aboutsummaryrefslogtreecommitdiff
path: root/openssl/demos
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/demos')
-rw-r--r--openssl/demos/cms/cacert.pem18
-rw-r--r--openssl/demos/cms/cakey.pem15
-rw-r--r--openssl/demos/cms/cms_comp.c61
-rw-r--r--openssl/demos/cms/cms_ddec.c89
-rw-r--r--openssl/demos/cms/cms_dec.c79
-rw-r--r--openssl/demos/cms/cms_denc.c97
-rw-r--r--openssl/demos/cms/cms_enc.c92
-rw-r--r--openssl/demos/cms/cms_sign.c89
-rw-r--r--openssl/demos/cms/cms_sign2.c103
-rw-r--r--openssl/demos/cms/cms_uncomp.c56
-rw-r--r--openssl/demos/cms/cms_ver.c87
-rw-r--r--openssl/demos/cms/comp.txt22
-rw-r--r--openssl/demos/cms/encr.txt3
-rw-r--r--openssl/demos/cms/sign.txt3
-rw-r--r--openssl/demos/cms/signer.pem32
-rw-r--r--openssl/demos/cms/signer2.pem32
-rw-r--r--openssl/demos/engines/rsaref/build.com34
-rw-r--r--openssl/demos/jpake/Makefile7
-rw-r--r--openssl/demos/jpake/jpakedemo.c469
-rw-r--r--openssl/demos/pkcs12/pkread.c4
-rw-r--r--openssl/demos/smime/cacert.pem18
-rw-r--r--openssl/demos/smime/cakey.pem15
-rw-r--r--openssl/demos/smime/encr.txt3
-rw-r--r--openssl/demos/smime/sign.txt3
-rw-r--r--openssl/demos/smime/signer.pem32
-rw-r--r--openssl/demos/smime/signer2.pem32
-rw-r--r--openssl/demos/smime/smdec.c83
-rw-r--r--openssl/demos/smime/smenc.c92
-rw-r--r--openssl/demos/smime/smsign.c89
-rw-r--r--openssl/demos/smime/smsign2.c107
-rw-r--r--openssl/demos/smime/smver.c87
-rw-r--r--openssl/demos/tunala/autoungunk.sh3
-rw-r--r--openssl/demos/tunala/cb.c23
-rw-r--r--openssl/demos/tunala/tunala.c8
-rw-r--r--openssl/demos/x509/mkcert.c2
-rw-r--r--openssl/demos/x509/mkreq.c2
36 files changed, 1498 insertions, 493 deletions
diff --git a/openssl/demos/cms/cacert.pem b/openssl/demos/cms/cacert.pem
new file mode 100644
index 000000000..75cbb347a
--- /dev/null
+++ b/openssl/demos/cms/cacert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3
+WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD
+aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN
+RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz
+i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR
+ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT
+jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx
+CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B
+SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD
+VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB
+ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc
+G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo
+u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF
+1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw==
+-----END CERTIFICATE-----
diff --git a/openssl/demos/cms/cakey.pem b/openssl/demos/cms/cakey.pem
new file mode 100644
index 000000000..3b53c5e81
--- /dev/null
+++ b/openssl/demos/cms/cakey.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd
+c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3
+dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB
+AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5
+HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs
+tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS
+rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18
+9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u
+jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is
+uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU
++VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP
+wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW
+8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl/demos/cms/cms_comp.c b/openssl/demos/cms/cms_comp.c
new file mode 100644
index 000000000..b7943e813
--- /dev/null
+++ b/openssl/demos/cms/cms_comp.c
@@ -0,0 +1,61 @@
+/* Simple S/MIME compress example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL;
+ CMS_ContentInfo *cms = NULL;
+ int ret = 1;
+
+ /*
+ * On OpenSSL 0.9.9 only:
+ * for streaming set CMS_STREAM
+ */
+ int flags = CMS_STREAM;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Open content being compressed */
+
+ in = BIO_new_file("comp.txt", "r");
+
+ if (!in)
+ goto err;
+
+ /* compress content */
+ cms = CMS_compress(in, NID_zlib_compression, flags);
+
+ if (!cms)
+ goto err;
+
+ out = BIO_new_file("smcomp.txt", "w");
+ if (!out)
+ goto err;
+
+ /* Write out S/MIME message */
+ if (!SMIME_write_CMS(out, cms, in, flags))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Compressing Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/cms/cms_ddec.c b/openssl/demos/cms/cms_ddec.c
new file mode 100644
index 000000000..ba68cfdf7
--- /dev/null
+++ b/openssl/demos/cms/cms_ddec.c
@@ -0,0 +1,89 @@
+/* S/MIME detached data decrypt example: rarely done but
+ * should the need arise this is an example....
+ */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL;
+ X509 *rcert = NULL;
+ EVP_PKEY *rkey = NULL;
+ CMS_ContentInfo *cms = NULL;
+ int ret = 1;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Read in recipient certificate and private key */
+ tbio = BIO_new_file("signer.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ BIO_reset(tbio);
+
+ rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+ if (!rcert || !rkey)
+ goto err;
+
+ /* Open PEM file containing enveloped data */
+
+ in = BIO_new_file("smencr.pem", "r");
+
+ if (!in)
+ goto err;
+
+ /* Parse PEM content */
+ cms = PEM_read_bio_CMS(in, NULL, 0, NULL);
+
+ if (!cms)
+ goto err;
+
+ /* Open file containing detached content */
+ dcont = BIO_new_file("smencr.out", "rb");
+
+ if (!in)
+ goto err;
+
+ out = BIO_new_file("encrout.txt", "w");
+ if (!out)
+ goto err;
+
+ /* Decrypt S/MIME message */
+ if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Decrypting Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ if (rcert)
+ X509_free(rcert);
+ if (rkey)
+ EVP_PKEY_free(rkey);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+ if (dcont)
+ BIO_free(dcont);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/cms/cms_dec.c b/openssl/demos/cms/cms_dec.c
new file mode 100644
index 000000000..7ddf65326
--- /dev/null
+++ b/openssl/demos/cms/cms_dec.c
@@ -0,0 +1,79 @@
+/* Simple S/MIME decryption example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL;
+ X509 *rcert = NULL;
+ EVP_PKEY *rkey = NULL;
+ CMS_ContentInfo *cms = NULL;
+ int ret = 1;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Read in recipient certificate and private key */
+ tbio = BIO_new_file("signer.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ BIO_reset(tbio);
+
+ rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+ if (!rcert || !rkey)
+ goto err;
+
+ /* Open S/MIME message to decrypt */
+
+ in = BIO_new_file("smencr.txt", "r");
+
+ if (!in)
+ goto err;
+
+ /* Parse message */
+ cms = SMIME_read_CMS(in, NULL);
+
+ if (!cms)
+ goto err;
+
+ out = BIO_new_file("decout.txt", "w");
+ if (!out)
+ goto err;
+
+ /* Decrypt S/MIME message */
+ if (!CMS_decrypt(cms, rkey, rcert, out, NULL, 0))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Decrypting Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ if (rcert)
+ X509_free(rcert);
+ if (rkey)
+ EVP_PKEY_free(rkey);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/cms/cms_denc.c b/openssl/demos/cms/cms_denc.c
new file mode 100644
index 000000000..9265e47bf
--- /dev/null
+++ b/openssl/demos/cms/cms_denc.c
@@ -0,0 +1,97 @@
+/* S/MIME detached data encrypt example: rarely done but
+ * should the need arise this is an example....
+ */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL;
+ X509 *rcert = NULL;
+ STACK_OF(X509) *recips = NULL;
+ CMS_ContentInfo *cms = NULL;
+ int ret = 1;
+
+ int flags = CMS_STREAM|CMS_DETACHED;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Read in recipient certificate */
+ tbio = BIO_new_file("signer.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ if (!rcert)
+ goto err;
+
+ /* Create recipient STACK and add recipient cert to it */
+ recips = sk_X509_new_null();
+
+ if (!recips || !sk_X509_push(recips, rcert))
+ goto err;
+
+ /* sk_X509_pop_free will free up recipient STACK and its contents
+ * so set rcert to NULL so it isn't freed up twice.
+ */
+ rcert = NULL;
+
+ /* Open content being encrypted */
+
+ in = BIO_new_file("encr.txt", "r");
+
+ dout = BIO_new_file("smencr.out", "wb");
+
+ if (!in)
+ goto err;
+
+ /* encrypt content */
+ cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
+
+ if (!cms)
+ goto err;
+
+ out = BIO_new_file("smencr.pem", "w");
+ if (!out)
+ goto err;
+
+ if (!CMS_final(cms, in, dout, flags))
+ goto err;
+
+ /* Write out CMS structure without content */
+ if (!PEM_write_bio_CMS(out, cms))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Encrypting Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ if (rcert)
+ X509_free(rcert);
+ if (recips)
+ sk_X509_pop_free(recips, X509_free);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (dout)
+ BIO_free(dout);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/cms/cms_enc.c b/openssl/demos/cms/cms_enc.c
new file mode 100644
index 000000000..916b479d3
--- /dev/null
+++ b/openssl/demos/cms/cms_enc.c
@@ -0,0 +1,92 @@
+/* Simple S/MIME encrypt example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL;
+ X509 *rcert = NULL;
+ STACK_OF(X509) *recips = NULL;
+ CMS_ContentInfo *cms = NULL;
+ int ret = 1;
+
+ /*
+ * On OpenSSL 1.0.0 and later only:
+ * for streaming set CMS_STREAM
+ */
+ int flags = CMS_STREAM;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Read in recipient certificate */
+ tbio = BIO_new_file("signer.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ if (!rcert)
+ goto err;
+
+ /* Create recipient STACK and add recipient cert to it */
+ recips = sk_X509_new_null();
+
+ if (!recips || !sk_X509_push(recips, rcert))
+ goto err;
+
+ /* sk_X509_pop_free will free up recipient STACK and its contents
+ * so set rcert to NULL so it isn't freed up twice.
+ */
+ rcert = NULL;
+
+ /* Open content being encrypted */
+
+ in = BIO_new_file("encr.txt", "r");
+
+ if (!in)
+ goto err;
+
+ /* encrypt content */
+ cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
+
+ if (!cms)
+ goto err;
+
+ out = BIO_new_file("smencr.txt", "w");
+ if (!out)
+ goto err;
+
+ /* Write out S/MIME message */
+ if (!SMIME_write_CMS(out, cms, in, flags))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Encrypting Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ if (rcert)
+ X509_free(rcert);
+ if (recips)
+ sk_X509_pop_free(recips, X509_free);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/cms/cms_sign.c b/openssl/demos/cms/cms_sign.c
new file mode 100644
index 000000000..42f762034
--- /dev/null
+++ b/openssl/demos/cms/cms_sign.c
@@ -0,0 +1,89 @@
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL;
+ X509 *scert = NULL;
+ EVP_PKEY *skey = NULL;
+ CMS_ContentInfo *cms = NULL;
+ int ret = 1;
+
+ /* For simple S/MIME signing use CMS_DETACHED.
+ * On OpenSSL 0.9.9 only:
+ * for streaming detached set CMS_DETACHED|CMS_STREAM
+ * for streaming non-detached set CMS_STREAM
+ */
+ int flags = CMS_DETACHED|CMS_STREAM;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Read in signer certificate and private key */
+ tbio = BIO_new_file("signer.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ BIO_reset(tbio);
+
+ skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+ if (!scert || !skey)
+ goto err;
+
+ /* Open content being signed */
+
+ in = BIO_new_file("sign.txt", "r");
+
+ if (!in)
+ goto err;
+
+ /* Sign content */
+ cms = CMS_sign(scert, skey, NULL, in, flags);
+
+ if (!cms)
+ goto err;
+
+ out = BIO_new_file("smout.txt", "w");
+ if (!out)
+ goto err;
+
+ if (!(flags & CMS_STREAM))
+ BIO_reset(in);
+
+ /* Write out S/MIME message */
+ if (!SMIME_write_CMS(out, cms, in, flags))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Signing Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ if (scert)
+ X509_free(scert);
+ if (skey)
+ EVP_PKEY_free(skey);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/cms/cms_sign2.c b/openssl/demos/cms/cms_sign2.c
new file mode 100644
index 000000000..36adee730
--- /dev/null
+++ b/openssl/demos/cms/cms_sign2.c
@@ -0,0 +1,103 @@
+/* S/MIME signing example: 2 signers */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL;
+ X509 *scert = NULL, *scert2 = NULL;
+ EVP_PKEY *skey = NULL, *skey2 = NULL;
+ CMS_ContentInfo *cms = NULL;
+ int ret = 1;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ tbio = BIO_new_file("signer.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ BIO_reset(tbio);
+
+ skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+ BIO_free(tbio);
+
+ tbio = BIO_new_file("signer2.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ BIO_reset(tbio);
+
+ skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+ if (!scert2 || !skey2)
+ goto err;
+
+ in = BIO_new_file("sign.txt", "r");
+
+ if (!in)
+ goto err;
+
+ cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM|CMS_PARTIAL);
+
+ if (!cms)
+ goto err;
+
+ /* Add each signer in turn */
+
+ if (!CMS_add1_signer(cms, scert, skey, NULL, 0))
+ goto err;
+
+ if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0))
+ goto err;
+
+ out = BIO_new_file("smout.txt", "w");
+ if (!out)
+ goto err;
+
+ /* NB: content included and finalized by SMIME_write_CMS */
+
+ if (!SMIME_write_CMS(out, cms, in, CMS_STREAM))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Signing Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+
+ if (scert)
+ X509_free(scert);
+ if (skey)
+ EVP_PKEY_free(skey);
+
+ if (scert2)
+ X509_free(scert2);
+ if (skey)
+ EVP_PKEY_free(skey2);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/cms/cms_uncomp.c b/openssl/demos/cms/cms_uncomp.c
new file mode 100644
index 000000000..f15ae2f13
--- /dev/null
+++ b/openssl/demos/cms/cms_uncomp.c
@@ -0,0 +1,56 @@
+/* Simple S/MIME uncompression example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL;
+ CMS_ContentInfo *cms = NULL;
+ int ret = 1;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Open compressed content */
+
+ in = BIO_new_file("smcomp.txt", "r");
+
+ if (!in)
+ goto err;
+
+ /* Sign content */
+ cms = SMIME_read_CMS(in, NULL);
+
+ if (!cms)
+ goto err;
+
+ out = BIO_new_file("smuncomp.txt", "w");
+ if (!out)
+ goto err;
+
+ /* Uncompress S/MIME message */
+ if (!CMS_uncompress(cms, out, NULL, 0))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Uncompressing Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/cms/cms_ver.c b/openssl/demos/cms/cms_ver.c
new file mode 100644
index 000000000..bf1145ed8
--- /dev/null
+++ b/openssl/demos/cms/cms_ver.c
@@ -0,0 +1,87 @@
+/* Simple S/MIME verification example */
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
+ X509_STORE *st = NULL;
+ X509 *cacert = NULL;
+ CMS_ContentInfo *cms = NULL;
+
+ int ret = 1;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Set up trusted CA certificate store */
+
+ st = X509_STORE_new();
+
+ /* Read in CA certificate */
+ tbio = BIO_new_file("cacert.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ if (!cacert)
+ goto err;
+
+ if (!X509_STORE_add_cert(st, cacert))
+ goto err;
+
+ /* Open message being verified */
+
+ in = BIO_new_file("smout.txt", "r");
+
+ if (!in)
+ goto err;
+
+ /* parse message */
+ cms = SMIME_read_CMS(in, &cont);
+
+ if (!cms)
+ goto err;
+
+ /* File to output verified content to */
+ out = BIO_new_file("smver.txt", "w");
+ if (!out)
+ goto err;
+
+ if (!CMS_verify(cms, NULL, st, cont, out, 0))
+ {
+ fprintf(stderr, "Verification Failure\n");
+ goto err;
+ }
+
+ fprintf(stderr, "Verification Successful\n");
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Verifying Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+
+ if (cacert)
+ X509_free(cacert);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/cms/comp.txt b/openssl/demos/cms/comp.txt
new file mode 100644
index 000000000..1672328e7
--- /dev/null
+++ b/openssl/demos/cms/comp.txt
@@ -0,0 +1,22 @@
+Content-type: text/plain
+
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
+Some Text To be Compressed
diff --git a/openssl/demos/cms/encr.txt b/openssl/demos/cms/encr.txt
new file mode 100644
index 000000000..0eceb407b
--- /dev/null
+++ b/openssl/demos/cms/encr.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Sample OpenSSL Data for CMS encryption
diff --git a/openssl/demos/cms/sign.txt b/openssl/demos/cms/sign.txt
new file mode 100644
index 000000000..c3f9d73d6
--- /dev/null
+++ b/openssl/demos/cms/sign.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Test OpenSSL CMS Signed Content
diff --git a/openssl/demos/cms/signer.pem b/openssl/demos/cms/signer.pem
new file mode 100644
index 000000000..bac16ba96
--- /dev/null
+++ b/openssl/demos/cms/signer.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
+WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
+jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
+ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
+gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
+MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
++Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
+lDiQlgX0JtmLgA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
+1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
+Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
+AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
+mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
+wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
+04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
+qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
+YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
+sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
+4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
+7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
+xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl/demos/cms/signer2.pem b/openssl/demos/cms/signer2.pem
new file mode 100644
index 000000000..25e23d131
--- /dev/null
+++ b/openssl/demos/cms/signer2.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0
+WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ
+jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW
+ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW
+GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X
+h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4
+aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR
+2aX6rl2JEuJ5Yg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM
+nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f
+nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB
+AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF
+6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2
+CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf
+m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX
+2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr
+upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4
+ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL
+SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk
+gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX
+pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl/demos/engines/rsaref/build.com b/openssl/demos/engines/rsaref/build.com
index b95691291..72b013d45 100644
--- a/openssl/demos/engines/rsaref/build.com
+++ b/openssl/demos/engines/rsaref/build.com
@@ -7,6 +7,14 @@ $ write sys$error "RSAref 2.0 hasn't been properly extracted."
$ exit
$ endif
$
+$ if (f$getsyi("cpu").lt.128)
+$ then
+$ arch := vax
+$ else
+$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if (arch .eqs. "") then arch = "UNK"
+$ endif
+$
$ _save_default = f$environment("default")
$ set default [.install]
$ files := desc,digit,md2c,md5c,nn,prime,-
@@ -29,14 +37,8 @@ $ set default [-]
$ define/user openssl [---.include.openssl]
$ cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c
$
-$ if f$getsyi("CPU") .ge. 128
+$ if arch .eqs. "VAX"
$ then
-$ link/share=librsaref.exe sys$input:/option
-[]rsaref.obj
-[.install]rsaref.olb/lib
-[---.axp.exe.crypto]libcrypto.olb/lib
-symbol_vector=(bind_engine=procedure,v_check=procedure)
-$ else
$ macro/object=rsaref_vec.obj sys$input:
;
; Transfer vector for VAX shareable image
@@ -80,6 +82,24 @@ PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
[]rsaref.obj
[.install]rsaref.olb/lib
[---.vax.exe.crypto]libcrypto.olb/lib
+$ else
+$ if arch_name .eqs. "ALPHA"
+$ then
+$ link/share=librsaref.exe sys$input:/option
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.alpha.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$ else
+$ if arch_name .eqs. "IA64"
+$ then
+$ link /shareable=librsaref.exe sys$input: /options
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.ia64.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$ endif
+$ endif
$ endif
$
$ set default '_save_default'
diff --git a/openssl/demos/jpake/Makefile b/openssl/demos/jpake/Makefile
deleted file mode 100644
index 09b8f03d0..000000000
--- a/openssl/demos/jpake/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-LDFLAGS=-L../.. -lcrypto
-CFLAGS=-I../../include -Wall -Werror -g
-
-all: jpakedemo
-
-jpakedemo: jpakedemo.o
- $(CC) -g -o jpakedemo jpakedemo.o $(LDFLAGS)
diff --git a/openssl/demos/jpake/jpakedemo.c b/openssl/demos/jpake/jpakedemo.c
deleted file mode 100644
index 338a8810d..000000000
--- a/openssl/demos/jpake/jpakedemo.c
+++ /dev/null
@@ -1,469 +0,0 @@
-#include "openssl/bn.h"
-#include "openssl/sha.h"
-#include <assert.h>
-#include <string.h>
-#include <stdlib.h>
-
-/* Copyright (C) 2008 Ben Laurie (ben@links.org) */
-
-/*
- * Implement J-PAKE, as described in
- * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
- *
- * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
- */
-
-static void showbn(const char *name, const BIGNUM *bn)
- {
- fputs(name, stdout);
- fputs(" = ", stdout);
- BN_print_fp(stdout, bn);
- putc('\n', stdout);
- }
-
-typedef struct
- {
- BN_CTX *ctx; // Perhaps not the best place for this?
- BIGNUM *p;
- BIGNUM *q;
- BIGNUM *g;
- } JPakeParameters;
-
-static void JPakeParametersInit(JPakeParameters *params)
- {
- params->ctx = BN_CTX_new();
-
- // For now use p, q, g from Java sample code. Later, generate them.
- params->p = NULL;
- BN_hex2bn(&params->p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
- params->q = NULL;
- BN_hex2bn(&params->q, "9760508f15230bccb292b982a2eb840bf0581cf5");
- params->g = NULL;
- BN_hex2bn(&params->g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
-
- showbn("p", params->p);
- showbn("q", params->q);
- showbn("g", params->g);
- }
-
-typedef struct
- {
- BIGNUM *gr; // g^r (r random)
- BIGNUM *b; // b = r - x*h, h=hash(g, g^r, g^x, name)
- } JPakeZKP;
-
-typedef struct
- {
- BIGNUM *gx; // g^x
- JPakeZKP zkpx; // ZKP(x)
- } JPakeStep1;
-
-typedef struct
- {
- BIGNUM *X; // g^(xa + xc + xd) * xb * s
- JPakeZKP zkpxbs; // ZKP(xb * s)
- } JPakeStep2;
-
-typedef struct
- {
- const char *name; // Must be unique
- int base; // 1 for Alice, 3 for Bob. Only used for printing stuff.
- JPakeStep1 s1c; // Alice's g^x3, ZKP(x3) or Bob's g^x1, ZKP(x1)
- JPakeStep1 s1d; // Alice's g^x4, ZKP(x4) or Bob's g^x2, ZKP(x2)
- JPakeStep2 s2; // Alice's A, ZKP(x2 * s) or Bob's B, ZKP(x4 * s)
- } JPakeUserPublic;
-
-/*
- * The user structure. In the definition, (xa, xb, xc, xd) are Alice's
- * (x1, x2, x3, x4) or Bob's (x3, x4, x1, x2). If you see what I mean.
- */
-typedef struct
- {
- JPakeUserPublic p;
- BIGNUM *secret; // The shared secret
- BIGNUM *key; // The calculated (shared) key
- BIGNUM *xa; // Alice's x1 or Bob's x3
- BIGNUM *xb; // Alice's x2 or Bob's x4
- } JPakeUser;
-
-// Generate each party's random numbers. xa is in [0, q), xb is in [1, q).
-static void genrand(JPakeUser *user, const JPakeParameters *params)
- {
- BIGNUM *qm1;
-
- // xa in [0, q)
- user->xa = BN_new();
- BN_rand_range(user->xa, params->q);
-
- // q-1
- qm1 = BN_new();
- BN_copy(qm1, params->q);
- BN_sub_word(qm1, 1);
-
- // ... and xb in [0, q-1)
- user->xb = BN_new();
- BN_rand_range(user->xb, qm1);
- // [1, q)
- BN_add_word(user->xb, 1);
-
- // cleanup
- BN_free(qm1);
-
- // Show
- printf("x%d", user->p.base);
- showbn("", user->xa);
- printf("x%d", user->p.base+1);
- showbn("", user->xb);
- }
-
-static void hashlength(SHA_CTX *sha, size_t l)
- {
- unsigned char b[2];
-
- assert(l <= 0xffff);
- b[0] = l >> 8;
- b[1] = l&0xff;
- SHA1_Update(sha, b, 2);
- }
-
-static void hashstring(SHA_CTX *sha, const char *string)
- {
- size_t l = strlen(string);
-
- hashlength(sha, l);
- SHA1_Update(sha, string, l);
- }
-
-static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
- {
- size_t l = BN_num_bytes(bn);
- unsigned char *bin = alloca(l);
-
- hashlength(sha, l);
- BN_bn2bin(bn, bin);
- SHA1_Update(sha, bin, l);
- }
-
-// h=hash(g, g^r, g^x, name)
-static void zkpHash(BIGNUM *h, const JPakeZKP *zkp, const BIGNUM *gx,
- const JPakeUserPublic *from, const JPakeParameters *params)
- {
- unsigned char md[SHA_DIGEST_LENGTH];
- SHA_CTX sha;
-
- // XXX: hash should not allow moving of the boundaries - Java code
- // is flawed in this respect. Length encoding seems simplest.
- SHA1_Init(&sha);
- hashbn(&sha, params->g);
- hashbn(&sha, zkp->gr);
- hashbn(&sha, gx);
- hashstring(&sha, from->name);
- SHA1_Final(md, &sha);
- BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
- }
-
-// Prove knowledge of x
-// Note that we don't send g^x because, as it happens, we've always
-// sent it elsewhere. Also note that because of that, we could avoid
-// calculating it here, but we don't, for clarity...
-static void CreateZKP(JPakeZKP *zkp, const BIGNUM *x, const JPakeUser *us,
- const BIGNUM *zkpg, const JPakeParameters *params,
- int n, const char *suffix)
- {
- BIGNUM *r = BN_new();
- BIGNUM *gx = BN_new();
- BIGNUM *h = BN_new();
- BIGNUM *t = BN_new();
-
- // r in [0,q)
- // XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
- BN_rand_range(r, params->q);
- // g^r
- zkp->gr = BN_new();
- BN_mod_exp(zkp->gr, zkpg, r, params->p, params->ctx);
- // g^x
- BN_mod_exp(gx, zkpg, x, params->p, params->ctx);
-
- // h=hash...
- zkpHash(h, zkp, gx, &us->p, params);
-
- // b = r - x*h
- BN_mod_mul(t, x, h, params->q, params->ctx);
- zkp->b = BN_new();
- BN_mod_sub(zkp->b, r, t, params->q, params->ctx);
-
- // show
- printf(" ZKP(x%d%s)\n", n, suffix);
- showbn(" zkpg", zkpg);
- showbn(" g^x", gx);
- showbn(" g^r", zkp->gr);
- showbn(" b", zkp->b);
-
- // cleanup
- BN_free(t);
- BN_free(h);
- BN_free(gx);
- BN_free(r);
- }
-
-static int VerifyZKP(const JPakeZKP *zkp, BIGNUM *gx,
- const JPakeUserPublic *them, const BIGNUM *zkpg,
- const JPakeParameters *params, int n, const char *suffix)
- {
- BIGNUM *h = BN_new();
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
- BIGNUM *t3 = BN_new();
- int ret = 0;
-
- zkpHash(h, zkp, gx, them, params);
-
- // t1 = g^b
- BN_mod_exp(t1, zkpg, zkp->b, params->p, params->ctx);
- // t2 = (g^x)^h = g^{hx}
- BN_mod_exp(t2, gx, h, params->p, params->ctx);
- // t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly)
- BN_mod_mul(t3, t1, t2, params->p, params->ctx);
-
- printf(" ZKP(x%d%s)\n", n, suffix);
- showbn(" zkpg", zkpg);
- showbn(" g^r'", t3);
-
- // verify t3 == g^r
- if(BN_cmp(t3, zkp->gr) == 0)
- ret = 1;
-
- // cleanup
- BN_free(t3);
- BN_free(t2);
- BN_free(t1);
- BN_free(h);
-
- if(ret)
- puts(" OK");
- else
- puts(" FAIL");
-
- return ret;
- }
-
-static void sendstep1_substep(JPakeStep1 *s1, const BIGNUM *x,
- const JPakeUser *us,
- const JPakeParameters *params, int n)
- {
- s1->gx = BN_new();
- BN_mod_exp(s1->gx, params->g, x, params->p, params->ctx);
- printf(" g^{x%d}", n);
- showbn("", s1->gx);
-
- CreateZKP(&s1->zkpx, x, us, params->g, params, n, "");
- }
-
-static void sendstep1(const JPakeUser *us, JPakeUserPublic *them,
- const JPakeParameters *params)
- {
- printf("\n%s sends %s:\n\n", us->p.name, them->name);
-
- // from's g^xa (which becomes to's g^xc) and ZKP(xa)
- sendstep1_substep(&them->s1c, us->xa, us, params, us->p.base);
- // from's g^xb (which becomes to's g^xd) and ZKP(xb)
- sendstep1_substep(&them->s1d, us->xb, us, params, us->p.base+1);
- }
-
-static int verifystep1(const JPakeUser *us, const JPakeUserPublic *them,
- const JPakeParameters *params)
- {
- printf("\n%s verifies %s:\n\n", us->p.name, them->name);
-
- // verify their ZKP(xc)
- if(!VerifyZKP(&us->p.s1c.zkpx, us->p.s1c.gx, them, params->g, params,
- them->base, ""))
- return 0;
-
- // verify their ZKP(xd)
- if(!VerifyZKP(&us->p.s1d.zkpx, us->p.s1d.gx, them, params->g, params,
- them->base+1, ""))
- return 0;
-
- // g^xd != 1
- printf(" g^{x%d} != 1: ", them->base+1);
- if(BN_is_one(us->p.s1d.gx))
- {
- puts("FAIL");
- return 0;
- }
- puts("OK");
-
- return 1;
- }
-
-static void sendstep2(const JPakeUser *us, JPakeUserPublic *them,
- const JPakeParameters *params)
- {
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
-
- printf("\n%s sends %s:\n\n", us->p.name, them->name);
-
- // X = g^{(xa + xc + xd) * xb * s}
- // t1 = g^xa
- BN_mod_exp(t1, params->g, us->xa, params->p, params->ctx);
- // t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc}
- BN_mod_mul(t2, t1, us->p.s1c.gx, params->p, params->ctx);
- // t1 = t2 * g^{xd} = g^{xa + xc + xd}
- BN_mod_mul(t1, t2, us->p.s1d.gx, params->p, params->ctx);
- // t2 = xb * s
- BN_mod_mul(t2, us->xb, us->secret, params->q, params->ctx);
- // X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
- them->s2.X = BN_new();
- BN_mod_exp(them->s2.X, t1, t2, params->p, params->ctx);
-
- // Show
- printf(" g^{(x%d + x%d + x%d) * x%d * s)", us->p.base, them->base,
- them->base+1, us->p.base+1);
- showbn("", them->s2.X);
-
- // ZKP(xb * s)
- // XXX: this is kinda funky, because we're using
- //
- // g' = g^{xa + xc + xd}
- //
- // as the generator, which means X is g'^{xb * s}
- CreateZKP(&them->s2.zkpxbs, t2, us, t1, params, us->p.base+1, " * s");
-
- // cleanup
- BN_free(t1);
- BN_free(t2);
- }
-
-static int verifystep2(const JPakeUser *us, const JPakeUserPublic *them,
- const JPakeParameters *params)
- {
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
- int ret = 0;
-
- printf("\n%s verifies %s:\n\n", us->p.name, them->name);
-
- // g' = g^{xc + xa + xb} [from our POV]
- // t1 = xa + xb
- BN_mod_add(t1, us->xa, us->xb, params->q, params->ctx);
- // t2 = g^{t1} = g^{xa+xb}
- BN_mod_exp(t2, params->g, t1, params->p, params->ctx);
- // t1 = g^{xc} * t2 = g^{xc + xa + xb}
- BN_mod_mul(t1, us->p.s1c.gx, t2, params->p, params->ctx);
-
- if(VerifyZKP(&us->p.s2.zkpxbs, us->p.s2.X, them, t1, params, them->base+1,
- " * s"))
- ret = 1;
-
- // cleanup
- BN_free(t2);
- BN_free(t1);
-
- return ret;
- }
-
-static void computekey(JPakeUser *us, const JPakeParameters *params)
- {
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
- BIGNUM *t3 = BN_new();
-
- printf("\n%s calculates the shared key:\n\n", us->p.name);
-
- // K = (X/g^{xb * xd * s})^{xb}
- // = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
- // = (g^{(xa + xc) * xd * s})^{xb}
- // = g^{(xa + xc) * xb * xd * s}
- // [which is the same regardless of who calculates it]
-
- // t1 = (g^{xd})^{xb} = g^{xb * xd}
- BN_mod_exp(t1, us->p.s1d.gx, us->xb, params->p, params->ctx);
- // t2 = -s = q-s
- BN_sub(t2, params->q, us->secret);
- // t3 = t1^t2 = g^{-xb * xd * s}
- BN_mod_exp(t3, t1, t2, params->p, params->ctx);
- // t1 = X * t3 = X/g^{xb * xd * s}
- BN_mod_mul(t1, us->p.s2.X, t3, params->p, params->ctx);
- // K = t1^{xb}
- us->key = BN_new();
- BN_mod_exp(us->key, t1, us->xb, params->p, params->ctx);
-
- // show
- showbn(" K", us->key);
-
- // cleanup
- BN_free(t3);
- BN_free(t2);
- BN_free(t1);
- }
-
-int main(int argc, char **argv)
- {
- JPakeParameters params;
- JPakeUser alice, bob;
-
- alice.p.name = "Alice";
- alice.p.base = 1;
- bob.p.name = "Bob";
- bob.p.base = 3;
-
- JPakeParametersInit(&params);
-
- // Shared secret
- alice.secret = BN_new();
- BN_rand(alice.secret, 32, -1, 0);
- bob.secret = alice.secret;
- showbn("secret", alice.secret);
-
- assert(BN_cmp(alice.secret, params.q) < 0);
-
- // Alice's x1, x2
- genrand(&alice, &params);
-
- // Bob's x3, x4
- genrand(&bob, &params);
-
- // Now send stuff to each other...
- sendstep1(&alice, &bob.p, &params);
- sendstep1(&bob, &alice.p, &params);
-
- // And verify what each other sent
- if(!verifystep1(&alice, &bob.p, &params))
- return 1;
- if(!verifystep1(&bob, &alice.p, &params))
- return 2;
-
- // Second send
- sendstep2(&alice, &bob.p, &params);
- sendstep2(&bob, &alice.p, &params);
-
- // And second verify
- if(!verifystep2(&alice, &bob.p, &params))
- return 3;
- if(!verifystep2(&bob, &alice.p, &params))
- return 4;
-
- // Compute common key
- computekey(&alice, &params);
- computekey(&bob, &params);
-
- // Confirm the common key is identical
- // XXX: if the two secrets are not the same, everything works up
- // to this point, so the only way to detect a failure is by the
- // difference in the calculated keys.
- // Since we're all the same code, just compare them directly. In a
- // real system, Alice sends Bob H(H(K)), Bob checks it, then sends
- // back H(K), which Alice checks, or something equivalent.
- puts("\nAlice and Bob check keys are the same:");
- if(BN_cmp(alice.key, bob.key) == 0)
- puts(" OK");
- else
- {
- puts(" FAIL");
- return 5;
- }
-
- return 0;
- }
diff --git a/openssl/demos/pkcs12/pkread.c b/openssl/demos/pkcs12/pkread.c
index 8e1b68631..fa8f50923 100644
--- a/openssl/demos/pkcs12/pkread.c
+++ b/openssl/demos/pkcs12/pkread.c
@@ -20,7 +20,7 @@ int main(int argc, char **argv)
fprintf(stderr, "Usage: pkread p12file password opfile\n");
exit (1);
}
- SSLeay_add_all_algorithms();
+ OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
if (!(fp = fopen(argv[1], "rb"))) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
@@ -51,7 +51,7 @@ int main(int argc, char **argv)
fprintf(fp, "***User Certificate***\n");
PEM_write_X509_AUX(fp, cert);
}
- if (ca && sk_num(ca)) {
+ if (ca && sk_X509_num(ca)) {
fprintf(fp, "***Other Certificates***\n");
for (i = 0; i < sk_X509_num(ca); i++)
PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
diff --git a/openssl/demos/smime/cacert.pem b/openssl/demos/smime/cacert.pem
new file mode 100644
index 000000000..75cbb347a
--- /dev/null
+++ b/openssl/demos/smime/cacert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3
+WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD
+aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN
+RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz
+i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR
+ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT
+jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx
+CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B
+SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD
+VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB
+ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc
+G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo
+u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF
+1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw==
+-----END CERTIFICATE-----
diff --git a/openssl/demos/smime/cakey.pem b/openssl/demos/smime/cakey.pem
new file mode 100644
index 000000000..3b53c5e81
--- /dev/null
+++ b/openssl/demos/smime/cakey.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd
+c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3
+dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB
+AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5
+HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs
+tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS
+rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18
+9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u
+jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is
+uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU
++VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP
+wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW
+8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg==
+-----END RSA PRIVATE KEY-----
diff --git a/openssl/demos/smime/encr.txt b/openssl/demos/smime/encr.txt
new file mode 100644
index 000000000..f163a326e
--- /dev/null
+++ b/openssl/demos/smime/encr.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Sample OpenSSL Data for PKCS#7 encryption
diff --git a/openssl/demos/smime/sign.txt b/openssl/demos/smime/sign.txt
new file mode 100644
index 000000000..af1341d0a
--- /dev/null
+++ b/openssl/demos/smime/sign.txt
@@ -0,0 +1,3 @@
+Content-type: text/plain
+
+Test OpenSSL Signed Content
diff --git a/openssl/demos/smime/signer.pem b/openssl/demos/smime/signer.pem
new file mode 100644
index 000000000..bac16ba96
--- /dev/null
+++ b/openssl/demos/smime/signer.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3
+WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz
+jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L
+ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y
+gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX
+MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn
++Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv
+lDiQlgX0JtmLgA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm
+1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH
+Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB
+AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG
+mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o
+wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx
+04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55
+qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc
+YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY
+sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4
+4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid
+7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5
+xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl/demos/smime/signer2.pem b/openssl/demos/smime/signer2.pem
new file mode 100644
index 000000000..25e23d131
--- /dev/null
+++ b/openssl/demos/smime/signer2.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV
+BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv
+dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0
+WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT
+TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl
+bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ
+jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW
+ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW
+GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7
+2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X
+h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4
+aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR
+2aX6rl2JEuJ5Yg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM
+nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f
+nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB
+AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF
+6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2
+CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf
+m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX
+2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr
+upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4
+ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL
+SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk
+gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX
+pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A=
+-----END RSA PRIVATE KEY-----
diff --git a/openssl/demos/smime/smdec.c b/openssl/demos/smime/smdec.c
new file mode 100644
index 000000000..8b1a8545a
--- /dev/null
+++ b/openssl/demos/smime/smdec.c
@@ -0,0 +1,83 @@
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL;
+ X509 *rcert = NULL;
+ EVP_PKEY *rkey = NULL;
+ PKCS7 *p7 = NULL;
+ int ret = 1;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Read in recipient certificate and private key */
+ tbio = BIO_new_file("signer.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ BIO_reset(tbio);
+
+ rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+ if (!rcert || !rkey)
+ goto err;
+
+ /* Open content being signed */
+
+ in = BIO_new_file("smencr.txt", "r");
+
+ if (!in)
+ goto err;
+
+ /* Sign content */
+ p7 = SMIME_read_PKCS7(in, NULL);
+
+ if (!p7)
+ goto err;
+
+ out = BIO_new_file("encrout.txt", "w");
+ if (!out)
+ goto err;
+
+ /* Decrypt S/MIME message */
+ if (!PKCS7_decrypt(p7, rkey, rcert, out, 0))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Signing Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (p7)
+ PKCS7_free(p7);
+ if (rcert)
+ X509_free(rcert);
+ if (rkey)
+ EVP_PKEY_free(rkey);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
+
+
+
+
diff --git a/openssl/demos/smime/smenc.c b/openssl/demos/smime/smenc.c
new file mode 100644
index 000000000..77dd732fc
--- /dev/null
+++ b/openssl/demos/smime/smenc.c
@@ -0,0 +1,92 @@
+/* Simple S/MIME encrypt example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL;
+ X509 *rcert = NULL;
+ STACK_OF(X509) *recips = NULL;
+ PKCS7 *p7 = NULL;
+ int ret = 1;
+
+ /*
+ * On OpenSSL 0.9.9 only:
+ * for streaming set PKCS7_STREAM
+ */
+ int flags = PKCS7_STREAM;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Read in recipient certificate */
+ tbio = BIO_new_file("signer.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ if (!rcert)
+ goto err;
+
+ /* Create recipient STACK and add recipient cert to it */
+ recips = sk_X509_new_null();
+
+ if (!recips || !sk_X509_push(recips, rcert))
+ goto err;
+
+ /* sk_X509_pop_free will free up recipient STACK and its contents
+ * so set rcert to NULL so it isn't freed up twice.
+ */
+ rcert = NULL;
+
+ /* Open content being encrypted */
+
+ in = BIO_new_file("encr.txt", "r");
+
+ if (!in)
+ goto err;
+
+ /* encrypt content */
+ p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
+
+ if (!p7)
+ goto err;
+
+ out = BIO_new_file("smencr.txt", "w");
+ if (!out)
+ goto err;
+
+ /* Write out S/MIME message */
+ if (!SMIME_write_PKCS7(out, p7, in, flags))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Encrypting Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (p7)
+ PKCS7_free(p7);
+ if (rcert)
+ X509_free(rcert);
+ if (recips)
+ sk_X509_pop_free(recips, X509_free);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/smime/smsign.c b/openssl/demos/smime/smsign.c
new file mode 100644
index 000000000..ba78830cf
--- /dev/null
+++ b/openssl/demos/smime/smsign.c
@@ -0,0 +1,89 @@
+/* Simple S/MIME signing example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL;
+ X509 *scert = NULL;
+ EVP_PKEY *skey = NULL;
+ PKCS7 *p7 = NULL;
+ int ret = 1;
+
+ /* For simple S/MIME signing use PKCS7_DETACHED.
+ * On OpenSSL 0.9.9 only:
+ * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM
+ * for streaming non-detached set PKCS7_STREAM
+ */
+ int flags = PKCS7_DETACHED|PKCS7_STREAM;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Read in signer certificate and private key */
+ tbio = BIO_new_file("signer.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ BIO_reset(tbio);
+
+ skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+ if (!scert || !skey)
+ goto err;
+
+ /* Open content being signed */
+
+ in = BIO_new_file("sign.txt", "r");
+
+ if (!in)
+ goto err;
+
+ /* Sign content */
+ p7 = PKCS7_sign(scert, skey, NULL, in, flags);
+
+ if (!p7)
+ goto err;
+
+ out = BIO_new_file("smout.txt", "w");
+ if (!out)
+ goto err;
+
+ if (!(flags & PKCS7_STREAM))
+ BIO_reset(in);
+
+ /* Write out S/MIME message */
+ if (!SMIME_write_PKCS7(out, p7, in, flags))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Signing Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (p7)
+ PKCS7_free(p7);
+ if (scert)
+ X509_free(scert);
+ if (skey)
+ EVP_PKEY_free(skey);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/smime/smsign2.c b/openssl/demos/smime/smsign2.c
new file mode 100644
index 000000000..ff835c568
--- /dev/null
+++ b/openssl/demos/smime/smsign2.c
@@ -0,0 +1,107 @@
+/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL;
+ X509 *scert = NULL, *scert2 = NULL;
+ EVP_PKEY *skey = NULL, *skey2 = NULL;
+ PKCS7 *p7 = NULL;
+ int ret = 1;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ tbio = BIO_new_file("signer.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ scert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ BIO_reset(tbio);
+
+ skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+ BIO_free(tbio);
+
+ tbio = BIO_new_file("signer2.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ BIO_reset(tbio);
+
+ skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL);
+
+ if (!scert2 || !skey2)
+ goto err;
+
+ in = BIO_new_file("sign.txt", "r");
+
+ if (!in)
+ goto err;
+
+ p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM|PKCS7_PARTIAL);
+
+ if (!p7)
+ goto err;
+
+ /* Add each signer in turn */
+
+ if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0))
+ goto err;
+
+ if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0))
+ goto err;
+
+ out = BIO_new_file("smout.txt", "w");
+ if (!out)
+ goto err;
+
+ /* NB: content included and finalized by SMIME_write_PKCS7 */
+
+ if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM))
+ goto err;
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Signing Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (p7)
+ PKCS7_free(p7);
+
+ if (scert)
+ X509_free(scert);
+ if (skey)
+ EVP_PKEY_free(skey);
+
+ if (scert2)
+ X509_free(scert2);
+ if (skey)
+ EVP_PKEY_free(skey2);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
+
+
+
+
diff --git a/openssl/demos/smime/smver.c b/openssl/demos/smime/smver.c
new file mode 100644
index 000000000..9d360c273
--- /dev/null
+++ b/openssl/demos/smime/smver.c
@@ -0,0 +1,87 @@
+/* Simple S/MIME verification example */
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
+ X509_STORE *st = NULL;
+ X509 *cacert = NULL;
+ PKCS7 *p7 = NULL;
+
+ int ret = 1;
+
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Set up trusted CA certificate store */
+
+ st = X509_STORE_new();
+
+ /* Read in signer certificate and private key */
+ tbio = BIO_new_file("cacert.pem", "r");
+
+ if (!tbio)
+ goto err;
+
+ cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL);
+
+ if (!cacert)
+ goto err;
+
+ if (!X509_STORE_add_cert(st, cacert))
+ goto err;
+
+ /* Open content being signed */
+
+ in = BIO_new_file("smout.txt", "r");
+
+ if (!in)
+ goto err;
+
+ /* Sign content */
+ p7 = SMIME_read_PKCS7(in, &cont);
+
+ if (!p7)
+ goto err;
+
+ /* File to output verified content to */
+ out = BIO_new_file("smver.txt", "w");
+ if (!out)
+ goto err;
+
+ if (!PKCS7_verify(p7, NULL, st, cont, out, 0))
+ {
+ fprintf(stderr, "Verification Failure\n");
+ goto err;
+ }
+
+ fprintf(stderr, "Verification Successful\n");
+
+ ret = 0;
+
+ err:
+
+ if (ret)
+ {
+ fprintf(stderr, "Error Verifying Data\n");
+ ERR_print_errors_fp(stderr);
+ }
+
+ if (p7)
+ PKCS7_free(p7);
+
+ if (cacert)
+ X509_free(cacert);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (tbio)
+ BIO_free(tbio);
+
+ return ret;
+
+ }
diff --git a/openssl/demos/tunala/autoungunk.sh b/openssl/demos/tunala/autoungunk.sh
index 0c9123b6c..21790880d 100644
--- a/openssl/demos/tunala/autoungunk.sh
+++ b/openssl/demos/tunala/autoungunk.sh
@@ -15,4 +15,5 @@ fi
rm -f aclocal.m4 config.* configure install-sh \
missing mkinstalldirs stamp-h.* Makefile.in \
- ltconfig ltmain.sh
+ ltconfig ltmain.sh depcomp
+rm -rf autom4te.cache
diff --git a/openssl/demos/tunala/cb.c b/openssl/demos/tunala/cb.c
index e64983896..f6e452ae9 100644
--- a/openssl/demos/tunala/cb.c
+++ b/openssl/demos/tunala/cb.c
@@ -134,8 +134,27 @@ RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength)
/* TODO: Perhaps make it so our global key can be generated on-the-fly
* after certain intervals? */
static RSA *rsa_tmp = NULL;
- if(!rsa_tmp)
- rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
+ BIGNUM *bn = NULL;
+ int ok = 1;
+ if(!rsa_tmp) {
+ ok = 0;
+ if(!(bn = BN_new()))
+ goto end;
+ if(!BN_set_word(bn, RSA_F4))
+ goto end;
+ if(!(rsa_tmp = RSA_new()))
+ goto end;
+ if(!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
+ goto end;
+ ok = 1;
+ }
+end:
+ if(bn)
+ BN_free(bn);
+ if(!ok) {
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
return rsa_tmp;
}
diff --git a/openssl/demos/tunala/tunala.c b/openssl/demos/tunala/tunala.c
index e918cba2c..ec49d3e94 100644
--- a/openssl/demos/tunala/tunala.c
+++ b/openssl/demos/tunala/tunala.c
@@ -697,9 +697,11 @@ static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file, const char *dh_special)
abort();
fprintf(stderr, "Info, generating DH parameters ... ");
fflush(stderr);
- if((dh = DH_generate_parameters(512, DH_GENERATOR_5,
- NULL, NULL)) == NULL) {
+ if(!(dh = DH_new()) || !DH_generate_parameters_ex(dh, 512,
+ DH_GENERATOR_5, NULL)) {
fprintf(stderr, "error!\n");
+ if(dh)
+ DH_free(dh);
return 0;
}
fprintf(stderr, "complete\n");
@@ -733,7 +735,7 @@ static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
unsigned int verify_depth)
{
SSL_CTX *ctx = NULL, *ret = NULL;
- SSL_METHOD *meth;
+ const SSL_METHOD *meth;
ENGINE *e = NULL;
OpenSSL_add_ssl_algorithms();
diff --git a/openssl/demos/x509/mkcert.c b/openssl/demos/x509/mkcert.c
index c5e67b8e2..6a52e5d0f 100644
--- a/openssl/demos/x509/mkcert.c
+++ b/openssl/demos/x509/mkcert.c
@@ -136,7 +136,7 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
}
#endif
- if (!X509_sign(x,pk,EVP_md5()))
+ if (!X509_sign(x,pk,EVP_sha1()))
goto err;
*x509p=x;
diff --git a/openssl/demos/x509/mkreq.c b/openssl/demos/x509/mkreq.c
index 3dfc65f16..d17e4ade9 100644
--- a/openssl/demos/x509/mkreq.c
+++ b/openssl/demos/x509/mkreq.c
@@ -134,7 +134,7 @@ int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days)
#endif
- if (!X509_REQ_sign(x,pk,EVP_md5()))
+ if (!X509_REQ_sign(x,pk,EVP_sha1()))
goto err;
*req=x;