From e965ea2e32d467e6937f206c96270cabd381df6e Mon Sep 17 00:00:00 2001 From: Christian Beer Date: Mon, 27 Jun 2016 18:26:27 +0200 Subject: [PATCH 1/5] Lib: build against openSSL 1.1.0 The upcoming OpenSSL version introduces some API changes (https://wiki.openssl.org/index.php/1.1_API_Changes). In BOINC mainly code related to RSA keys is affected for now. Contributed by: Gianfranco Costamagna --- lib/crypt.cpp | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++- lib/crypt.h | 5 +++ lib/crypt_prog.cpp | 12 ++++++ 3 files changed, 131 insertions(+), 1 deletion(-) diff --git a/lib/crypt.cpp b/lib/crypt.cpp index 192bbc2..cd6f04a 100644 --- a/lib/crypt.cpp +++ b/lib/crypt.cpp @@ -453,7 +453,7 @@ int read_key_file(const char* keyfile, R_RSA_PRIVATE_KEY& key) { return 0; } -static void bn_to_bin(BIGNUM* bn, unsigned char* bin, int n) { +static void bn_to_bin(const BIGNUM* bn, unsigned char* bin, int n) { memset(bin, 0, n); int m = BN_num_bytes(bn); BN_bn2bin(bn, bin+n-m); @@ -463,11 +463,38 @@ void openssl_to_keys( RSA* rp, int nbits, R_RSA_PRIVATE_KEY& priv, R_RSA_PUBLIC_KEY& pub ) { pub.bits = nbits; +#ifdef HAVE_OPAQUE_RSA_DSA_DH + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + RSA_get0_key(rp, &n, &e, &d); + RSA_get0_factors(rp, &p, &q); + RSA_get0_crt_params(rp, &dmp1, &dmq1, &iqmp); + + bn_to_bin(n, pub.modulus, sizeof(pub.modulus)); + bn_to_bin(e, pub.exponent, sizeof(pub.exponent)); +#else bn_to_bin(rp->n, pub.modulus, sizeof(pub.modulus)); bn_to_bin(rp->e, pub.exponent, sizeof(pub.exponent)); +#endif memset(&priv, 0, sizeof(priv)); priv.bits = nbits; +#ifdef HAVE_OPAQUE_RSA_DSA_DH + bn_to_bin(n, priv.modulus, sizeof(priv.modulus)); + bn_to_bin(e, priv.publicExponent, sizeof(priv.publicExponent)); + bn_to_bin(d, priv.exponent, sizeof(priv.exponent)); + bn_to_bin(p, priv.prime[0], sizeof(priv.prime[0])); + bn_to_bin(q, priv.prime[1], sizeof(priv.prime[1])); + bn_to_bin(dmp1, priv.primeExponent[0], sizeof(priv.primeExponent[0])); + bn_to_bin(dmq1, priv.primeExponent[1], sizeof(priv.primeExponent[1])); + bn_to_bin(iqmp, priv.coefficient, sizeof(priv.coefficient)); +#else bn_to_bin(rp->n, priv.modulus, sizeof(priv.modulus)); bn_to_bin(rp->e, priv.publicExponent, sizeof(priv.publicExponent)); bn_to_bin(rp->d, priv.exponent, sizeof(priv.exponent)); @@ -476,9 +503,32 @@ void openssl_to_keys( bn_to_bin(rp->dmp1, priv.primeExponent[0], sizeof(priv.primeExponent[0])); bn_to_bin(rp->dmq1, priv.primeExponent[1], sizeof(priv.primeExponent[1])); bn_to_bin(rp->iqmp, priv.coefficient, sizeof(priv.coefficient)); +#endif } void private_to_openssl(R_RSA_PRIVATE_KEY& priv, RSA* rp) { +#ifdef HAVE_OPAQUE_RSA_DSA_DH + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + + n = BN_bin2bn(priv.modulus, sizeof(priv.modulus), 0); + e = BN_bin2bn(priv.publicExponent, sizeof(priv.publicExponent), 0); + d = BN_bin2bn(priv.exponent, sizeof(priv.exponent), 0); + p = BN_bin2bn(priv.prime[0], sizeof(priv.prime[0]), 0); + q = BN_bin2bn(priv.prime[1], sizeof(priv.prime[1]), 0); + dmp1 = BN_bin2bn(priv.primeExponent[0], sizeof(priv.primeExponent[0]), 0); + dmq1 = BN_bin2bn(priv.primeExponent[1], sizeof(priv.primeExponent[1]), 0); + iqmp = BN_bin2bn(priv.coefficient, sizeof(priv.coefficient), 0); + RSA_set0_key(rp, n, e, d); + RSA_set0_factors(rp, p, q); + RSA_set0_crt_params(rp, dmp1, dmq1, iqmp); +#else rp->n = BN_bin2bn(priv.modulus, sizeof(priv.modulus), 0); rp->e = BN_bin2bn(priv.publicExponent, sizeof(priv.publicExponent), 0); rp->d = BN_bin2bn(priv.exponent, sizeof(priv.exponent), 0); @@ -487,11 +537,22 @@ void private_to_openssl(R_RSA_PRIVATE_KEY& priv, RSA* rp) { rp->dmp1 = BN_bin2bn(priv.primeExponent[0], sizeof(priv.primeExponent[0]), 0); rp->dmq1 = BN_bin2bn(priv.primeExponent[1], sizeof(priv.primeExponent[1]), 0); rp->iqmp = BN_bin2bn(priv.coefficient, sizeof(priv.coefficient), 0); +#endif } void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) { +#ifdef HAVE_OPAQUE_RSA_DSA_DH + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0); + e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0); + // d??? FIXME + RSA_set0_key(rp, n, e, d); +#else rp->n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0); rp->e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0); +#endif } static int _bn2bin(BIGNUM *from, unsigned char *to, int max) { @@ -507,6 +568,38 @@ static int _bn2bin(BIGNUM *from, unsigned char *to, int max) { } int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) { +#ifdef HAVE_OPAQUE_RSA_DSA_DH + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + + RSA_get0_key(from, &n, &e, &d); + RSA_get0_factors(from, &p, &q); + RSA_get0_crt_params(from, &dmp1, &dmq1, &iqmp); + + to->bits = BN_num_bits(n); + if (!_bn2bin(n,to->modulus,MAX_RSA_MODULUS_LEN)) + return(0); + if (!_bn2bin(e,to->publicExponent,MAX_RSA_MODULUS_LEN)) + return(0); + if (!_bn2bin(d,to->exponent,MAX_RSA_MODULUS_LEN)) + return(0); + if (!_bn2bin(p,to->prime[0],MAX_RSA_PRIME_LEN)) + return(0); + if (!_bn2bin(q,to->prime[1],MAX_RSA_PRIME_LEN)) + return(0); + if (!_bn2bin(dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN)) + return(0); + if (!_bn2bin(dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN)) + return(0); + if (!_bn2bin(iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) + return(0); +#else to->bits = BN_num_bits(from->n); if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0); @@ -524,6 +617,7 @@ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) { return(0); if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) return(0); +#endif return 1; } @@ -569,7 +663,11 @@ int check_validity_of_cert( BIO_vfree(bio); return 0; } +#ifdef HAVE_OPAQUE_EVP_PKEY + if (EVP_PKEY_id(pubKey) == EVP_PKEY_RSA) { +#else if (pubKey->type == EVP_PKEY_RSA) { +#endif BN_CTX *c = BN_CTX_new(); if (!c) { X509_free(cert); @@ -577,18 +675,33 @@ int check_validity_of_cert( BIO_vfree(bio); return 0; } +#ifdef HAVE_OPAQUE_RSA_DSA_DH + RSA *rsa; + rsa = EVP_PKEY_get0_RSA(pubKey); + if (!RSA_blinding_on(rsa, c)) { +#else if (!RSA_blinding_on(pubKey->pkey.rsa, c)) { +#endif X509_free(cert); EVP_PKEY_free(pubKey); BIO_vfree(bio); BN_CTX_free(c); return 0; } +#ifdef HAVE_OPAQUE_RSA_DSA_DH + retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, rsa); + RSA_blinding_off(rsa); +#else retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa); RSA_blinding_off(pubKey->pkey.rsa); +#endif BN_CTX_free(c); } +#ifdef HAVE_OPAQUE_EVP_PKEY + if (EVP_PKEY_id(pubKey) == EVP_PKEY_DSA) { +#else if (pubKey->type == EVP_PKEY_DSA) { +#endif fprintf(stderr, "%s: ERROR: DSA keys are not supported.\n", time_to_string(dtime()) diff --git a/lib/crypt.h b/lib/crypt.h index 022bd2a..33c62a8 100644 --- a/lib/crypt.h +++ b/lib/crypt.h @@ -26,6 +26,11 @@ #include +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* OpenSSL 1.1.0+ */ +#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */ +#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ +#endif + #define MAX_RSA_MODULUS_BITS 1024 #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8) #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2) diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp index 2a1eb5d..3bc2d53 100644 --- a/lib/crypt_prog.cpp +++ b/lib/crypt_prog.cpp @@ -125,7 +125,11 @@ int main(int argc, char** argv) { unsigned char signature_buf[256], buf[256], buf2[256]; FILE *f, *fpriv, *fpub; char cbuf[256]; +#ifdef HAVE_OPAQUE_RSA_DSA_DH + RSA *rsa_key; +#else RSA rsa_key; +#endif RSA *rsa_key_; BIO *bio_out=NULL; BIO *bio_err=NULL; @@ -330,7 +334,11 @@ int main(int argc, char** argv) { retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); fclose(fpriv); if (retval) die("scan_key_hex\n"); +#ifdef HAVE_OPAQUE_RSA_DSA_DH + private_to_openssl(private_key, rsa_key); +#else private_to_openssl(private_key, &rsa_key); +#endif //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key, // enc, NULL, 0, pass_cb, NULL); @@ -340,7 +348,11 @@ int main(int argc, char** argv) { // NULL, NULL, 0, pass_cb, NULL); fpriv = fopen(argv[5], "w+"); if (!fpriv) die("fopen"); +#ifdef HAVE_OPAQUE_RSA_DSA_DH + PEM_write_RSAPrivateKey(fpriv, rsa_key, NULL, NULL, 0, 0, NULL); +#else PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL); +#endif fclose(fpriv); //if (i == 0) { // ERR_print_errors(bio_err); diff --git a/lib/crypt.cpp b/lib/crypt.cpp index cd6f04a..30db6d8 100644 --- a/lib/crypt.cpp +++ b/lib/crypt.cpp @@ -464,14 +464,14 @@ void openssl_to_keys( ) { pub.bits = nbits; #ifdef HAVE_OPAQUE_RSA_DSA_DH - BIGNUM *n; - BIGNUM *e; - BIGNUM *d; - BIGNUM *p; - BIGNUM *q; - BIGNUM *dmp1; - BIGNUM *dmq1; - BIGNUM *iqmp; + const BIGNUM *n; + const BIGNUM *e; + const BIGNUM *d; + const BIGNUM *p; + const BIGNUM *q; + const BIGNUM *dmp1; + const BIGNUM *dmq1; + const BIGNUM *iqmp; RSA_get0_key(rp, &n, &e, &d); RSA_get0_factors(rp, &p, &q); RSA_get0_crt_params(rp, &dmp1, &dmq1, &iqmp); @@ -544,18 +544,16 @@ void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) { #ifdef HAVE_OPAQUE_RSA_DSA_DH BIGNUM *n; BIGNUM *e; - BIGNUM *d; n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0); e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0); - // d??? FIXME - RSA_set0_key(rp, n, e, d); + RSA_set0_key(rp, n, e, NULL); #else rp->n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0); rp->e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0); #endif } -static int _bn2bin(BIGNUM *from, unsigned char *to, int max) { +static int _bn2bin(const BIGNUM *from, unsigned char *to, int max) { int i; i=BN_num_bytes(from); if (i > max) { @@ -569,14 +567,14 @@ static int _bn2bin(BIGNUM *from, unsigned char *to, int max) { int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) { #ifdef HAVE_OPAQUE_RSA_DSA_DH - BIGNUM *n; - BIGNUM *e; - BIGNUM *d; - BIGNUM *p; - BIGNUM *q; - BIGNUM *dmp1; - BIGNUM *dmq1; - BIGNUM *iqmp; + const BIGNUM *n; + const BIGNUM *e; + const BIGNUM *d; + const BIGNUM *p; + const BIGNUM *q; + const BIGNUM *dmp1; + const BIGNUM *dmq1; + const BIGNUM *iqmp; RSA_get0_key(from, &n, &e, &d); RSA_get0_factors(from, &p, &q); diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp index 3bc2d53..88d9f2d 100644 --- a/lib/crypt_prog.cpp +++ b/lib/crypt_prog.cpp @@ -126,7 +126,7 @@ int main(int argc, char** argv) { FILE *f, *fpriv, *fpub; char cbuf[256]; #ifdef HAVE_OPAQUE_RSA_DSA_DH - RSA *rsa_key; + RSA *rsa_key = RSA_new(); #else RSA rsa_key; #endif @@ -136,6 +136,7 @@ int main(int argc, char** argv) { char *certpath; bool b2o=false; // boinc key to openssl key ? bool kpriv=false; // private key ? + BIGNUM *e; if (argc == 1) { usage(); @@ -150,7 +151,16 @@ int main(int argc, char** argv) { n = atoi(argv[2]); srand(random_int()); - RSA* rp = RSA_generate_key(n, 65537, 0, 0); + e = BN_new(); + retval = BN_set_word(e, (unsigned long)65537); + if (retval != 1) { + die("BN_set_word"); + } + RSA *rp = RSA_new(); + retval = RSA_generate_key_ex(rp, n, e, NULL); + if (retval != 1) { + die("RSA_generate_key_ex"); + } openssl_to_keys(rp, n, private_key, public_key); fpriv = fopen(argv[3], "w"); if (!fpriv) die("fopen"); diff --git a/lib/crypt.cpp b/lib/crypt.cpp index 30db6d8..cb1f49c 100644 --- a/lib/crypt.cpp +++ b/lib/crypt.cpp @@ -554,15 +554,15 @@ void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) { } static int _bn2bin(const BIGNUM *from, unsigned char *to, int max) { - int i; - i=BN_num_bytes(from); - if (i > max) { - return(0); - } - memset(to,0,(unsigned int)max); - if (!BN_bn2bin(from,&(to[max-i]))) - return(0); - return(1); + int i; + i=BN_num_bytes(from); + if (i > max) { + return(0); + } + memset(to,0,(unsigned int)max); + if (!BN_bn2bin(from,&(to[max-i]))) + return(0); + return(1); } int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) { @@ -598,23 +598,23 @@ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) { if (!_bn2bin(iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) return(0); #else - to->bits = BN_num_bits(from->n); - if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) - return(0); - if (!_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN)) - return(0); - if (!_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN)) - return(0); - if (!_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN)) - return(0); - if (!_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN)) - return(0); - if (!_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN)) - return(0); - if (!_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN)) - return(0); - if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) - return(0); + to->bits = BN_num_bits(from->n); + if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) + return(0); + if (!_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN)) + return(0); + if (!_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN)) + return(0); + if (!_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN)) + return(0); + if (!_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN)) + return(0); + if (!_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN)) + return(0); + if (!_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN)) + return(0); + if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) + return(0); #endif return 1; } @@ -634,8 +634,8 @@ int check_validity_of_cert( bio = BIO_new(BIO_s_file()); BIO_read_filename(bio, cFile); if (NULL == (cert = PEM_read_bio_X509(bio, NULL, 0, NULL))) { - BIO_vfree(bio); - return 0; + BIO_vfree(bio); + return 0; } // verify certificate store = X509_STORE_new(); @@ -668,32 +668,32 @@ int check_validity_of_cert( #endif BN_CTX *c = BN_CTX_new(); if (!c) { - X509_free(cert); - EVP_PKEY_free(pubKey); - BIO_vfree(bio); - return 0; - } + X509_free(cert); + EVP_PKEY_free(pubKey); + BIO_vfree(bio); + return 0; + } #ifdef HAVE_OPAQUE_RSA_DSA_DH RSA *rsa; rsa = EVP_PKEY_get0_RSA(pubKey); if (!RSA_blinding_on(rsa, c)) { #else - if (!RSA_blinding_on(pubKey->pkey.rsa, c)) { + if (!RSA_blinding_on(pubKey->pkey.rsa, c)) { #endif - X509_free(cert); - EVP_PKEY_free(pubKey); - BIO_vfree(bio); - BN_CTX_free(c); - return 0; - } + X509_free(cert); + EVP_PKEY_free(pubKey); + BIO_vfree(bio); + BN_CTX_free(c); + return 0; + } #ifdef HAVE_OPAQUE_RSA_DSA_DH retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, rsa); RSA_blinding_off(rsa); #else - retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa); - RSA_blinding_off(pubKey->pkey.rsa); + retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa); + RSA_blinding_off(pubKey->pkey.rsa); #endif - BN_CTX_free(c); + BN_CTX_free(c); } #ifdef HAVE_OPAQUE_EVP_PKEY if (EVP_PKEY_id(pubKey) == EVP_PKEY_DSA) { @@ -730,7 +730,7 @@ char *check_validity( if (!of) return NULL; MD5_Init(&md5CTX); while (0 != (rbytes = (int)fread(rbuf, 1, sizeof(rbuf), of))) { - MD5_Update(&md5CTX, rbuf, rbytes); + MD5_Update(&md5CTX, rbuf, rbytes); } MD5_Final(md5_md, &md5CTX); fclose(of); @@ -740,12 +740,12 @@ char *check_validity( char file[MAXPATHLEN]; while (!dir_scan(file, dir, sizeof(file))) { char fpath[MAXPATHLEN]; - snprintf(fpath, sizeof(fpath), "%s/%s", certPath, file); + snprintf(fpath, sizeof(fpath), "%s/%s", certPath, file); // TODO : replace '128' - if (check_validity_of_cert(fpath, md5_md, signature, 128, caPath)) { - dir_close(dir); - return strdup(fpath); - } + if (check_validity_of_cert(fpath, md5_md, signature, 128, caPath)) { + dir_close(dir); + return strdup(fpath); + } } dir_close(dir); @@ -778,7 +778,7 @@ int cert_verify_file( if (!of) return false; MD5_Init(&md5CTX); while (0 != (rbytes = (int)fread(rbuf, 1, sizeof(rbuf), of))) { - MD5_Update(&md5CTX, rbuf, rbytes); + MD5_Update(&md5CTX, rbuf, rbytes); } MD5_Final(md5_md, &md5CTX); fclose(of); @@ -805,10 +805,10 @@ int cert_verify_file( bio = BIO_new(BIO_s_file()); BIO_read_filename(bio, fbuf); if (NULL == (cert = PEM_read_bio_X509(bio, NULL, 0, NULL))) { - BIO_vfree(bio); + BIO_vfree(bio); printf("Cannot read certificate ('%s')\n", fbuf); file_counter++; - continue; + continue; } fflush(stdout); subj = X509_get_subject_name(cert); @@ -816,7 +816,7 @@ int cert_verify_file( // ??? //X509_NAME_free(subj); X509_free(cert); - BIO_vfree(bio); + BIO_vfree(bio); if (strcmp(buf, signatures->signatures.at(i).subject)) { printf("Subject does not match ('%s' <-> '%s')\n", buf, signatures->signatures.at(i).subject); file_counter++; diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp index 88d9f2d..7174afc 100644 --- a/lib/crypt_prog.cpp +++ b/lib/crypt_prog.cpp @@ -62,23 +62,23 @@ void die(const char* p) { void usage() { fprintf(stderr, - "Usage: crypt_prog options\n\n" - "Options:\n\n" - "-genkey n private_keyfile public_keyfile\n" - " create an n-bit key pair\n" - "-sign file private_keyfile\n" - " create a signature for a given file, write to stdout\n" - "-sign_string string private_keyfile\n" - " create a signature for a given string\n" - "-verify file signature_file public_keyfile\n" - " verify a signature\n" - "-test_crypt private_keyfile public_keyfile\n" - " test encrypt/decrypt functions\n" - "-conkey o2b/b20 priv/pub input_file output_file\n" - " convert keys between BOINC and OpenSSL format\n" - "-cert_verify file signature certificate_dir\n" - " verify a signature using a directory of certificates\n" - ); + "Usage: crypt_prog options\n\n" + "Options:\n\n" + "-genkey n private_keyfile public_keyfile\n" + " create an n-bit key pair\n" + "-sign file private_keyfile\n" + " create a signature for a given file, write to stdout\n" + "-sign_string string private_keyfile\n" + " create a signature for a given string\n" + "-verify file signature_file public_keyfile\n" + " verify a signature\n" + "-test_crypt private_keyfile public_keyfile\n" + " test encrypt/decrypt functions\n" + "-conkey o2b/b20 priv/pub input_file output_file\n" + " convert keys between BOINC and OpenSSL format\n" + "-cert_verify file signature certificate_dir\n" + " verify a signature using a directory of certificates\n" + ); } unsigned int random_int() { @@ -93,7 +93,7 @@ unsigned int random_int() { die("Can't load ADVAPI32.DLL"); } BOOLEAN (APIENTRY *pfn)(void*, ULONG) = - (BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(hLib,"SystemFunction036"); + (BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(hLib,"SystemFunction036"); if (pfn) { char buff[32]; ULONG ulCbBuff = sizeof(buff); @@ -131,7 +131,7 @@ int main(int argc, char** argv) { RSA rsa_key; #endif RSA *rsa_key_; - BIO *bio_out=NULL; + BIO *bio_out=NULL; BIO *bio_err=NULL; char *certpath; bool b2o=false; // boinc key to openssl key ? @@ -214,8 +214,8 @@ int main(int argc, char** argv) { retval = md5_file(argv[2], md5_buf, size); if (retval) die("md5_file"); retval = check_file_signature( - md5_buf, public_key, signature, is_valid - ); + md5_buf, public_key, signature, is_valid + ); if (retval) die("check_file_signature"); if (is_valid) { printf("file is valid\n"); @@ -262,9 +262,9 @@ int main(int argc, char** argv) { printf("siganture verified using certificate '%s'.\n\n", certpath); free(certpath); } - // this converts, but an executable signed with sign_executable, - // and signature converted to OpenSSL format cannot be verified with - // OpenSSL + // this converts, but an executable signed with sign_executable, + // and signature converted to OpenSSL format cannot be verified with + // OpenSSL } else if (!strcmp(argv[1], "-convsig")) { if (argc < 5) { usage(); @@ -320,18 +320,18 @@ int main(int argc, char** argv) { die("either 'pub' or 'priv' must be defined for -convkey\n"); } OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - ENGINE_load_builtin_engines(); - if (bio_err == NULL) { - bio_err = BIO_new_fp(stdout, BIO_NOCLOSE); + ERR_load_crypto_strings(); + ENGINE_load_builtin_engines(); + if (bio_err == NULL) { + bio_err = BIO_new_fp(stdout, BIO_NOCLOSE); } //enc=EVP_get_cipherbyname("des"); //if (enc == NULL) // die("could not get cypher.\n"); // no encription yet. bio_out=BIO_new(BIO_s_file()); - if (BIO_write_filename(bio_out,argv[5]) <= 0) { - perror(argv[5]); + if (BIO_write_filename(bio_out,argv[5]) <= 0) { + perror(argv[5]); die("could not create output file.\n"); } if (b2o) { @@ -351,11 +351,11 @@ int main(int argc, char** argv) { #endif //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key, - // enc, NULL, 0, pass_cb, NULL); - // no encryption yet. - + // enc, NULL, 0, pass_cb, NULL); + // no encryption yet. + //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key, - // NULL, NULL, 0, pass_cb, NULL); + // NULL, NULL, 0, pass_cb, NULL); fpriv = fopen(argv[5], "w+"); if (!fpriv) die("fopen"); #ifdef HAVE_OPAQUE_RSA_DSA_DH @@ -364,10 +364,10 @@ int main(int argc, char** argv) { PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL); #endif fclose(fpriv); - //if (i == 0) { + //if (i == 0) { // ERR_print_errors(bio_err); // die("could not write key file.\n"); - //} + //} } else { fpub = fopen(argv[4], "r"); if (!fpub) { @@ -381,11 +381,11 @@ int main(int argc, char** argv) { die("fopen"); } public_to_openssl(public_key, rsa_key_); - i = PEM_write_RSA_PUBKEY(fpub, rsa_key_); - if (i == 0) { + i = PEM_write_RSA_PUBKEY(fpub, rsa_key_); + if (i == 0) { ERR_print_errors(bio_err); die("could not write key file.\n"); - } + } fclose(fpub); } } else { diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp index 7174afc..8cfffc2 100644 --- a/lib/crypt_prog.cpp +++ b/lib/crypt_prog.cpp @@ -74,7 +74,7 @@ void usage() { " verify a signature\n" "-test_crypt private_keyfile public_keyfile\n" " test encrypt/decrypt functions\n" - "-conkey o2b/b20 priv/pub input_file output_file\n" + "-convkey o2b/b2o priv/pub input_file output_file\n" " convert keys between BOINC and OpenSSL format\n" "-cert_verify file signature certificate_dir\n" " verify a signature using a directory of certificates\n"