,0x04,
+ 0xfc,0x12,0x46,0x17,0xab,0x9a,0x9f,0xa7,0xd3,0x8a,
+ 0xa0,0xcd,0x33,0xf5,0x02,0x21,0x00,0x8a,0xf4,0xe7,
+ 0x4f,0xac,0x40,0xcd,0xae,0xbe,0xfc,0x08,0x1d,0xa7,
+ 0xcf,0xc4,0x51,0x68,0xec,0xe1,0x87,0x24,0x1b,0x6b,
+ 0xea,0xe4,0x2d,0x93,0xa9,0x59,0xe5,0x14,0x9d,0x02,
+ 0x20,0x70,0x6b,0xd2,0x86,0xe9,0x74,0x16,0xff,0xa1,
+ 0x92,0xcc,0x73,0xd2,0x51,0x85,0x4b,0x19,0xea,0xe8,
+ 0x8f,0xc1,0xce,0xcb,0xf8,0xce,0xd2,0xe6,0xc5,0xd8,
+ 0xa2,0xde,0xb9,0x02,0x20,0x0f,0x73,0xf0,0xf0,0x91,
+ 0x53,0xdf,0x4f,0x37,0xf8,0x3f,0x1f,0x82,0x59,0xe3,
+ 0xe8,0xaa,0x04,0x64,0xd1,0x51,0x77,0xa8,0x36,0x65,
+ 0x8c,0x6d,0x91,0xf8,0xb2,0xc3,0x03,
+ };
+
+static unsigned char test1024[]={
+ 0x30,0x82,0x02,0x58,0x02,0x01,0x00,0x02,
+ 0x81,0x80,0x53,0x66,0xb3,0x9b,0xd1,0xde,
+ 0xb6,0x55,0x67,0xdc,0xe1,0x91,0xdb,0xc7,
+ 0xf2,0xef,0xcc,0x98,0x48,0xbe,0x22,0xb2,
+ 0xa5,0x92,0x88,0xa2,0xe7,0xf6,0x8a,0xea,
+ 0xc1,0x5e,0xd8,0xb3,0xd6,0xb8,0x9a,0xb7,
+ 0xf8,0xaa,0x9d,0x0a,0xa1,0x9e,0xb5,0x81,
+ 0xd4,0xd9,0x86,0x92,0x49,0x1d,0x30,0x50,
+ 0x18,0x4f,0x40,0x52,0x3c,0xf2,0xb7,0x14,
+ 0x5f,0x06,0x4d,0x92,0xab,0x0d,0xe5,0x61,
+ 0x9a,0xb3,0xdf,0xb0,0xaa,0x88,0x7d,0x47,
+ 0x78,0xbf,0xd5,0x15,0x88,0x6b,0xe7,0x43,
+ 0xd3,0x96,0x15,0xed,0x5b,0x33,0xff,0x9d,
+ 0x06,0x88,0xb6,0xe1,0x21,0xcb,0xe8,0xb5,
+ 0xe3,0x3c,0xef,0xb6,0xe7,0x89,0xc0,0x44,
+ 0x71,0x6b,0x38,0xe2,0x7a,0xd4,0x92,0x49,
+ 0x14,0xcf,0x36,0xc1,0x7d,0xa4,0x13,0x7a,
+ 0xb7,0x3f,0x02,0x01,0x03,0x02,0x81,0x80,
+ 0x37,0x99,0xcd,0x12,0x8b,0xe9,0xce,0xe3,
+ 0x9a,0x93,0x41,0x0b,0xe7,0xda,0xa1,0xf5,
+ 0x33,0x10,0x30,0x7e,0xc1,0xcc,0x6e,0x61,
+ 0xb0,0x6c,0x9a,0xa4,0x5c,0x9c,0x80,0xe9,
+ 0xe5,0xcd,0x39,0xd0,0x67,0x25,0x50,0x71,
+ 0xbe,0x07,0x16,0x69,0xce,0x56,0x8d,0xe6,
+ 0x59,0xb6,0xdb,0x68,0xca,0xe0,0x10,0x34,
+ 0xd5,0x8c,0x28,0xa1,0xcf,0x62,0xea,0x03,
+ 0x70,0xc5,0x5e,0x5e,0x08,0x04,0xb3,0x37,
+ 0x06,0x45,0x20,0xe5,0x69,0x8a,0x49,0x7d,
+ 0x05,0x47,0x1a,0x33,0x0d,0xfd,0x7f,0xf7,
+ 0x7b,0xac,0x2a,0x07,0xc3,0x04,0xbf,0xb2,
+ 0x41,0x26,0xfa,0xf8,0xf1,0x88,0x06,0x25,
+ 0xb7,0xe7,0x57,0xe4,0x4c,0xc6,0x57,0xd1,
+ 0x6a,0xbb,0x9a,0xdc,0x45,0x5f,0x48,0x6f,
+ 0x8d,0x75,0xb5,0x7d,0xd6,0x6a,0x03,0x2b,
+ 0x02,0x41,0x00,0x97,0x52,0x4f,0x91,0xe0,
+ 0xc1,0x67,0x42,0xb0,0x41,0xf2,0xc5,0x56,
+ 0x6f,0x66,0x5e,0x5c,0x4e,0x7f,0xc7,0xaf,
+ 0xef,0x2d,0x60,0xbd,0x00,0x3b,0x07,0xed,
+ 0xec,0xfa,0x12,0x14,0xd0,0xc1,0x32,0xd3,
+ 0x47,0x50,0xb9,0x0f,0xd5,0xbd,0x0d,0xd1,
+ 0xcf,0xef,0x71,0x1c,0x0c,0xa4,0x2c,0x74,
+ 0x2a,0xed,0x5d,0x9b,0x00,0x68,0xec,0x51,
+ 0x33,0x73,0xa1,0x02,0x41,0x00,0x8d,0x18,
+ 0x4d,0xee,0xf8,0x99,0x26,0x9e,0xa6,0x07,
+ 0x06,0x6b,0x08,0x88,0xa4,0x25,0xf0,0xdc,
+ 0x61,0x57,0xa2,0x58,0x66,0x42,0x1f,0x6a,
+ 0xe1,0x20,0x6d,0x28,0xec,0xeb,0x40,0x55,
+ 0xe8,0x23,0xab,0x22,0x89,0x4b,0x4c,0x06,
+ 0x26,0xa5,0x7b,0x4a,0xfe,0x3f,0xfc,0xbc,
+ 0x6e,0x5d,0xb6,0x0f,0x3a,0xca,0x47,0x90,
+ 0x84,0x7b,0x00,0xa8,0x3e,0xdf,0x02,0x40,
+ 0x64,0xe1,0x8a,0x61,0x40,0x80,0xef,0x81,
+ 0xca,0xd6,0xa1,0xd8,0xe4,0x4a,0x44,0x3e,
+ 0xe8,0x34,0x55,0x2f,0xca,0x9f,0x73,0x95,
+ 0xd3,0x55,0x7c,0xaf,0xf3,0xf3,0x51,0x61,
+ 0x63,0x35,0xd6,0x21,0xe2,0x2f,0x8b,0x26,
+ 0x0a,0x8e,0x7e,0x09,0x36,0x8a,0x9f,0xa0,
+ 0xbd,0x5d,0xc2,0xc8,0x4d,0x71,0xf3,0x93,
+ 0xbc,0xaa,0xf0,0x9d,0x8b,0x77,0xa2,0x6b,
+ 0x02,0x40,0x5e,0x10,0x33,0xf4,0xa5,0xbb,
+ 0x6f,0x14,0x6e,0xaf,0x59,0x9c,0xb0,0x5b,
+ 0x18,0x19,0x4b,0x3d,0x96,0x3a,0x6c,0x3a,
+ 0xee,0xd6,0xbf,0x9c,0x96,0x15,0x9e,0x1b,
+ 0x48,0x9c,0xd5,0x8e,0x9a,0xc2,0x72,0x17,
+ 0x06,0x32,0x32,0xae,0xc4,0x6e,0x52,0x31,
+ 0xfe,0xd5,0x53,0x28,0x49,0x93,0xce,0xb4,
+ 0xd1,0xdc,0x2f,0xb5,0xad,0xa7,0x55,0xc5,
+ 0x7f,0x3f,0x02,0x40,0x37,0xa4,0xcc,0xd7,
+ 0x63,0x63,0x6b,0x53,0xd6,0xf3,0xf2,0xfe,
+ 0xeb,0x8d,0x4a,0x3d,0xab,0x97,0xfe,0xf8,
+ 0x27,0xc5,0x87,0xc7,0xbf,0x2c,0xef,0xae,
+ 0xcb,0x61,0x62,0x5e,0x30,0x86,0x8f,0xb5,
+ 0x0e,0xeb,0x9a,0xa9,0x09,0x6a,0x4e,0x1c,
+ 0xc7,0x1e,0xa2,0xce,0x8e,0xc2,0xc8,0x15,
+ 0x13,0x06,0x47,0x9e,0x7c,0x2a,0x3c,0x62,
+ 0x26,0xf0,0x9c,0x86,
+ };
+
+static unsigned char test2048[]={
+ 0x30,0x82,0x04,0xa1,0x02,0x01,0x00,0x02,0x82,0x01,
+ 0x00,0x7a,0x52,0xa1,0xd0,0xdb,0x8c,0x38,0xcf,0x0f,
+ 0x01,0x25,0x98,0xee,0x84,0xc1,0xf3,0x8e,0x90,0xb5,
+ 0x85,0x5e,0x5f,0x3a,0x33,0x8f,0xc6,0x49,0xe0,0x07,
+ 0xd3,0x66,0x26,0xcc,0x47,0xc3,0x04,0xcf,0x91,0x74,
+ 0x65,0x07,0x56,0x35,0x7d,0x0a,0xbf,0xcd,0xd2,0x8a,
+ 0xf9,0x05,0x62,0xc0,0x63,0xc2,0x54,0xb8,0x14,0x89,
+ 0x88,0x58,0x1c,0xeb,0xbc,0xbf,0xf2,0x0d,0xcb,0x05,
+ 0x62,0x1c,0xe9,0x48,0x0f,0x2b,0x8d,0x28,0x67,0x92,
+ 0x31,0x86,0xe3,0xa4,0x20,0x80,0xfc,0x5c,0x41,0x9d,
+ 0x21,0x6d,0x7f,0x12,0x6b,0x54,0xb1,0x04,0x0f,0x87,
+ 0x15,0xd7,0xbf,0xc5,0x6b,0x13,0x81,0x80,0x88,0x1e,
+ 0x86,0x16,0x66,0xd9,0xcf,0xa5,0x4e,0xe1,0xcf,0xa4,
+ 0x4c,0x38,0xdd,0xf9,0x5d,0x5f,0x30,0xdf,0x0d,0x2b,
+ 0xfa,0xa0,0x1f,0xb8,0xe3,0x3c,0x62,0xff,0x13,0xf0,
+ 0x61,0xc1,0xcd,0x3c,0xb7,0xc3,0xf7,0xec,0x91,0xcf,
+ 0x7c,0x4e,0x11,0x4e,0x96,0x7e,0xe5,0x6c,0x9e,0x1b,
+ 0xbe,0x3f,0x71,0xc5,0xb1,0xe6,0xeb,0x7e,0xa3,0x97,
+ 0xc1,0xd6,0x1b,0x48,0x4f,0x84,0xaf,0x69,0xc2,0x96,
+ 0xed,0xbc,0x81,0xdf,0x5f,0xc6,0xda,0xd3,0x25,0x2d,
+ 0xc6,0x9f,0x62,0xd2,0x1c,0xef,0xcb,0x0a,0x75,0xd0,
+ 0x23,0x1c,0x3b,0x88,0x22,0x70,0x08,0x05,0x46,0xed,
+ 0x8a,0xda,0x45,0x94,0x8d,0x0d,0x9b,0x61,0xf3,0x07,
+ 0xdc,0x81,0xaa,0x3c,0xcc,0xad,0x06,0x24,0xd7,0xbc,
+ 0x28,0x98,0xb4,0x43,0xe3,0x9b,0x0f,0x93,0xa4,0x6e,
+ 0x49,0xea,0x3a,0xe6,0x1e,0x56,0x5a,0xff,0x0c,0x93,
+ 0x9e,0x9b,0x28,0x7e,0x63,0xb7,0x71,0x02,0x03,0x01,
+ 0x00,0x01,0x02,0x82,0x01,0x00,0x34,0xd9,0x5c,0xb6,
+ 0x5b,0x14,0xd3,0x3a,0x8a,0x96,0x09,0x43,0x70,0xd2,
+ 0x04,0xe6,0x10,0xd3,0x6e,0xc9,0xc7,0x83,0x47,0x27,
+ 0x1d,0xd8,0x22,0xf4,0xdb,0x0c,0xb7,0xd6,0xcd,0x6d,
+ 0xb7,0xd1,0x6d,0x48,0xbf,0xcc,0x22,0x86,0x59,0xa7,
+ 0xc3,0xac,0x28,0xe5,0xed,0x4b,0x37,0xcb,0x79,0xa9,
+ 0xe0,0x3d,0x30,0x27,0x17,0x60,0xc4,0x09,0x02,0xc4,
+ 0xd2,0xfd,0x66,0x7e,0x2f,0xbe,0x3b,0x15,0x83,0x1f,
+ 0xa2,0xc6,0x63,0x0d,0x94,0x79,0x37,0x79,0x44,0xe1,
+ 0x12,0x39,0x76,0x36,0x97,0x07,0xe9,0x41,0xfc,0x98,
+ 0x48,0xc8,0x0e,0x24,0x13,0x4e,0x19,0x9f,0xee,0x50,
+ 0x9b,0xe5,0xd8,0xbd,0x76,0xca,0xa2,0x05,0x1f,0xd7,
+ 0xf9,0xe9,0x01,0xe0,0xef,0x70,0x4b,0x25,0x84,0x66,
+ 0x96,0x09,0x0c,0x65,0x0f,0x0b,0xa8,0xd6,0xf5,0xc2,
+ 0xe3,0xcb,0x3c,0x43,0x66,0xa4,0x15,0x36,0xa5,0xe2,
+ 0x9d,0xe9,0xf7,0x32,0x10,0x0e,0x96,0x57,0xaa,0x84,
+ 0xf9,0x4d,0x91,0x37,0x5a,0x80,0x01,0x05,0x63,0x1c,
+ 0x6e,0xe6,0x8c,0xf7,0x70,0xc1,0x03,0x4f,0x5d,0xde,
+ 0x19,0x90,0x1e,0x53,0x98,0xc9,0xc6,0x41,0x66,0xb0,
+ 0xc2,0x6f,0x30,0xfe,0xb1,0x26,0x47,0x82,0x0a,0x7b,
+ 0x50,0xf8,0x7c,0x88,0x13,0x4d,0x77,0xa0,0xd0,0xba,
+ 0x60,0x87,0x21,0xdd,0x74,0xaa,0x32,0xdb,0xbe,0x23,
+ 0xee,0x81,0xc0,0xca,0xc9,0x94,0x2f,0x75,0x78,0x08,
+ 0xc4,0x04,0x4e,0x67,0x3c,0xb9,0x99,0xd5,0xe5,0xbc,
+ 0x4d,0x6b,0x12,0x59,0xfe,0x55,0xff,0x28,0x0a,0x8d,
+ 0x6c,0xb1,0xd3,0x23,0x7c,0x33,0x87,0x35,0xba,0x8c,
+ 0xb3,0x51,0x02,0x81,0x81,0x00,0xcb,0xbc,0x6f,0x2c,
+ 0xa4,0xbb,0x7b,0x51,0x0e,0xfe,0xdb,0x16,0x83,0x16,
+ 0x91,0x4a,0xb9,0x31,0x42,0x81,0x8b,0x39,0x44,0x11,
+ 0x8b,0x82,0x6f,0x19,0x58,0xd4,0xba,0x38,0x44,0x95,
+ 0xec,0x99,0x32,0x4d,0x98,0xd7,0xad,0x3d,0xd1,0x00,
+ 0xd4,0x1e,0x62,0x90,0xc4,0xac,0x65,0x29,0xb7,0x5c,
+ 0x7c,0x54,0x55,0x33,0xb9,0x22,0x55,0x61,0xc8,0x08,
+ 0xdd,0x5d,0x4d,0xc0,0x19,0xa6,0x89,0x3a,0x33,0x19,
+ 0xc7,0x1d,0x43,0x16,0x9e,0x7e,0x47,0xce,0xe3,0xde,
+ 0xbb,0x52,0x8d,0xcd,0xe3,0x6a,0xe3,0x79,0x9e,0x27,
+ 0x0f,0x6d,0x3b,0x74,0x25,0x39,0xe7,0x87,0x3a,0xad,
+ 0x98,0x82,0xfc,0xae,0x7d,0x53,0x41,0x79,0x7e,0xb6,
+ 0xdc,0xc5,0x75,0x69,0x47,0xd5,0x83,0x26,0x56,0x32,
+ 0xfb,0xdf,0x77,0x9d,0x02,0x81,0x81,0x00,0x99,0xb3,
+ 0xb3,0x33,0x1e,0xea,0x65,0x5d,0x57,0x27,0x99,0xad,
+ 0xd4,0xb7,0xb5,0x5e,0x6a,0x53,0x9d,0x60,0xe9,0x4f,
+ 0xa5,0xd9,0x18,0x24,0x05,0x5b,0xda,0x9a,0x24,0xbe,
+ 0xdc,0xb1,0xa9,0x2e,0x18,0xc6,0x54,0xb1,0xff,0x65,
+ 0x8a,0xaa,0x2b,0x98,0xab,0x27,0x83,0xe6,0x33,0xf5,
+ 0x97,0xa1,0x0b,0x09,0x68,0x98,0x0d,0xa2,0x85,0x06,
+ 0x99,0x73,0xec,0x1c,0x6d,0x5c,0x9d,0x23,0x49,0xef,
+ 0x05,0xea,0x92,0x99,0xeb,0x0b,0xe8,0x15,0xbc,0x87,
+ 0xb3,0x30,0xbf,0x10,0xfe,0x99,0x3b,0xd6,0xe5,0x6c,
+ 0x8b,0x58,0xa6,0xfb,0xae,0xe5,0x4f,0x10,0xb0,0x28,
+ 0xea,0x85,0x5b,0x9b,0x08,0x38,0x75,0x56,0xc3,0xeb,
+ 0x3b,0x47,0xea,0x60,0x86,0x77,0x9b,0x84,0xee,0xc1,
+ 0x58,0x60,0x88,0x33,0x18,0xe5,0x02,0x81,0x80,0x17,
+ 0x3a,0x74,0xb2,0x72,0x55,0xad,0xc9,0xa0,0x1c,0x0e,
+ 0x7e,0x92,0x93,0x90,0x1d,0x24,0xe0,0x28,0xe4,0xfc,
+ 0x2a,0x9b,0x48,0x24,0xcf,0xca,0x3a,0xe9,0x95,0xd7,
+ 0x65,0x72,0xec,0x64,0xfd,0x52,0x6e,0xe6,0x6e,0x30,
+ 0xa2,0x4b,0xa1,0xfc,0x8d,0x3a,0x4f,0xa7,0x1c,0xc0,
+ 0xab,0xf0,0xeb,0xea,0x80,0xf2,0xf5,0xe2,0xb5,0xb7,
+ 0x66,0x5e,0x98,0x24,0x24,0xef,0x28,0x67,0xc4,0x45,
+ 0x01,0x0d,0xb2,0x72,0xb1,0x33,0x64,0xf0,0xcd,0x15,
+ 0x02,0xd1,0x98,0x23,0x63,0x56,0x27,0x93,0x36,0x2c,
+ 0x99,0x41,0x1e,0xd2,0xf3,0x71,0x43,0xdc,0xba,0xad,
+ 0x5b,0x0d,0xa5,0x9d,0x2d,0xd2,0x01,0x52,0xe8,0x9b,
+ 0x1e,0x6f,0x04,0x0a,0x47,0xb9,0x0b,0x37,0xd5,0x70,
+ 0x0e,0x7e,0xe5,0x71,0x32,0x19,0x41,0x02,0x81,0x80,
+ 0x23,0xc3,0x55,0x51,0xf2,0xc2,0x95,0x5d,0x57,0x97,
+ 0x26,0x41,0xf5,0x39,0xdd,0xa0,0x9f,0x5a,0xdf,0x46,
+ 0x9a,0x62,0xe6,0xf3,0x11,0x93,0xe8,0x0f,0x4c,0x59,
+ 0x0b,0x6d,0xc1,0x8a,0x31,0x14,0x41,0xbd,0x7c,0x1d,
+ 0x82,0x90,0x8c,0xe8,0x35,0x86,0xab,0x64,0x61,0x63,
+ 0x61,0xf9,0xa6,0x13,0x59,0xaf,0x11,0xc0,0x37,0x83,
+ 0xf6,0x31,0xe7,0xe8,0xba,0x2a,0x8f,0x23,0xba,0x88,
+ 0x68,0x7e,0x8e,0x40,0xdb,0x65,0xa6,0xf4,0x39,0x47,
+ 0x3d,0x7b,0xd1,0xac,0xe8,0xf8,0x3a,0x55,0x4b,0x40,
+ 0x20,0x57,0xd6,0x40, 0x85,0x72,0x10,0x6a,0xd8,0xaf,
+ 0xc8,0x5d,0x6c,0xdc,0x24,0xc9,0x78,0xeb,0x32,0x1a,
+ 0x43,0x31,0xeb,0xb4,0x3b,0x0b,0xc4,0x9d,0xf5,0xf8,
+ 0xc3,0x59,0x07,0x88,0x46,0x88,0xa5,0x25,0x02,0x81,
+ 0x80,0x55,0xf5,0x12,0x2e,0x48,0xce,0xef,0xb3,0x1d,
+ 0xbf,0xab,0x06,0xf7,0x09,0x8c,0xf0,0x1a,0xe9,0xfa,
+ 0x01,0xf9,0x97,0xa4,0x57,0x6f,0x7a,0x73,0x63,0x2a,
+ 0x57,0x30,0x97,0xce,0xf7,0xe5,0xd4,0x8c,0x35,0xa2,
+ 0x12,0xb7,0xf3,0xf6,0x66,0x76,0x9e,0x90,0x3f,0xb4,
+ 0x70,0x0f,0x99,0x7a,0xc9,0x36,0xcf,0x46,0x74,0x39,
+ 0x91,0xf2,0x66,0xa2,0x55,0x19,0x1b,0x70,0xe3,0xd6,
+ 0x9a,0x8b,0x94,0x79,0x18,0x8a,0x93,0xcf,0x27,0x2a,
+ 0xc1,0xb3,0xda,0x51,0x52,0x9d,0x14,0xb7,0xc9,0x2e,
+ 0x2f,0x75,0x6d,0xc9,0xdb,0x8f,0x69,0xa7,0xc9,0x5e,
+ 0x1f,0x9d,0x3c,0x6e,0x1f,0xa4,0x08,0x33,0x0a,0x7a,
+ 0xde,0x90,0x18,0xf2,0x43,0xf7,0x60,0x8b,0x51,0xa3,
+ 0x50,0xf8,0x52,0xfc,0xed,0x5c,0x63,0xbc,0x1a,
+ };
+
+static unsigned char test4096[]={
+ 0x30,0x82,0x09,0x28,0x02,0x01,0x00,0x02,0x82,0x02,
+ 0x01,0x00,0x92,0x1f,0x39,0xc3,0x7c,0xc2,0xfe,0x5c,
+ 0x2c,0x83,0x5d,0x08,0x5e,0x76,0xe6,0x53,0x30,0x86,
+ 0x47,0x62,0xe9,0x21,0x22,0x2c,0xeb,0x3b,0xe5,0xb3,
+ 0x30,0xbf,0x1c,0x37,0x23,0xe2,0x4b,0x27,0xf2,0x8c,
+ 0x6a,0x8c,0xcb,0x54,0xf0,0x47,0x91,0xbc,0x3b,0x41,
+ 0x6d,0xa6,0xe3,0x9b,0x25,0x3e,0x2f,0x3d,0x8e,0x67,
+ 0x9d,0xe9,0x2b,0x7d,0xcd,0x39,0xf5,0xc9,0x2b,0xd0,
+ 0xe5,0xe6,0xe7,0x62,0x1e,0x6c,0xe1,0x8f,0xc2,0xa3,
+ 0xc9,0x02,0x11,0xf3,0x51,0x63,0x27,0x25,0x82,0x01,
+ 0xaa,0x0a,0x68,0x6d,0x4c,0x02,0x5c,0xaf,0xb1,0x72,
+ 0xb5,0xf4,0x53,0x43,0xb1,0x90,0x28,0x1b,0x54,0xdd,
+ 0xfd,0x57,0x36,0xac,0xf8,0x44,0x34,0x7a,0x85,0x66,
+ 0x37,0x62,0xe9,0x80,0xd2,0xe2,0xdc,0xa0,0xe8,0x76,
+ 0x09,0x6d,0xc1,0x38,0xac,0x55,0x57,0x44,0xbe,0x0e,
+ 0x81,0x0d,0x81,0x63,0xb7,0x73,0xd7,0xbf,0x5d,0x84,
+ 0x2f,0x31,0xdc,0x79,0x69,0xf5,0xa9,0x7e,0x60,0x5b,
+ 0xc1,0x92,0x26,0xb1,0xf0,0xdf,0x0c,0xe4,0x76,0xf7,
+ 0xa3,0x68,0x79,0x9f,0x14,0x5c,0x52,0x97,0x21,0x76,
+ 0xd7,0x19,0x8b,0x47,0xc0,0xb6,0x36,0x01,0xa8,0x73,
+ 0x54,0xfc,0x61,0xd1,0x64,0x44,0xd3,0x36,0x4b,0xbe,
+ 0xc8,0x26,0xcd,0x24,0xb5,0x35,0xdc,0x5a,0xe9,0x25,
+ 0x26,0xb4,0x60,0x19,0x1f,0xc7,0x57,0x47,0xd6,0xf1,
+ 0x5a,0xae,0xc8,0x16,0xfd,0xa8,0x85,0x0b,0x3a,0xbd,
+ 0xd7,0x4c,0xfb,0xd1,0x75,0xa4,0x86,0x91,0x4a,0xb8,
+ 0x0a,0x1b,0x83,0xe4,0xce,0x10,0xd2,0x2b,0xe3,0xe4,
+ 0x87,0x8c,0xfd,0xb9,0xfb,0x8d,0xb6,0x70,0xa5,0x2b,
+ 0xbe,0xe6,0x43,0x4c,0x44,0x09,0x6b,0xd6,0x5a,0xcc,
+ 0x89,0x78,0xb7,0xd8,0xc9,0xa9,0x24,0xe9,0xa6,0x87,
+ 0x2f,0xd4,0x3f,0xad,0x98,0x32,0x57,0x19,0xf0,0xdd,
+ 0x65,0x2e,0x69,0x5f,0x83,0x24,0x3c,0xea,0xc0,0x36,
+ 0x88,0xd2,0x1c,0x27,0x29,0x83,0x80,0xd0,0xdf,0xf1,
+ 0x1e,0x2d,0x62,0x4c,0x24,0xb1,0xb8,0xa2,0x70,0xc7,
+ 0xc5,0xdf,0x8d,0xea,0xf7,0xea,0xb8,0x68,0x99,0x7c,
+ 0xd6,0xf0,0x3b,0x6b,0xb0,0xc5,0xb0,0x0c,0x96,0xfd,
+ 0x07,0x46,0x5f,0xc8,0xde,0xb4,0x4f,0x7b,0x0f,0xd1,
+ 0x71,0x1e,0x84,0x27,0x93,0x95,0xfc,0x7b,0x3f,0x3a,
+ 0xf1,0xe9,0x82,0x4f,0x09,0xc0,0x79,0x35,0xb1,0xe4,
+ 0x45,0x87,0x26,0xe7,0xf9,0x9a,0xcd,0x63,0x42,0x98,
+ 0x9a,0xf8,0x11,0x20,0xf1,0x42,0xd2,0x31,0xdc,0x03,
+ 0xb5,0xa9,0xeb,0x87,0x08,0x2a,0x76,0xb4,0xbf,0x0e,
+ 0x5b,0xa9,0x52,0xd5,0x12,0xda,0x87,0xfa,0x01,0x23,
+ 0x5b,0x78,0x97,0x73,0xcc,0xf8,0x0e,0xf0,0xde,0x34,
+ 0x9f,0xb2,0xcd,0x8c,0x5a,0xce,0xd6,0x3f,0x17,0xe1,
+ 0x45,0xd5,0xeb,0xab,0x6a,0x47,0x0f,0x3c,0x02,0xfb,
+ 0xa5,0xcd,0x85,0x54,0x07,0x0b,0xba,0x74,0x16,0x87,
+ 0x2e,0x9e,0xe5,0x2a,0x80,0x4c,0x27,0xc6,0x9e,0xe2,
+ 0xfd,0x60,0xa7,0x89,0x13,0x3e,0x03,0x7f,0x55,0xf5,
+ 0xd2,0x67,0xab,0x37,0x40,0xbf,0x33,0x03,0xe2,0xd1,
+ 0x60,0xcb,0x48,0xae,0x80,0x30,0x87,0xf6,0xd8,0x34,
+ 0xef,0x61,0xb3,0x9b,0x75,0x25,0x2a,0xe9,0xfa,0xb6,
+ 0x08,0xbe,0xbf,0x80,0x63,0x46,0x77,0x89,0xe7,0x9c,
+ 0xd0,0xe4,0x50,0xa9,0x02,0x03,0x01,0x00,0x01,0x02,
+ 0x82,0x02,0x00,0x73,0xcb,0x78,0xfc,0x18,0xbf,0x71,
+ 0xd0,0xdb,0x99,0x92,0x3d,0x12,0x97,0x08,0xb9,0x3e,
+ 0x07,0xfb,0x44,0x3f,0xd8,0xf8,0xfb,0x3d,0xc2,0xee,
+ 0xa9,0x8c,0xe4,0xb5,0xd8,0x60,0x80,0x70,0xec,0x8c,
+ 0x42,0x88,0x21,0x60,0xf4,0xc3,0xa1,0x03,0xb5,0x76,
+ 0x03,0xc8,0x80,0x6b,0x78,0x44,0x10,0x3e,0x61,0x7a,
+ 0x9b,0x54,0x41,0x36,0x2c,0xf0,0x58,0x91,0x15,0x45,
+ 0xba,0xba,0xa5,0xbc,0x11,0x3e,0x69,0x2c,0x6a,0xbf,
+ 0x65,0x09,0xe2,0xb1,0x14,0xf0,0x17,0x32,0x2b,0x80,
+ 0x16,0x0f,0x89,0x45,0xed,0xef,0x41,0x23,0xf0,0x3b,
+ 0x1f,0xdb,0x5f,0x6e,0x28,0x83,0xea,0xe8,0x4d,0x98,
+ 0x78,0x7e,0xce,0x01,0x4f,0x1b,0x42,0xf9,0x8f,0x6a,
+ 0x6d,0x71,0x50,0xda,0x18,0x33,0x86,0x82,0x2e,0xa5,
+ 0x68,0xfc,0xd9,0xd4,0x38,0x34,0x21,0x41,0x12,0x01,
+ 0xc6,0xfe,0xb0,0x14,0x2c,0x50,0x71,0xe5,0xb4,0x09,
+ 0xc8,0xb9,0x99,0xba,0xcd,0x20,0x92,0x04,0x2a,0x58,
+ 0xf3,0xfd,0xb6,0xf3,0x21,0x29,0xef,0xa8,0x88,0xd8,
+ 0x5a,0x30,0x4d,0x97,0xab,0xdf,0xf7,0xb5,0x9f,0x7c,
+ 0x6e,0x6f,0xd1,0x17,0x55,0xda,0x3a,0xcb,0x1b,0x8f,
+ 0x41,0x2e,0x44,0xfe,0xc3,0x6f,0xc1,0x36,0xdb,0x9d,
+ 0x34,0xe7,0xea,0x0f,0xc1,0x9a,0x34,0xbf,0x95,0xef,
+ 0x92,0x78,0x54,0x92,0x9e,0xf6,0x57,0x03,0x2c,0xb4,
+ 0x01,0xf9,0xc9,0xee,0x58,0x81,0xd5,0x6c,0xf1,0x54,
+ 0x30,0xa3,0x10,0xa7,0xb1,0xfa,0x97,0x51,0xe8,0x8b,
+ 0x9c,0xc2,0xad,0xc1,0x5c,0xad,0x8c,0x18,0xf1,0x9d,
+ 0x1c,0x39,0xeb,0x1a,0x1a,0xab,0x65,0x47,0x00,0x54,
+ 0x89,0x4d,0xf4,0x22,0xaf,0x35,0x8a,0x2b,0x11,0x9d,
+ 0x73,0xb3,0x48,0xf9,0xe9,0x9b,0x73,0xa8,0xeb,0x32,
+ 0x4f,0xf2,0x33,0x5e,0xc8,0xc7,0xe3,0xdb,0xbf,0xcd,
+ 0x8a,0x5b,0xbe,0x19,0x91,0xe1,0x34,0x2c,0x6a,0xd8,
+ 0x56,0xe4,0x92,0x89,0x6f,0x9c,0xda,0x4d,0x9e,0xca,
+ 0xd4,0x2d,0xbb,0x06,0x4b,0x77,0x79,0xe1,0x2e,0xab,
+ 0x2e,0x14,0x0f,0xe3,0x6b,0xc6,0x44,0x18,0xdb,0xd0,
+ 0x51,0xb4,0x72,0xf5,0x77,0x57,0xe8,0x9c,0xad,0x35,
+ 0xb2,0x6c,0x24,0x8b,0x67,0xcc,0xc2,0x6a,0xfa,0xf0,
+ 0xd4,0x40,0x19,0xf1,0x76,0x24,0x42,0x25,0x7b,0x5b,
+ 0xe1,0x25,0xde,0xa4,0x4d,0x00,0xf1,0x80,0x02,0xd0,
+ 0x09,0x48,0x65,0x76,0x8c,0xb3,0x2d,0xe2,0xad,0x87,
+ 0x4f,0xbb,0x76,0xa9,0xac,0xa3,0x1d,0xb9,0x0d,0x4c,
+ 0xb3,0xba,0xdf,0x62,0x91,0xb5,0x3b,0x00,0x11,0x2b,
+ 0x6f,0x74,0x87,0x6d,0xe8,0xed,0x04,0xc4,0xc9,0xf4,
+ 0xc9,0xa3,0xc7,0x0a,0xb8,0x80,0xd8,0x5d,0x30,0x4b,
+ 0xdc,0x79,0x4a,0x5b,0xa4,0x7d,0xf5,0xb2,0x16,0x02,
+ 0x48,0x6d,0x89,0x3a,0xb6,0x3f,0x2d,0x1f,0x91,0xaa,
+ 0xd3,0xc8,0x54,0x17,0x5e,0xb3,0x59,0x05,0xb5,0xf3,
+ 0xe5,0x2e,0xb1,0x41,0xd6,0x87,0xa5,0xcb,0xd1,0xeb,
+ 0x03,0x35,0x7b,0x94,0x06,0x09,0xbb,0x7b,0x67,0x14,
+ 0x83,0x65,0xa1,0x82,0x52,0x70,0xf8,0x3c,0xf2,0x21,
+ 0xb7,0x26,0xa8,0xdd,0x56,0x75,0xc8,0xda,0xc8,0x05,
+ 0x6f,0xba,0xea,0x6a,0x14,0x0f,0x13,0xc6,0x9d,0xea,
+ 0xc3,0xb4,0x95,0x9b,0xc4,0x6b,0x35,0xbd,0x10,0xce,
+ 0xb6,0xf6,0x07,0x72,0xbd,0x02,0x82,0x01,0x01,0x00,
+ 0xcb,0x3c,0x4c,0xfb,0xcf,0xae,0xa9,0xb8,0x2a,0xcc,
+ 0x31,0xa3,0x5d,0xce,0x43,0xbf,0xf9,0x93,0x18,0xcc,
+ 0x17,0x50,0x67,0x7e,0x52,0x6c,0xd5,0xbf,0x3e,0xc2,
+ 0x99,0x56,0xbc,0x7a,0x1a,0xc5,0x92,0x76,0xb3,0x38,
+ 0xbf,0xf4,0xf8,0xae,0x41,0x17,0xb0,0x17,0x1b,0x1a,
+ 0x4d,0x6b,0x3d,0x0c,0xc1,0x25,0x5c,0x54,0xa7,0x39,
+ 0x2c,0x38,0x72,0x1f,0x0a,0xe9,0xd4,0x5b,0xa4,0x81,
+ 0x5d,0xf1,0xc2,0xf7,0xd2,0x5c,0x4c,0x7e,0x24,0x02,
+ 0x81,0xa1,0x3a,0xf5,0xd0,0x11,0x15,0x4e,0x03,0x3d,
+ 0x82,0xfa,0xcd,0x32,0x89,0x10,0xe1,0x4f,0x47,0x32,
+ 0x54,0xfc,0x95,0xf2,0x3a,0x58,0x8e,0xbb,0x9b,0xbf,
+ 0x7c,0x5b,0xc0,0x73,0x25,0xdc,0x04,0xf6,0x98,0xc1,
+ 0xed,0xa9,0x2a,0x6a,0x7b,0xc4,0x8d,0x2a,0x0f,0x51,
+ 0xb3,0xa3,0x75,0x79,0x40,0x76,0xf6,0xbe,0xb2,0xd9,
+ 0xc1,0x6e,0xb1,0xfa,0x96,0xd2,0xea,0x07,0xee,0xe9,
+ 0xf2,0xdb,0x3f,0x20,0xdc,0xe0,0x63,0xdc,0x86,0x7f,
+ 0xbb,0xfb,0x60,0x2f,0xc6,0xaf,0x5f,0x46,0x26,0x39,
+ 0xcf,0xc4,0x10,0x60,0xf1,0x24,0x9b,0x49,0x5f,0x91,
+ 0x3e,0xac,0x7a,0x53,0x3e,0x84,0x71,0xcd,0x9d,0x45,
+ 0x3a,0x75,0x87,0x2c,0x96,0xfb,0x03,0xa5,0xc7,0x59,
+ 0x9a,0xaa,0x99,0xcf,0x8e,0x89,0x3a,0xdc,0x26,0x06,
+ 0xdf,0x14,0x6a,0x95,0xf7,0x88,0x72,0xcb,0x4e,0x91,
+ 0xde,0xeb,0x14,0x23,0xac,0x58,0x69,0x84,0x2b,0xea,
+ 0xdf,0xc8,0x35,0xb2,0x01,0x9d,0x7f,0xaa,0x73,0x51,
+ 0xf5,0xc7,0x2e,0xba,0xa0,0xb4,0x49,0xb6,0x74,0xa3,
+ 0x73,0x17,0xc2,0xfa,0xc8,0xf3,0x02,0x82,0x01,0x01,
+ 0x00,0xb8,0x0e,0xf8,0x50,0x74,0x42,0x79,0x90,0xd0,
+ 0x47,0x8d,0x48,0x2e,0x84,0x3b,0x30,0xe0,0x26,0x31,
+ 0x95,0x54,0x34,0x93,0xa0,0x30,0xd5,0x03,0x50,0xb2,
+ 0x19,0xbf,0xe8,0x22,0x1f,0xbe,0x40,0xec,0x94,0xd8,
+ 0x21,0x17,0xaa,0x95,0xf9,0x62,0xa5,0xf5,0x25,0xd1,
+ 0x72,0x36,0x22,0x67,0x94,0xcf,0xc0,0x06,0x22,0x93,
+ 0x0d,0x6a,0x22,0xfe,0xff,0xb3,0xc2,0xde,0x8f,0x5f,
+ 0x75,0x84,0xe4,0x88,0xf3,0xe4,0x04,0xbb,0x9c,0x6b,
+ 0xb3,0x14,0x9d,0xb7,0xb4,0xa9,0x63,0x3f,0xdc,0xe8,
+ 0x0c,0x05,0xa8,0x76,0xab,0xa1,0xbb,0x23,0x1d,0x6a,
+ 0xcd,0x31,0xbc,0x19,0xb5,0x49,0xa1,0x71,0xee,0x93,
+ 0x46,0x71,0xce,0xba,0xd2,0xa8,0x4e,0x08,0x8d,0x7b,
+ 0x85,0x3d,0x77,0x46,0x9a,0x71,0x71,0xeb,0x03,0x5c,
+ 0xd2,0x0f,0xb1,0xf4,0x78,0xb4,0xf4,0x8d,0xd4,0xd9,
+ 0x9b,0x79,0x99,0xce,0x9b,0xa9,0x38,0xaa,0xd6,0x76,
+ 0x9f,0x9c,0xb1,0xbd,0xd3,0x7c,0x18,0x54,0x62,0xbc,
+ 0x54,0x2a,0x0f,0xef,0x76,0x39,0xd5,0x10,0x2f,0xbf,
+ 0xc5,0x60,0x92,0x21,0x99,0x46,0xbc,0x36,0x65,0x0b,
+ 0x31,0xb6,0x6f,0xa8,0x5d,0x8e,0x2f,0xf0,0xed,0x86,
+ 0x8c,0xf2,0x2a,0x83,0xa7,0x34,0x11,0x06,0xd9,0x6f,
+ 0xb3,0xf5,0x7b,0x31,0x45,0x17,0x5a,0xdc,0x22,0xc3,
+ 0xe8,0xe1,0x89,0x78,0xde,0xae,0x49,0x1a,0x5f,0x4d,
+ 0x06,0xf6,0xb5,0x23,0x66,0xe0,0x00,0xd6,0x37,0x8d,
+ 0xb4,0x5b,0x67,0xb0,0xdb,0x7a,0x10,0x03,0x91,0x64,
+ 0xa6,0xaa,0xc6,0x30,0x49,0x3c,0x81,0x72,0x57,0x9f,
+ 0xd9,0x72,0xae,0xa9,0xce,0xa6,0xf3,0x02,0x82,0x01,
+ 0x01,0x00,0xa3,0x69,0x55,0xe0,0xf6,0xe9,0x52,0xaf,
+ 0xb1,0x41,0xc3,0xfb,0xbe,0x56,0x36,0x25,0x6a,0xef,
+ 0xfa,0x75,0x47,0x9d,0xaf,0xc9,0x63,0x4e,0xfd,0x42,
+ 0xab,0x9c,0xde,0x9c,0x5e,0x29,0xb3,0xd2,0xfe,0x64,
+ 0x10,0xd0,0xe5,0x8f,0x7c,0x50,0xe8,0x27,0xba,0xbf,
+ 0xa9,0x5c,0x29,0xb9,0xbb,0x39,0xc1,0x27,0x60,0x28,
+ 0xf4,0xd8,0x44,0x95,0x12,0x35,0xa1,0x99,0xc7,0xd4,
+ 0xf3,0xdd,0xcd,0x02,0xb2,0x28,0x7f,0x6d,0x15,0x58,
+ 0x2b,0x6e,0x14,0x7a,0xe6,0x24,0x75,0xea,0xf6,0x7d,
+ 0x66,0x9f,0x93,0xec,0x43,0x07,0x8a,0x2c,0x17,0x6d,
+ 0x9e,0x2a,0x7b,0x29,0x29,0x0b,0xbe,0x1c,0x2c,0x8f,
+ 0xee,0xb8,0x35,0xae,0xb4,0x7c,0x21,0x89,0xda,0x37,
+ 0xc9,0x35,0xcc,0xf9,0x43,0x10,0xa1,0x79,0xb5,0xa3,
+ 0x86,0xf3,0xc3,0x83,0xff,0xd5,0xc1,0x9e,0xa5,0xe1,
+ 0x49,0x7f,0x4b,0x47,0xcd,0x35,0x57,0x06,0x39,0x84,
+ 0xad,0x76,0x50,0x7e,0x37,0x31,0x1e,0x48,0x12,0x23,
+ 0x63,0xc5,0xdb,0x09,0x51,0x1a,0xb9,0x1f,0x93,0x74,
+ 0x9d,0x11,0xc8,0xdb,0xb5,0xeb,0xac,0x99,0x29,0x7f,
+ 0x02,0xa7,0x8f,0x84,0x31,0x4b,0x33,0xae,0x5c,0xae,
+ 0xdd,0xf0,0xa7,0x03,0x8e,0xef,0xac,0x6a,0x22,0x51,
+ 0xae,0x8b,0x7e,0x90,0x03,0xe2,0x5e,0x92,0x3a,0xd0,
+ 0x7e,0x86,0xf1,0xe1,0xc1,0x9d,0xd9,0x8d,0x4d,0xf7,
+ 0xe8,0xb1,0xe3,0x52,0x93,0x3b,0xe7,0xbc,0xa3,0x02,
+ 0xd2,0x29,0x25,0x4c,0x1e,0xd8,0x84,0xf1,0xf5,0x8f,
+ 0xc0,0xef,0xba,0xb6,0x2f,0xfd,0x81,0x6f,0xd5,0x01,
+ 0x2e,0xa1,0xa9,0xce,0x06,0x49,0x8d,0x3f,0x02,0x82,
+ 0x01,0x00,0x16,0x9d,0x20,0x3d,0x22,0x4b,0x98,0x8c,
+ 0x06,0x4b,0x04,0x3c,0xbe,0x1a,0x58,0xfb,0x64,0x4e,
+ 0xcd,0x00,0xbf,0xdb,0xc5,0xd7,0x84,0xa8,0x67,0x43,
+ 0xde,0xdd,0xf3,0x0a,0x1e,0x47,0x30,0x24,0xe1,0xec,
+ 0x57,0xb1,0x99,0x2a,0xc8,0x4a,0x5f,0xa8,0x6c,0x3a,
+ 0x3d,0x45,0x7f,0x09,0x33,0x18,0xc1,0x7d,0xa2,0x43,
+ 0x55,0x35,0xec,0xb8,0x68,0x04,0x1a,0x9d,0xf2,0xa2,
+ 0x42,0xe4,0x39,0x73,0xaa,0xaf,0xec,0x6f,0xf8,0x6c,
+ 0xfb,0x7e,0x81,0x25,0xef,0x90,0x2e,0xcf,0x96,0xe5,
+ 0x19,0x4d,0x80,0xd4,0x75,0xe0,0x18,0x7a,0xd9,0x91,
+ 0x9f,0xb1,0x9e,0x4e,0xb2,0x09,0xe8,0x06,0x01,0xed,
+ 0x82,0x02,0xc1,0xb0,0xd8,0x9b,0x51,0x3a,0x65,0x2a,
+ 0x9c,0xe6,0x7d,0xea,0xcd,0xad,0xe4,0x0a,0x4f,0x09,
+ 0x96,0xb9,0xe8,0x5b,0xc0,0xe1,0xa3,0xb9,0xf8,0x43,
+ 0x12,0x89,0x5b,0xa3,0x5e,0x13,0x19,0xf3,0x70,0x69,
+ 0xf1,0x21,0x23,0x2b,0x63,0x5b,0x3c,0x7f,0xf0,0xbe,
+ 0x40,0xcd,0x46,0x6d,0xb6,0xca,0x1b,0xc8,0xe5,0xb8,
+ 0x38,0x23,0x93,0xfd,0xe0,0x4a,0xe8,0xb9,0xef,0x24,
+ 0xf2,0xff,0x24,0x9f,0x0b,0x5c,0x93,0x3f,0xa8,0xa6,
+ 0x46,0x45,0xc2,0xeb,0x1e,0x49,0xc8,0xc7,0xde,0xc3,
+ 0x90,0x49,0xd7,0xfb,0x4e,0xce,0x62,0x54,0x33,0x7f,
+ 0xc1,0xfa,0x36,0xdb,0xa1,0x12,0x1a,0xef,0xb8,0x61,
+ 0xc5,0x20,0xf9,0xe6,0xbf,0x76,0xc0,0x46,0xda,0x0a,
+ 0xf1,0x4a,0x1b,0x80,0xdd,0xe5,0xd9,0x55,0x66,0x5a,
+ 0xd2,0xb6,0xf7,0x7c,0x6a,0x2a,0x55,0x58,0xc2,0x27,
+ 0xa9,0xe8,0x19,0x83,0x04,0x31,0xf3,0xa9,0x02,0x82,
+ 0x01,0x00,0x5f,0x4d,0xd9,0x71,0x24,0x28,0x84,0xbd,
+ 0x39,0x5a,0x17,0x19,0x78,0x0a,0x95,0x01,0xf7,0x42,
+ 0x23,0x16,0xb9,0x86,0x51,0x4b,0xa0,0x59,0x0e,0x30,
+ 0xf3,0xa2,0x61,0xbd,0x66,0x4e,0xa7,0x26,0xc0,0xdc,
+ 0xa7,0x31,0x94,0x1e,0xc2,0x96,0x41,0xe6,0x91,0x4e,
+ 0x6c,0x9a,0xcc,0x80,0xf4,0xb8,0x0a,0x06,0x58,0xb1,
+ 0x20,0x16,0x89,0xb0,0xaa,0x2a,0x31,0x0c,0x7c,0xae,
+ 0x79,0x1e,0x63,0x9a,0x3c,0x8c,0xc4,0x02,0x51,0x3a,
+ 0x58,0x75,0xf7,0xb7,0x2c,0x02,0xc8,0x4c,0x8b,0x09,
+ 0xd2,0x69,0xff,0xcd,0xa3,0x5d,0x9b,0x09,0x1c,0x27,
+ 0xb5,0xc0,0xf0,0x0c,0xa7,0x54,0xc0,0xef,0x86,0x0b,
+ 0x20,0x71,0x46,0x04,0xe4,0x02,0x82,0x7b,0xac,0x26,
+ 0x80,0xc3,0xb1,0x22,0x19,0x6f,0xc6,0x3a,0xdd,0xdc,
+ 0x68,0x3d,0x95,0x5c,0xff,0xc5,0xbf,0x0c,0xf1,0x8f,
+ 0x5e,0xca,0x74,0xd0,0xf3,0xa9,0xe3,0x21,0x34,0x11,
+ 0x11,0xd9,0xc1,0x91,0x65,0xc0,0xde,0x54,0x2e,0xb5,
+ 0xac,0x17,0xb1,0x46,0x3f,0x8e,0xbe,0xbc,0x48,0x0c,
+ 0x96,0x4f,0x48,0x13,0xd4,0x4e,0xb5,0xe4,0xc4,0xbe,
+ 0x55,0xe8,0x7b,0x00,0x36,0x1b,0xd0,0x85,0x24,0xdb,
+ 0x29,0xaf,0x76,0x82,0xb5,0x90,0xcb,0xb1,0xbd,0xb4,
+ 0x45,0x57,0x61,0xcd,0x6e,0xa8,0x23,0xf2,0x7a,0x47,
+ 0x4e,0x01,0x52,0x92,0x55,0x61,0xe5,0xd0,0x4e,0x0a,
+ 0xe7,0x18,0x65,0xf1,0x33,0x2b,0x71,0xf3,0x4b,0x8b,
+ 0xdb,0x28,0x63,0x65,0x9b,0x02,0x5d,0x00,0xc1,0xd1,
+ 0x26,0x9d,0x2a,0x15,0x12,0xf2,0xc8,0xd9,0xb9,0x87,
+ 0x56,0x2c,0xe7,0xa6,0x6d,0xc2,0xd7,0x6b,
+ };
diff --git a/apps/tkca b/apps/tkca
new file mode 100644
index 0000000..bdaf216
--- /dev/null
+++ b/apps/tkca
@@ -0,0 +1,66 @@
+#!/usr/local/bin/perl5
+#
+# This is only something I'm playing with, it does not work :-)
+#
+
+use Tk;
+
+my $main=MainWindow->new();
+my $f=$main->Frame(-relief => "ridge", -borderwidth => 2);
+$f->pack(-fill => 'x');
+
+my $ff=$f->Frame;
+$ff->pack(-fill => 'x');
+my $l=$ff->Label(-text => "TkCA - SSLeay",
+ -relief => "ridge", -borderwidth => 2);
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Certify");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Review");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Revoke");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Generate CRL");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my($db)=&load_db("demoCA/index.txt");
+
+MainLoop;
+
+sub load_db
+ {
+ my(%ret);
+ my($file)=@_;
+ my(*IN);
+ my(%db_serial,%db_name,@f,@db_s);
+
+ $ret{'serial'}=\%db_serial;
+ $ret{'name'}=\%db_name;
+
+ open(IN,"<$file") || die "unable to open $file:$!\n";
+ while (<IN>)
+ {
+ chop;
+ s/([^\\])\t/\1\t\t/g;
+ my(@f)=split(/\t\t/);
+ die "wrong number of fields in $file, line $.\n"
+ if ($#f != 5);
+
+ my(%f);
+ $f{'type'}=$f[0];
+ $f{'exp'}=$f[1];
+ $f{'rev'}=$f[2];
+ $f{'serial'}=$f[3];
+ $f{'file'}=$f[4];
+ $f{'name'}=$f[5];
+ die "serial number $f{'serial'} appears twice (line $.)\n"
+ if (defined($db{$f{'serial'}}))
+ $db_serial{$f{'serial'}}=\%f;
+ $db_name{$f{'name'}}.=$f{'serial'}." ";
+ }
+ return \%ret;
+ }
diff --git a/apps/verify.c b/apps/verify.c
new file mode 100644
index 0000000..809f4c4
--- /dev/null
+++ b/apps/verify.c
@@ -0,0 +1,240 @@
+/* apps/verify.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "bio.h"
+#include "err.h"
+#include "x509.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG verify_main
+
+#ifndef NOPROTO
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
+static int check(X509_STORE *ctx,char *file);
+#else
+static int MS_CALLBACK cb();
+static int check();
+#endif
+
+static int v_verbose=0;
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int i,ret=1;
+ char *CApath=NULL,*CAfile=NULL;
+ X509_STORE *cert_ctx=NULL;
+ X509_LOOKUP *lookup=NULL;
+
+ cert_ctx=X509_STORE_new();
+ if (cert_ctx == NULL) goto end;
+ X509_STORE_set_verify_cb_func(cert_ctx,cb);
+
+ ERR_load_crypto_strings();
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ argc--;
+ argv++;
+ for (;;)
+ {
+ if (argc >= 1)
+ {
+ if (strcmp(*argv,"-CApath") == 0)
+ {
+ if (argc-- < 1) goto end;
+ CApath= *(++argv);
+ }
+ else if (strcmp(*argv,"-CAfile") == 0)
+ {
+ if (argc-- < 1) goto end;
+ CAfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-help") == 0)
+ goto end;
+ else if (strcmp(*argv,"-verbose") == 0)
+ v_verbose=1;
+ else if (argv[0][0] == '-')
+ goto end;
+ else
+ break;
+ argc--;
+ argv++;
+ }
+ else
+ break;
+ }
+
+ lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
+ if (lookup == NULL) abort();
+ if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
+ X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
+ if (lookup == NULL) abort();
+ if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
+ X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+
+ if (argc < 1) check(cert_ctx,NULL);
+ else
+ for (i=0; i<argc; i++)
+ check(cert_ctx,argv[i]);
+ ret=0;
+end:
+ if (ret == 1)
+ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
+ if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+ EXIT(ret);
+ }
+
+static int check(ctx,file)
+X509_STORE *ctx;
+char *file;
+ {
+ X509 *x=NULL;
+ BIO *in=NULL;
+ int i=0,ret=0;
+ X509_STORE_CTX csc;
+
+ in=BIO_new(BIO_s_file());
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (file == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,file) <= 0)
+ {
+ perror(file);
+ goto end;
+ }
+ }
+
+ x=PEM_read_bio_X509(in,NULL,NULL);
+ if (x == NULL)
+ {
+ fprintf(stdout,"%s: unable to load certificate file\n",
+ (file == NULL)?"stdin":file);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
+
+ X509_STORE_CTX_init(&csc,ctx,x,NULL);
+ i=X509_verify_cert(&csc);
+ X509_STORE_CTX_cleanup(&csc);
+
+ ret=0;
+end:
+ if (i)
+ {
+ fprintf(stdout,"OK\n");
+ ret=1;
+ }
+ else
+ ERR_print_errors(bio_err);
+ if (x != NULL) X509_free(x);
+ if (in != NULL) BIO_free(in);
+
+ return(ret);
+ }
+
+static int MS_CALLBACK cb(ok,ctx)
+int ok;
+X509_STORE_CTX *ctx;
+ {
+ char buf[256];
+
+ if (!ok)
+ {
+ /* since we are just checking the certificates, it is
+ * ok if they are self signed. */
+ if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+ ok=1;
+ else
+ {
+ X509_NAME_oneline(
+ X509_get_subject_name(ctx->current_cert),buf,256);
+ printf("%s\n",buf);
+ printf("error %d at %d depth lookup:%s\n",ctx->error,
+ ctx->error_depth,
+ X509_verify_cert_error_string(ctx->error));
+ if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED)
+ ok=1;
+ }
+ }
+ if (!v_verbose)
+ ERR_clear_error();
+ return(ok);
+ }
+
diff --git a/apps/version.c b/apps/version.c
new file mode 100644
index 0000000..a849433
--- /dev/null
+++ b/apps/version.c
@@ -0,0 +1,128 @@
+/* apps/version.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "evp.h"
+#include "crypto.h"
+
+#undef PROG
+#define PROG version_main
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int i,ret=0;
+ int cflags=0,version=0,date=0,options=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+ if (argc == 1) version=1;
+ for (i=1; i<argc; i++)
+ {
+ if (strcmp(argv[i],"-v") == 0)
+ version=1;
+ else if (strcmp(argv[i],"-b") == 0)
+ date=1;
+ else if (strcmp(argv[i],"-f") == 0)
+ cflags=1;
+ else if (strcmp(argv[i],"-o") == 0)
+ options=1;
+ else if (strcmp(argv[i],"-a") == 0)
+ date=version=cflags=options=1;
+ else
+ {
+ BIO_printf(bio_err,"usage:version [-a] [-v] [-b] [-o] [-f]\n");
+ ret=1;
+ goto end;
+ }
+ }
+
+ if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION));
+ if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+ if (options)
+ {
+ printf("options:");
+ printf("%s ",BN_options());
+#ifndef NO_MD2
+ printf("%s ",MD2_options());
+#endif
+#ifndef NO_RC4
+ printf("%s ",RC4_options());
+#endif
+#ifndef NO_DES
+ printf("%s ",des_options());
+#endif
+#ifndef NO_IDEA
+ printf("%s ",idea_options());
+#endif
+#ifndef NO_BLOWFISH
+ printf("%s ",BF_options());
+#endif
+ }
+ if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+end:
+ EXIT(ret);
+ }
diff --git a/apps/x509.c b/apps/x509.c
new file mode 100644
index 0000000..ec20654
--- /dev/null
+++ b/apps/x509.c
@@ -0,0 +1,1042 @@
+/* apps/x509.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include "bio.h"
+#include "asn1.h"
+#include "err.h"
+#include "bn.h"
+#include "evp.h"
+#include "x509.h"
+#include "objects.h"
+#include "pem.h"
+
+#undef PROG
+#define PROG x509_main
+
+#undef POSTFIX
+#define POSTFIX ".srl"
+#define DEF_DAYS 30
+
+#define FORMAT_UNDEF 0
+#define FORMAT_ASN1 1
+#define FORMAT_TEXT 2
+#define FORMAT_PEM 3
+
+#define CERT_HDR "certificate"
+
+static char *x509_usage[]={
+"usage: x509 args\n",
+" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
+" -outform arg - output format - default PEM (one of DER, NET or PEM\n",
+" -keyform arg - private key format - default PEM\n",
+" -CAform arg - CA format - default PEM\n",
+" -CAkeyform arg - CA key format - default PEM\n",
+" -in arg - input file - default stdin\n",
+" -out arg - output file - default stdout\n",
+" -serial - print serial number value\n",
+" -hash - print hash value\n",
+" -subject - print subject DN\n",
+" -issuer - print issuer DN\n",
+" -startdate - notBefore field\n",
+" -enddate - notAfter field\n",
+" -dates - both Before and After dates\n",
+" -modulus - print the RSA key modulus\n",
+" -fingerprint - print the certificate fingerprint\n",
+" -noout - no certificate output\n",
+
+" -days arg - How long till expiry of a signed certificate - def 30 days\n",
+" -signkey arg - self sign cert with arg\n",
+" -x509toreq - output a certification request object\n",
+" -req - input is a certificate request, sign and output.\n",
+" -CA arg - set the CA certificate, must be PEM format.\n",
+" -CAkey arg - set the CA key, must be PEM format\n",
+" missing, it is asssumed to be in the CA file.\n",
+" -CAcreateserial - create serial number file if it does not exist\n",
+" -CAserial - serial file\n",
+" -text - print the certitificate in text form\n",
+" -C - print out C code forms\n",
+" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
+NULL
+};
+
+#ifndef NOPROTO
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
+static EVP_PKEY *load_key(char *file, int format);
+static X509 *load_cert(char *file, int format);
+static int sign (X509 *x, EVP_PKEY *pkey,int days,EVP_MD *digest);
+static int x509_certify (X509_STORE *ctx,char *CAfile, EVP_MD *digest,X509 *x,
+ X509 *xca, EVP_PKEY *pkey,char *serial, int create, int days);
+#else
+static int MS_CALLBACK callb();
+static EVP_PKEY *load_key();
+static X509 *load_cert();
+static int sign ();
+static int x509_certify ();
+#endif
+
+static int reqfile=0;
+
+int MAIN(argc, argv)
+int argc;
+char **argv;
+ {
+ int ret=1;
+ X509_REQ *req=NULL;
+ X509 *x=NULL,*xca=NULL;
+ EVP_PKEY *Upkey=NULL,*CApkey=NULL;
+ int i,num,badops=0;
+ BIO *out=NULL;
+ BIO *STDout=NULL;
+ int informat,outformat,keyformat,CAformat,CAkeyformat;
+ char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
+ char *CAkeyfile=NULL,*CAserial=NULL;
+ int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+ int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
+ int C=0;
+ int x509req=0,days=DEF_DAYS,modulus=0;
+ char **pp;
+ X509_STORE *ctx=NULL;
+ X509_REQ *rq=NULL;
+ int fingerprint=0;
+ char buf[256];
+ EVP_MD *md_alg,*digest=EVP_md5();
+
+ reqfile=0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+ STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+ keyformat=FORMAT_PEM;
+ CAformat=FORMAT_PEM;
+ CAkeyformat=FORMAT_PEM;
+
+ ctx=X509_STORE_new();
+ if (ctx == NULL) goto end;
+ X509_STORE_set_verify_cb_func(ctx,callb);
+
+ argc--;
+ argv++;
+ num=0;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-req") == 0)
+ reqfile=1;
+ else if (strcmp(*argv,"-CAform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-CAkeyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-days") == 0)
+ {
+ if (--argc < 1) goto bad;
+ days=atoi(*(++argv));
+ if (days == 0)
+ {
+ BIO_printf(bio_err,"bad number of days\n");
+ goto bad;
+ }
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-signkey") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyfile= *(++argv);
+ sign_flag= ++num;
+ }
+ else if (strcmp(*argv,"-CA") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAfile= *(++argv);
+ CA_flag= ++num;
+ }
+ else if (strcmp(*argv,"-CAkey") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAkeyfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-CAserial") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAserial= *(++argv);
+ }
+ else if (strcmp(*argv,"-C") == 0)
+ C= ++num;
+ else if (strcmp(*argv,"-serial") == 0)
+ serial= ++num;
+ else if (strcmp(*argv,"-modulus") == 0)
+ modulus= ++num;
+ else if (strcmp(*argv,"-x509toreq") == 0)
+ x509req= ++num;
+ else if (strcmp(*argv,"-text") == 0)
+ text= ++num;
+ else if (strcmp(*argv,"-hash") == 0)
+ hash= ++num;
+ else if (strcmp(*argv,"-subject") == 0)
+ subject= ++num;
+ else if (strcmp(*argv,"-issuer") == 0)
+ issuer= ++num;
+ else if (strcmp(*argv,"-fingerprint") == 0)
+ fingerprint= ++num;
+ else if (strcmp(*argv,"-dates") == 0)
+ {
+ startdate= ++num;
+ enddate= ++num;
+ }
+ else if (strcmp(*argv,"-startdate") == 0)
+ startdate= ++num;
+ else if (strcmp(*argv,"-enddate") == 0)
+ enddate= ++num;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout= ++num;
+ else if (strcmp(*argv,"-CAcreateserial") == 0)
+ CA_createserial= ++num;
+ else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+ {
+ /* ok */
+ digest=md_alg;
+ }
+ else
+ {
+ BIO_printf(bio_err,"unknown option %s\n",*argv);
+ badops=1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops)
+ {
+bad:
+ for (pp=x509_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err,*pp);
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ if (!X509_STORE_set_default_paths(ctx))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
+ { CAkeyfile=CAfile; }
+ else if ((CA_flag) && (CAkeyfile == NULL))
+ {
+ BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
+ goto end;
+ }
+
+ if (reqfile)
+ {
+ EVP_PKEY *pkey;
+ X509_CINF *ci;
+ BIO *in;
+
+ if (!sign_flag && !CA_flag)
+ {
+ BIO_printf(bio_err,"We need a private key to sign with\n");
+ goto end;
+ }
+ in=BIO_new(BIO_s_file());
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+ req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+ BIO_free(in);
+
+ if (req == NULL) { perror(infile); goto end; }
+
+ if ( (req->req_info == NULL) ||
+ (req->req_info->pubkey == NULL) ||
+ (req->req_info->pubkey->public_key == NULL) ||
+ (req->req_info->pubkey->public_key->data == NULL))
+ {
+ BIO_printf(bio_err,"The certificate request appears to corrupted\n");
+ BIO_printf(bio_err,"It does not contain a public key\n");
+ goto end;
+ }
+ if ((pkey=X509_REQ_get_pubkey(req)) == NULL)
+ {
+ BIO_printf(bio_err,"error unpacking public key\n");
+ goto end;
+ }
+ i=X509_REQ_verify(req,pkey);
+ if (i < 0)
+ {
+ BIO_printf(bio_err,"Signature verification error\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (i == 0)
+ {
+ BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ goto end;
+ }
+ else
+ BIO_printf(bio_err,"Signature ok\n");
+
+ X509_NAME_oneline(req->req_info->subject,buf,256);
+ BIO_printf(bio_err,"subject=%s\n",buf);
+
+ if ((x=X509_new()) == NULL) goto end;
+ ci=x->cert_info;
+
+ if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
+ if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
+ if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
+
+ X509_gmtime_adj(X509_get_notBefore(x),0);
+ X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+
+ X509_PUBKEY_free(ci->key);
+ ci->key=req->req_info->pubkey;
+ req->req_info->pubkey=NULL;
+ }
+ else
+ x=load_cert(infile,informat);
+
+ if (x == NULL) goto end;
+ if (CA_flag)
+ {
+ xca=load_cert(CAfile,CAformat);
+ if (xca == NULL) goto end;
+ }
+
+ if (!noout || text)
+ {
+ OBJ_create_and_add_object("2.99999.3",
+ "SET.ex3","SET x509v3 extension 3");
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+ }
+
+ if (num)
+ {
+ for (i=1; i<=num; i++)
+ {
+ if (issuer == i)
+ {
+ X509_NAME_oneline(X509_get_issuer_name(x),
+ buf,256);
+ fprintf(stdout,"issuer= %s\n",buf);
+ }
+ else if (subject == i)
+ {
+ X509_NAME_oneline(X509_get_subject_name(x),
+ buf,256);
+ fprintf(stdout,"subject=%s\n",buf);
+ }
+ else if (serial == i)
+ {
+ fprintf(stdout,"serial=");
+ i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
+ fprintf(stdout,"\n");
+ }
+ else if (hash == i)
+ {
+ fprintf(stdout,"%08lx\n",
+ X509_subject_name_hash(x));
+ }
+ else
+#ifndef NO_RSA
+ if (modulus == i)
+ {
+ EVP_PKEY *pkey;
+
+ pkey=X509_get_pubkey(x);
+ if (pkey == NULL)
+ {
+ fprintf(stdout,"Modulus=unavailable\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ fprintf(stdout,"Modulus=");
+ if (pkey->type == EVP_PKEY_RSA)
+ BN_print(STDout,pkey->pkey.rsa->n);
+ else
+ fprintf(stdout,"Wrong Algorithm type");
+ fprintf(stdout,"\n");
+ }
+ else
+#endif
+ if (C == i)
+ {
+ unsigned char *d;
+ char *m;
+ int y,z;
+
+ X509_NAME_oneline(X509_get_subject_name(x),
+ buf,256);
+ printf("/* subject:%s */\n",buf);
+ m=X509_NAME_oneline(
+ X509_get_issuer_name(x),buf,256);
+ printf("/* issuer :%s */\n",buf);
+
+ z=i2d_X509(x,NULL);
+ m=Malloc(z);
+
+ d=(unsigned char *)m;
+ z=i2d_X509_NAME(X509_get_subject_name(x),&d);
+ printf("unsigned char XXX_subject_name[%d]={\n",z);
+ d=(unsigned char *)m;
+ for (y=0; y<z; y++)
+ {
+ printf("0x%02X,",d[y]);
+ if ((y & 0x0f) == 0x0f) printf("\n");
+ }
+ if (y%16 != 0) printf("\n");
+ printf("};\n");
+
+ z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
+ printf("unsigned char XXX_public_key[%d]={\n",z);
+ d=(unsigned char *)m;
+ for (y=0; y<z; y++)
+ {
+ printf("0x%02X,",d[y]);
+ if ((y & 0x0f) == 0x0f) printf("\n");
+ }
+ if (y%16 != 0) printf("\n");
+ printf("};\n");
+
+ z=i2d_X509(x,&d);
+ printf("unsigned char XXX_certificate[%d]={\n",z);
+ d=(unsigned char *)m;
+ for (y=0; y<z; y++)
+ {
+ printf("0x%02X,",d[y]);
+ if ((y & 0x0f) == 0x0f) printf("\n");
+ }
+ if (y%16 != 0) printf("\n");
+ printf("};\n");
+
+ Free(m);
+ }
+ else if (text == i)
+ {
+ X509_print(out,x);
+ }
+ else if (startdate == i)
+ {
+ BIO_puts(STDout,"notBefore=");
+ ASN1_UTCTIME_print(STDout,X509_get_notBefore(x));
+ BIO_puts(STDout,"\n");
+ }
+ else if (enddate == i)
+ {
+ BIO_puts(STDout,"notAfter=");
+ ASN1_UTCTIME_print(STDout,X509_get_notAfter(x));
+ BIO_puts(STDout,"\n");
+ }
+ else if (fingerprint == i)
+ {
+ int j;
+ unsigned int n;
+ unsigned char md[EVP_MAX_MD_SIZE];
+
+ if (!X509_digest(x,EVP_md5(),md,&n))
+ {
+ BIO_printf(bio_err,"out of memory\n");
+ goto end;
+ }
+ fprintf(stdout,"MD5 Fingerprint=");
+ for (j=0; j<(int)n; j++)
+ {
+ fprintf(stdout,"%02X%c",md[j],
+ (j+1 == (int)n)
+ ?'\n':':');
+ }
+ }
+
+ /* should be in the library */
+ else if ((sign_flag == i) && (x509req == 0))
+ {
+ BIO_printf(bio_err,"Getting Private key\n");
+ if (Upkey == NULL)
+ {
+ Upkey=load_key(keyfile,keyformat);
+ if (Upkey == NULL) goto end;
+ }
+#ifndef NO_DSA
+ if (Upkey->type == EVP_PKEY_DSA)
+ digest=EVP_dss1();
+#endif
+
+ if (!sign(x,Upkey,days,digest)) goto end;
+ }
+ else if (CA_flag == i)
+ {
+ BIO_printf(bio_err,"Getting CA Private Key\n");
+ if (CAkeyfile != NULL)
+ {
+ CApkey=load_key(CAkeyfile,CAkeyformat);
+ if (CApkey == NULL) goto end;
+ }
+#ifndef NO_DSA
+ if (CApkey->type == EVP_PKEY_DSA)
+ digest=EVP_dss1();
+#endif
+ if (!x509_certify(ctx,CAfile,digest,x,xca,
+ CApkey,
+ CAserial,CA_createserial,days))
+ goto end;
+ }
+ else if (x509req == i)
+ {
+ EVP_PKEY *pk;
+
+ BIO_printf(bio_err,"Getting request Private Key\n");
+ if (keyfile == NULL)
+ {
+ BIO_printf(bio_err,"no request key file specified\n");
+ goto end;
+ }
+ else
+ {
+ pk=load_key(keyfile,FORMAT_PEM);
+ if (pk == NULL) goto end;
+ }
+
+ BIO_printf(bio_err,"Generating certificate request\n");
+
+ rq=X509_to_X509_REQ(x,pk);
+ EVP_PKEY_free(pk);
+ if (rq == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (!noout)
+ {
+ X509_REQ_print(out,rq);
+ PEM_write_bio_X509_REQ(out,rq);
+ }
+ noout=1;
+ }
+ }
+ }
+
+ if (noout)
+ {
+ ret=0;
+ goto end;
+ }
+
+ if (outformat == FORMAT_ASN1)
+ i=i2d_X509_bio(out,x);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_X509(out,x);
+ else if (outformat == FORMAT_NETSCAPE)
+ {
+ ASN1_HEADER ah;
+ ASN1_OCTET_STRING os;
+
+ os.data=(unsigned char *)CERT_HDR;
+ os.length=strlen(CERT_HDR);
+ ah.header= &os;
+ ah.data=(char *)x;
+ ah.meth=X509_asn1_meth();
+
+ /* no macro for this one yet */
+ i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah);
+ }
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err,"unable to write certificate\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret=0;
+end:
+ OBJ_cleanup();
+ if (out != NULL) BIO_free(out);
+ if (STDout != NULL) BIO_free(STDout);
+ if (ctx != NULL) X509_STORE_free(ctx);
+ if (req != NULL) X509_REQ_free(req);
+ if (x != NULL) X509_free(x);
+ if (xca != NULL) X509_free(xca);
+ if (Upkey != NULL) EVP_PKEY_free(Upkey);
+ if (CApkey != NULL) EVP_PKEY_free(CApkey);
+ if (rq != NULL) X509_REQ_free(rq);
+ EXIT(ret);
+ }
+
+static int x509_certify(ctx,CAfile,digest,x,xca,pkey,serialfile,create,days)
+X509_STORE *ctx;
+char *CAfile;
+EVP_MD *digest;
+X509 *x;
+X509 *xca;
+EVP_PKEY *pkey;
+char *serialfile;
+int create;
+int days;
+ {
+ int ret=0;
+ BIO *io=NULL;
+ MS_STATIC char buf2[1024];
+ char *buf=NULL,*p;
+ BIGNUM *serial=NULL;
+ ASN1_INTEGER *bs=NULL,bs2;
+ X509_STORE_CTX xsc;
+ EVP_PKEY *upkey;
+
+ EVP_PKEY_copy_parameters(X509_get_pubkey(xca),pkey);
+
+ X509_STORE_CTX_init(&xsc,ctx,x,NULL);
+ buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+
+ ((serialfile == NULL)
+ ?(strlen(CAfile)+strlen(POSTFIX)+1)
+ :(strlen(serialfile)))+1);
+ if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
+ if (serialfile == NULL)
+ {
+ strcpy(buf,CAfile);
+ for (p=buf; *p; p++)
+ if (*p == '.')
+ {
+ *p='\0';
+ break;
+ }
+ strcat(buf,POSTFIX);
+ }
+ else
+ strcpy(buf,serialfile);
+ serial=BN_new();
+ bs=ASN1_INTEGER_new();
+ if ((serial == NULL) || (bs == NULL))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ io=BIO_new(BIO_s_file());
+ if (io == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (BIO_read_filename(io,buf) <= 0)
+ {
+ if (!create)
+ {
+ perror(buf);
+ goto end;
+ }
+ else
+ {
+ ASN1_INTEGER_set(bs,0);
+ BN_zero(serial);
+ }
+ }
+ else
+ {
+ if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
+ {
+ BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ else
+ {
+ serial=BN_bin2bn(bs->data,bs->length,serial);
+ if (serial == NULL)
+ {
+ BIO_printf(bio_err,"error converting bin 2 bn");
+ goto end;
+ }
+ }
+ }
+
+ if (!BN_add_word(serial,1))
+ { BIO_printf(bio_err,"add_word failure\n"); goto end; }
+ bs2.data=(unsigned char *)buf2;
+ bs2.length=BN_bn2bin(serial,bs2.data);
+
+ if (BIO_write_filename(io,buf) <= 0)
+ {
+ BIO_printf(bio_err,"error attempting to write serial number file\n");
+ perror(buf);
+ goto end;
+ }
+ i2a_ASN1_INTEGER(io,&bs2);
+ BIO_puts(io,"\n");
+ BIO_free(io);
+ io=NULL;
+
+ if (!X509_STORE_add_cert(ctx,x)) goto end;
+
+ /* NOTE: this certificate can/should be self signed, unless it was
+ * a certificate request in which case it is not. */
+ X509_STORE_CTX_set_cert(&xsc,x);
+ if (!reqfile && !X509_verify_cert(&xsc))
+ goto end;
+
+ if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
+ if (!X509_set_serialNumber(x,bs)) goto end;
+
+ if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)
+ goto end;
+
+ /* hardwired expired */
+ if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+ goto end;
+
+ /* don't save DSA parameters in child if parent has them. */
+ upkey=X509_get_pubkey(x);
+ if (!EVP_PKEY_missing_parameters(pkey))
+ {
+ EVP_PKEY_save_parameters(upkey,0);
+ /* Force a re-write */
+ X509_set_pubkey(x,upkey);
+ }
+
+ if (!X509_sign(x,pkey,digest)) goto end;
+ ret=1;
+end:
+ X509_STORE_CTX_cleanup(&xsc);
+ if (!ret)
+ ERR_print_errors(bio_err);
+ if (buf != NULL) Free(buf);
+ if (bs != NULL) ASN1_INTEGER_free(bs);
+ if (io != NULL) BIO_free(io);
+ if (serial != NULL) BN_free(serial);
+ return(ret);
+ }
+
+static int MS_CALLBACK callb(ok, ctx)
+int ok;
+X509_STORE_CTX *ctx;
+ {
+ char buf[256];
+ int err;
+ X509 *err_cert;
+
+ /* it is ok to use a self signed certificate
+ * This case will catch both the initial ok == 0 and the
+ * final ok == 1 calls to this function */
+ err=X509_STORE_CTX_get_error(ctx);
+ if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+ return(1);
+
+ /* BAD we should have gotten an error. Normally if everything
+ * worked X509_STORE_CTX_get_error(ctx) will still be set to
+ * DEPTH_ZERO_SELF_.... */
+ if (ok)
+ {
+ printf("error with certificate to be certified - should be self signed\n");
+ return(0);
+ }
+ else
+ {
+ err_cert=X509_STORE_CTX_get_current_cert(ctx);
+ X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+ printf("%s\n",buf);
+ printf("error with certificate - error %d at depth %d\n%s\n",
+ err,X509_STORE_CTX_get_error_depth(ctx),
+ X509_verify_cert_error_string(err));
+ return(1);
+ }
+ }
+
+static EVP_PKEY *load_key(file, format)
+char *file;
+int format;
+ {
+ BIO *key=NULL;
+ EVP_PKEY *pkey=NULL;
+
+ if (file == NULL)
+ {
+ BIO_printf(bio_err,"no keyfile specified\n");
+ goto end;
+ }
+ key=BIO_new(BIO_s_file());
+ if (key == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (BIO_read_filename(key,file) <= 0)
+ {
+ perror(file);
+ goto end;
+ }
+#ifndef NO_RSA
+ if (format == FORMAT_ASN1)
+ {
+ RSA *rsa;
+
+ rsa=d2i_RSAPrivateKey_bio(key,NULL);
+ if (rsa != NULL)
+ {
+ if ((pkey=EVP_PKEY_new()) != NULL)
+ EVP_PKEY_assign_RSA(pkey,rsa);
+ else
+ RSA_free(rsa);
+ }
+ }
+ else
+#endif
+ if (format == FORMAT_PEM)
+ {
+ pkey=PEM_read_bio_PrivateKey(key,NULL,NULL);
+ }
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for key\n");
+ goto end;
+ }
+end:
+ if (key != NULL) BIO_free(key);
+ if (pkey == NULL)
+ BIO_printf(bio_err,"unable to load Private Key\n");
+ return(pkey);
+ }
+
+static X509 *load_cert(file, format)
+char *file;
+int format;
+ {
+ ASN1_HEADER *ah=NULL;
+ BUF_MEM *buf=NULL;
+ X509 *x=NULL;
+ BIO *cert;
+
+ if ((cert=BIO_new(BIO_s_file())) == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (file == NULL)
+ BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(cert,file) <= 0)
+ {
+ perror(file);
+ goto end;
+ }
+ }
+ if (format == FORMAT_ASN1)
+ x=d2i_X509_bio(cert,NULL);
+ else if (format == FORMAT_NETSCAPE)
+ {
+ unsigned char *p,*op;
+ int size=0,i;
+
+ /* We sort of have to do it this way because it is sort of nice
+ * to read the header first and check it, then
+ * try to read the certificate */
+ buf=BUF_MEM_new();
+ for (;;)
+ {
+ if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+ goto end;
+ i=BIO_read(cert,&(buf->data[size]),1024*10);
+ size+=i;
+ if (i == 0) break;
+ if (i < 0)
+ {
+ perror("reading certificate");
+ goto end;
+ }
+ }
+ p=(unsigned char *)buf->data;
+ op=p;
+
+ /* First load the header */
+ if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
+ goto end;
+ if ((ah->header == NULL) || (ah->header->data == NULL) ||
+ (strncmp(CERT_HDR,(char *)ah->header->data,
+ ah->header->length) != 0))
+ {
+ BIO_printf(bio_err,"Error reading header on certificate\n");
+ goto end;
+ }
+ /* header is ok, so now read the object */
+ p=op;
+ ah->meth=X509_asn1_meth();
+ if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
+ goto end;
+ x=(X509 *)ah->data;
+ ah->data=NULL;
+ }
+ else if (format == FORMAT_PEM)
+ x=PEM_read_bio_X509(cert,NULL,NULL);
+ else {
+ BIO_printf(bio_err,"bad input format specified for input cert\n");
+ goto end;
+ }
+end:
+ if (x == NULL)
+ {
+ BIO_printf(bio_err,"unable to load certificate\n");
+ ERR_print_errors(bio_err);
+ }
+ if (ah != NULL) ASN1_HEADER_free(ah);
+ if (cert != NULL) BIO_free(cert);
+ if (buf != NULL) BUF_MEM_free(buf);
+ return(x);
+ }
+
+/* self sign */
+static int sign(x, pkey, days, digest)
+X509 *x;
+EVP_PKEY *pkey;
+int days;
+EVP_MD *digest;
+ {
+
+ EVP_PKEY_copy_parameters(X509_get_pubkey(x),pkey);
+ EVP_PKEY_save_parameters(X509_get_pubkey(x),1);
+
+ if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
+ if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
+
+ /* Lets just make it 12:00am GMT, Jan 1 1970 */
+ /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
+ /* 28 days to be certified */
+
+ if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+ goto err;
+
+ if (!X509_set_pubkey(x,pkey)) goto err;
+ if (!X509_sign(x,pkey,digest)) goto err;
+ return(1);
+err:
+ ERR_print_errors(bio_err);
+ return(0);
+ }
