Attached is a patch to use BSAFE with openssl-0.9.3a.
It is an adaptation of Gordon Chaffee's BSAFE patch for SSLeay-0.9.0.
See http://bmrc.berkeley.edu/people/chaffee/ssleay/ssleay.html
To apply the patch do : patch -p0 < patch_filename
The patch has been tested on Linux.
Madhu
diff -Naur openssl-0.9.3a/Makefile.ssl openssl-0.9.3a-patch/Makefile.ssl
--- openssl-0.9.3a/Makefile.ssl Sat May 29 14:17:07 1999
+++ openssl-0.9.3a-patch/Makefile.ssl Thu Jan 13 09:56:29 2000
@@ -5,7 +5,7 @@
VERSION=0.9.3a
MAJOR=0
MINOR=9.3
-PLATFORM=dist
+PLATFORM=linux-elf
OPTIONS=
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
@@ -16,6 +16,7 @@
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
+# BSAFE - Define if we are to link with BSAFE.
# RSAref - Define if we are to link with RSAref.
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
@@ -47,18 +48,18 @@
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
-CC= cc
+CC= gcc
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
-DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-CFLAG= -O
+CFLAG= -DBSAFE -DNO_IDEA -DTHREADS -D_REENTRANT -DL_ENDIAN -DTERMIO -O3
+-fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
DEPFLAG=
-PEX_LIBS= -L. -L.. -L../.. -L../../..
+PEX_LIBS= -L. -L.. -L../.. -L../../.. -L../../bsafe/lib
EX_LIBS=
AR=ar r
RANLIB= /usr/bin/ranlib
-PERL= /usr/bin/perl5
+PERL= /usr/bin/perl
# Set BN_ASM to bn_asm.o if you want to use the C version
-BN_ASM= bn_asm.o
+BN_ASM= asm/bn86-elf.o asm/co86-elf.o
#BN_ASM= bn_asm.o
#BN_ASM= asm/bn86-elf.o # elf, linux-elf
#BN_ASM= asm/bn86-sol.o # solaris
@@ -78,7 +79,7 @@
# Set DES_ENC to des_enc.o if you want to use the C version
#There are 4 x86 assember options.
-DES_ENC= des_enc.o fcrypt_b.o
+DES_ENC= asm/dx86-elf.o asm/yx86-elf.o
#DES_ENC= des_enc.o fcrypt_b.o # C
#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
@@ -87,7 +88,7 @@
# Set BF_ENC to bf_enc.o if you want to use the C version
#There are 4 x86 assember options.
-BF_ENC= bf_enc.o
+BF_ENC= asm/bx86-elf.o
#BF_ENC= bf_enc.o
#BF_ENC= asm/bx86-elf.o # elf
#BF_ENC= asm/bx86-sol.o # solaris
@@ -96,7 +97,7 @@
# Set CAST_ENC to c_enc.o if you want to use the C version
#There are 4 x86 assember options.
-CAST_ENC= c_enc.o
+CAST_ENC= asm/cx86-elf.o
#CAST_ENC= c_enc.o
#CAST_ENC= asm/cx86-elf.o # elf
#CAST_ENC= asm/cx86-sol.o # solaris
@@ -105,7 +106,7 @@
# Set RC4_ENC to rc4_enc.o if you want to use the C version
#There are 4 x86 assember options.
-RC4_ENC= rc4_enc.o
+RC4_ENC= asm/rx86-elf.o
#RC4_ENC= rc4_enc.o
#RC4_ENC= asm/rx86-elf.o # elf
#RC4_ENC= asm/rx86-sol.o # solaris
@@ -114,7 +115,7 @@
# Set RC5_ENC to rc5_enc.o if you want to use the C version
#There are 4 x86 assember options.
-RC5_ENC= rc5_enc.o
+RC5_ENC= asm/r586-elf.o
#RC5_ENC= rc5_enc.o
#RC5_ENC= asm/r586-elf.o # elf
#RC5_ENC= asm/r586-sol.o # solaris
@@ -122,21 +123,21 @@
#RC5_ENC= asm/r586bsdi.o # bsdi
# Also need MD5_ASM defined
-MD5_ASM_OBJ=
+MD5_ASM_OBJ= asm/mx86-elf.o
#MD5_ASM_OBJ= asm/mx86-elf.o # elf
#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
# Also need SHA1_ASM defined
-SHA1_ASM_OBJ=
+SHA1_ASM_OBJ= asm/sx86-elf.o
#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
# Also need RMD160_ASM defined
-RMD160_ASM_OBJ=
+RMD160_ASM_OBJ= asm/rm86-elf.o
#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
@@ -148,10 +149,11 @@
# dirs in crypto to build
SDIRS= \
md2 md5 sha mdc2 hmac ripemd \
- des rc2 rc4 rc5 idea bf cast \
+ des rc2 rc4 rc5 bf cast \
bn rsa dsa dh \
buffer bio stack lhash rand err objects \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp \
+ bsafe
MAKEFILE= Makefile.ssl
MAKE= make -f Makefile.ssl
diff -Naur openssl-0.9.3a/apps/Makefile.ssl openssl-0.9.3a-patch/apps/Makefile.ssl
--- openssl-0.9.3a/apps/Makefile.ssl Sun May 23 12:36:09 1999
+++ openssl-0.9.3a-patch/apps/Makefile.ssl Thu Jan 13 10:01:01 2000
@@ -15,16 +15,16 @@
MAKEFILE= Makefile.ssl
RM= rm -f
-PEX_LIBS=
+PEX_LIBS=$(PEX_LIBS)
EX_LIBS=
CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
GENERAL=Makefile makeapps.com install.com
-DLIBCRYPTO=../libcrypto.a
+DLIBCRYPTO=../libcrypto.a ../libBSAFEglue.a ../libbsafe.a
DLIBSSL=../libssl.a
-LIBCRYPTO=-L.. -lcrypto
+LIBCRYPTO=-lcrypto -lBSAFEglue -lbsafe -lm -lBSAFEglue -lcrypto
LIBSSL=-L.. -lssl
PROGRAM= openssl
diff -Naur openssl-0.9.3a/crypto/Makefile.ssl openssl-0.9.3a-patch/crypto/Makefile.ssl
--- openssl-0.9.3a/crypto/Makefile.ssl Sat May 29 14:13:53 1999
+++ openssl-0.9.3a-patch/crypto/Makefile.ssl Thu Jan 13 10:00:36 2000
@@ -5,8 +5,8 @@
DIR= crypto
TOP= ..
CC= cc
-INCLUDE= -I. -I../include
-INCLUDES= -I.. -I../../include
+INCLUDE= -I. -I../include
+INCLUDES= -I.. -I../../include -I../../../bsafe/include
CFLAG= -g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
@@ -26,10 +26,11 @@
LIBS=
SDIRS= md2 md5 sha mdc2 hmac ripemd \
- des rc2 rc4 rc5 idea bf cast \
+ des rc2 rc4 rc5 bf cast \
bn rsa dsa dh \
buffer bio stack lhash rand err objects \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp \
+ bsafe
GENERAL=Makefile README crypto-lib.com install.com
diff -Naur openssl-0.9.3a/crypto/asn1/Makefile.ssl
openssl-0.9.3a-patch/crypto/asn1/Makefile.ssl
--- openssl-0.9.3a/crypto/asn1/Makefile.ssl Sun May 23 12:36:10 1999
+++ openssl-0.9.3a-patch/crypto/asn1/Makefile.ssl Mon Jan 10 17:53:35 2000
@@ -5,7 +5,7 @@
DIR= asn1
TOP= ../..
CC= cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I../../include
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
@@ -34,7 +34,7 @@
p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
- f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+ f_enum.c a_hdr.c x_pkey.c x_privkey.c a_bool.c x_exten.c \
asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c \
evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
@@ -49,7 +49,7 @@
p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
- f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+ f_enum.o a_hdr.o x_pkey.o x_privkey.o a_bool.o x_exten.o \
asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o \
evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
diff -Naur openssl-0.9.3a/crypto/asn1/asn1.h openssl-0.9.3a-patch/crypto/asn1/asn1.h
--- openssl-0.9.3a/crypto/asn1/asn1.h Tue May 18 14:53:39 1999
+++ openssl-0.9.3a-patch/crypto/asn1/asn1.h Mon Jan 10 17:12:59 2000
@@ -873,6 +873,11 @@
#define ASN1_F_X509_SIG_NEW 219
#define ASN1_F_X509_VAL_FREE 220
#define ASN1_F_X509_VAL_NEW 221
+/* the values defined in G.Chaffee's patch for SSLeay-0.9.0
+ were 222 and 223. chose unused values in the 290 range
+*/
+#define ASN1_F_X509_PRIVKEY_NEW 290
+#define ASN1_F_D2I_X509_PRIVKEY 291
/* Reason codes. */
#define ASN1_R_BAD_CLASS 100
diff -Naur openssl-0.9.3a/crypto/asn1/x_privkey.c
openssl-0.9.3a-patch/crypto/asn1/x_privkey.c
--- openssl-0.9.3a/crypto/asn1/x_privkey.c Thu Jan 1 00:00:00 1970
+++ openssl-0.9.3a-patch/crypto/asn1/x_privkey.c Mon Jan 10 17:13:05 2000
@@ -0,0 +1,116 @@
+/* lib/asn1/x_privkey.c */
+/* Copyright (C) 1995 Eric Young ([EMAIL PROTECTED])
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young ([EMAIL PROTECTED]).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Eric Young ([EMAIL PROTECTED])
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+
+#ifdef BSAFE
+
+X509_PRIVKEY *X509_PRIVKEY_new(void)
+ {
+ X509_PRIVKEY *ret=NULL;
+ ASN1_CTX c;
+
+ M_ASN1_New_Malloc(ret,X509_PRIVKEY);
+ ret->type=NID_undef;
+ M_ASN1_New(ret->version,ASN1_INTEGER_new);
+ M_ASN1_New(ret->algor,X509_ALGOR_new);
+ M_ASN1_New(ret->privkey,ASN1_OCTET_STRING_new);
+ M_ASN1_New(ret->attributes,sk_new_null);
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_X509_PRIVKEY_NEW);
+ }
+
+void X509_PRIVKEY_free(X509_PRIVKEY *a)
+ {
+ if (a == NULL) return;
+ ASN1_INTEGER_free(a->version);
+ X509_ALGOR_free(a->algor);
+ ASN1_OCTET_STRING_free(a->privkey);
+ sk_pop_free(a->attributes,ASN1_STRING_free);
+ Free(a);
+ }
+
+int i2d_X509_PRIVKEY(X509_PRIVKEY *a, unsigned char **pp)
+ {
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->version, i2d_ASN1_INTEGER);
+ M_ASN1_I2D_len(a->algor, i2d_X509_ALGOR);
+ M_ASN1_I2D_len(a->privkey, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_len_IMP_SET_opt(a->attributes, i2d_X509_ATTRIBUTE,0);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put(a->version, i2d_ASN1_INTEGER);
+ M_ASN1_I2D_put(a->algor, i2d_X509_ALGOR);
+ M_ASN1_I2D_put(a->privkey, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_len_IMP_SET_opt(a->attributes, i2d_X509_ATTRIBUTE,0);
+
+ M_ASN1_I2D_finish();
+ }
+
+X509_PRIVKEY *d2i_X509_PRIVKEY(X509_PRIVKEY **a, unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,X509_PRIVKEY *,X509_PRIVKEY_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->version, d2i_ASN1_INTEGER);
+ M_ASN1_D2I_get(ret->algor, d2i_X509_ALGOR);
+ M_ASN1_D2I_get(ret->privkey, d2i_ASN1_OCTET_STRING);
+ M_ASN1_D2I_get_IMP_set_opt(ret->attributes, d2i_X509_ATTRIBUTE,
+ X509_ATTRIBUTE_free, 0);
+
+ M_ASN1_D2I_Finish(a,X509_PRIVKEY_free,ASN1_F_D2I_X509_PRIVKEY);
+ }
+#endif /* BSAFE */
diff -Naur openssl-0.9.3a/crypto/bsafe/Makefile.ssl
openssl-0.9.3a-patch/crypto/bsafe/Makefile.ssl
--- openssl-0.9.3a/crypto/bsafe/Makefile.ssl Thu Jan 1 00:00:00 1970
+++ openssl-0.9.3a-patch/crypto/bsafe/Makefile.ssl Mon Jan 10 17:50:44 2000
@@ -0,0 +1,90 @@
+#
+# SSLeay/bsafe/Makefile
+#
+
+DIR= bsafe
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE= make -f Makefile.ssl
+MAKEDEPEND= $(TOP)/util/domd $(TOP)
+MAKEFILE= Makefile.ssl
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+ERR=bsafe
+ERRC=bsaf_err
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libBSAFEglue.a
+LIBSRC= bsafe.c tstdlib.c $(ERRC).c
+LIBOBJ= bsafe.o tstdlib.o $(ERRC).o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ..; $(MAKE) DIRS=bsafe all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ ar r $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB)
+ @touch lib
+
+files:
+ perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+ /bin/rm -f Makefile
+ $(TOP)/util/point.sh Makefile.ssl Makefile
+ $(TOP)/util/mklink.sh ../include $(EXHEADER)
+ $(TOP)/util/mklink.sh ../test $(TEST)
+ $(TOP)/util/mklink.sh ../apps $(APPS)
+
+install:
+
+# @for i in $(EXHEADER) ; \
+# do \
+# (cp $$i $(INSTALLTOP)/include/$$i; \
+# chmod 644 $(INSTALLTOP)/include/$$i ) \
+# done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+ sed -e '/^# DO NOT DELETE THIS LINE/ q' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ /bin/rm -f *.o *.obj lib tags core .nfs* *.old *.bak fluff
+
+errors:
+ sed -e "/ERROR CODES/ r $(ERR).err" -e "/ERROR CODES/ q" \
+ <$(ERR).h >$(ERR).new
+ mv $(ERR).h $(ERR).old
+ mv $(ERR).new $(ERR).h
+ perl ../crypto/error/err_genc.pl $(ERR).h $(ERRC).c >$(ERRC).c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff -Naur openssl-0.9.3a/crypto/bsafe/bsaf_err.c
openssl-0.9.3a-patch/crypto/bsafe/bsaf_err.c
--- openssl-0.9.3a/crypto/bsafe/bsaf_err.c Thu Jan 1 00:00:00 1970
+++ openssl-0.9.3a-patch/crypto/bsafe/bsaf_err.c Mon Jan 10 17:13:43 2000
@@ -0,0 +1,118 @@
+/* lib/bsafe/bsafe_err.c */
+/* Copyright (C) 1995-1997 Eric Young ([EMAIL PROTECTED])
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young ([EMAIL PROTECTED]).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson ([EMAIL PROTECTED]).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young ([EMAIL PROTECTED])"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson ([EMAIL PROTECTED])"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "openssl/bn.h"
+#include "openssl/rsa.h"
+#include "openssl/x509.h"
+#include "openssl/err.h"
+#include "bsafe_glue.h"
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA BSAFE_str_functs[]=
+ {
+{ERR_PACK(0,BSAFE_F_BN_BSAFE_MOD_EXP,0), "BN_BSAFE_MOD_EXP"},
+{ERR_PACK(0,BSAFE_F_RSA_BN2BIN,0), "BSAFE_BN2BIN"},
+{ERR_PACK(0,BSAFE_F_RSA_PRIVATE_DECRYPT,0), "BSAFE_PRIVATE_DECRYPT"},
+{ERR_PACK(0,BSAFE_F_RSA_PRIVATE_ENCRYPT,0), "BSAFE_PRIVATE_ENCRYPT"},
+{ERR_PACK(0,BSAFE_F_RSA_PUBLIC_DECRYPT,0), "BSAFE_PUBLIC_DECRYPT"},
+{ERR_PACK(0,BSAFE_F_RSA_PUBLIC_ENCRYPT,0), "BSAFE_F_RSA_PUBLIC_ENCRYPT"},
+{ERR_PACK(0,BSAFE_F_PUBLIC_BSAFE_TO_EAY,0), "BSAFE_F_PUBLIC_BSAFE_TO_EAY"},
+{ERR_PACK(0,BSAFE_F_PUBLIC_EAY_TO_BSAFE,0), "BSAFE_F_PUBLIC_EAY_TO_BSAFE"},
+{ERR_PACK(0,BSAFE_F_PRIVATE_BSAFE_TO_EAY,0), "BSAFE_F_PRIVATE_BSAFE_TO_EAY"},
+{ERR_PACK(0,BSAFE_F_PRIVATE_EAY_TO_BSAFE,0), "BSAFE_F_PRIVATE_EAY_TO_BSAFE"},
+{ERR_PACK(0,BSAFE_F_BSAFE_MOD_EXP,0), "BSAFE_F_BSAFE_MOD_EXP"},
+{0,NULL},
+ };
+
+static ERR_STRING_DATA BSAFE_str_reasons[]=
+ {
+{BSAFE_R_CONTENT_ENCODING ,"content encoding"},
+{BSAFE_R_DATA ,"data"},
+{BSAFE_R_DIGEST_ALGORITHM ,"digest algorithm"},
+{BSAFE_R_ENCODING ,"encoding"},
+{BSAFE_R_ENCRYPTION_ALGORITHM ,"encryption algorithm"},
+{BSAFE_R_KEY ,"key"},
+{BSAFE_R_KEY_ENCODING ,"key encoding"},
+{BSAFE_R_LEN ,"len"},
+{BSAFE_R_MODULUS_LEN ,"modulus len"},
+{BSAFE_R_NEED_RANDOM ,"need random"},
+{BSAFE_R_PRIVATE_KEY ,"private key"},
+{BSAFE_R_PUBLIC_KEY ,"public key"},
+{BSAFE_R_SIGNATURE ,"signature"},
+{BSAFE_R_SIGNATURE_ENCODING ,"signature encoding"},
+{0,NULL},
+ };
+
+#endif
+
+void ERR_load_BSAFE_strings()
+ {
+ static int init=1;
+
+ if (init);
+ {;
+ init=0;
+#ifndef NO_ERR
+ ERR_load_strings(ERR_LIB_BSAFE,BSAFE_str_functs);
+ ERR_load_strings(ERR_LIB_BSAFE,BSAFE_str_reasons);
+#endif
+
+ }
+ }
diff -Naur openssl-0.9.3a/crypto/bsafe/bsafe.c
openssl-0.9.3a-patch/crypto/bsafe/bsafe.c
--- openssl-0.9.3a/crypto/bsafe/bsafe.c Thu Jan 1 00:00:00 1970
+++ openssl-0.9.3a-patch/crypto/bsafe/bsafe.c Mon Jan 10 17:37:15 2000
@@ -0,0 +1,584 @@
+/* bsafe/bsafe.c */
+/* Copyright (C) 1995 Eric Young ([EMAIL PROTECTED])
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young ([EMAIL PROTECTED]).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Eric Young ([EMAIL PROTECTED])
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "openssl/bn.h"
+#include "openssl/rsa.h"
+#include "openssl/x509.h"
+#include "openssl/rand.h"
+#include "openssl/objects.h"
+#include "bsafe_glue.h"
+
+/*
+ *----------------------------------------------------------------------
+ * BSAFE_Private_bsafe2eay --
+ *
+ * Convert a private key from BSAFE format to SSLeay format.
+ * The conversion may not be the most efficient, but it is
+ * the only way to do it with publically available info.
+ * I could check to see if the data is held in essentially
+ * the same format and then do a direct conversion.
+ *----------------------------------------------------------------------
+ */
+int
+BSAFE_Private_bsafe2eay(from,to)
+B_KEY_OBJ from;
+RSA **to;
+ {
+ X509_PRIVKEY *privkey=NULL;
+ ITEM *bsafeKeyBER=NULL;
+ int i;
+ int length;
+ unsigned char *p;
+
+ if ((i=B_GetKeyInfo((POINTER *)&bsafeKeyBER,
+ from,KI_PKCS_RSAPrivateBER)) != 0)
+ {
+ BSAFEerr(BSAFE_F_PRIVATE_BSAFE_TO_EAY,i);
+ goto err;
+ }
+ p=bsafeKeyBER->data;
+ length=bsafeKeyBER->len;
+
+ if (! d2i_X509_PRIVKEY(&privkey,&p,length))
+ {
+ BSAFEerr(BSAFE_F_PRIVATE_BSAFE_TO_EAY,i);
+ goto err;
+ }
+
+ p=privkey->privkey->data;
+ length=privkey->privkey->length;
+ if (! d2i_RSAPrivateKey(to,&p,length))
+ {
+ BSAFEerr(BSAFE_F_PRIVATE_BSAFE_TO_EAY,ERR_R_BSAFE_LIB);
+ goto err;
+ }
+ X509_PRIVKEY_free(privkey);
+ return 1;
+ err:
+ if (privkey != NULL) X509_PRIVKEY_free(privkey);
+ return 0;
+ }
+
+int
+BSAFE_Private_eay2bsafe(from,to)
+RSA *from;
+B_KEY_OBJ *to;
+ {
+ X509_PRIVKEY *privkey=NULL;
+ int length;
+ int i;
+ ITEM bsafeKeyBER;
+ unsigned char *p;
+
+ if (from == NULL || to == NULL) return 0;
+ privkey=X509_PRIVKEY_new();
+ if (privkey == NULL) return 0;
+ bsafeKeyBER.data=NULL;
+ ASN1_INTEGER_set(privkey->version,0);
+ ASN1_OBJECT_free(privkey->algor->algorithm);
+ privkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+ length=i2d_RSAPrivateKey(from,NULL);
+ privkey->privkey->length=length;
+ p=malloc(length);
+ if (p == NULL)
+ {
+ BSAFEerr(BSAFE_F_PRIVATE_EAY_TO_BSAFE,ERR_R_BSAFE_LIB);
+ goto err;
+ }
+ privkey->privkey->data=p;
+ i2d_RSAPrivateKey(from,&p);
+
+ length=i2d_X509_PRIVKEY(privkey,NULL);
+ bsafeKeyBER.len=length;
+ p=malloc(length);
+ if (p == NULL) goto err;
+ bsafeKeyBER.data=p;
+ i2d_X509_PRIVKEY(privkey,&p);
+
+ if (*to == NULL)
+ {
+ if ((i=B_CreateKeyObject(to)) != 0)
+ {
+ BSAFEerr(BSAFE_F_PRIVATE_EAY_TO_BSAFE,i);
+ goto err;
+ }
+ }
+ if ((i=B_SetKeyInfo(*to,KI_PKCS_RSAPrivateBER,
+ (POINTER)&bsafeKeyBER)) != 0)
+ {
+ BSAFEerr(BSAFE_F_PRIVATE_EAY_TO_BSAFE,i);
+ goto err;
+ }
+ X509_PRIVKEY_free(privkey);
+ free(bsafeKeyBER.data);
+ return(1);
+ err:
+ if (privkey != NULL) X509_PRIVKEY_free(privkey);
+ if (bsafeKeyBER.data != NULL) free(bsafeKeyBER.data);
+ return 0;
+ }
+
+int
+BSAFE_Public_bsafe2eay(from,to)
+B_KEY_OBJ from;
+RSA **to;
+ {
+ X509_PUBKEY *pubkey=NULL;
+ ITEM *bsafeKeyBER=NULL;
+ int i;
+ int length;
+ unsigned char *p;
+
+ if ((i=B_GetKeyInfo((POINTER *)&bsafeKeyBER,
+ from,KI_RSAPublicBER)) != 0)
+ {
+ BSAFEerr(BSAFE_F_PUBLIC_BSAFE_TO_EAY,i);
+ goto err;
+ }
+ p=bsafeKeyBER->data;
+ length=bsafeKeyBER->len;
+
+ if (! d2i_X509_PUBKEY(&pubkey,&p,length))
+ {
+ BSAFEerr(BSAFE_F_PUBLIC_BSAFE_TO_EAY,i);
+ goto err;
+ }
+
+ p=pubkey->public_key->data;
+ length=pubkey->public_key->length;
+ if (! d2i_RSAPublicKey(to,&p,length))
+ {
+ BSAFEerr(BSAFE_F_PUBLIC_BSAFE_TO_EAY,ERR_R_BSAFE_LIB);
+ goto err;
+ }
+ X509_PUBKEY_free(pubkey);
+ return 1;
+ err:
+ if (pubkey != NULL) X509_PUBKEY_free(pubkey);
+ return 0;
+ }
+
+int
+BSAFE_Public_eay2bsafe(from,to)
+RSA *from;
+B_KEY_OBJ *to;
+ {
+ X509_PUBKEY *pubkey=NULL;
+ int length;
+ int i;
+ ITEM bsafeKeyBER;
+ unsigned char *p;
+
+ if (from == NULL || to == NULL) return 0;
+ pubkey=X509_PUBKEY_new();
+ if (pubkey == NULL) return 0;
+ bsafeKeyBER.data=NULL;
+ ASN1_OBJECT_free(pubkey->algor->algorithm);
+ pubkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+ length=i2d_RSAPublicKey(from,NULL);
+ pubkey->public_key->length=length;
+ p=malloc(length);
+ if (p == NULL)
+ {
+ BSAFEerr(BSAFE_F_PUBLIC_EAY_TO_BSAFE,ERR_R_BSAFE_LIB);
+ goto err;
+ }
+ pubkey->public_key->data=p;
+ i2d_RSAPublicKey(from,&p);
+
+ length=i2d_X509_PUBKEY(pubkey,NULL);
+ bsafeKeyBER.len=length;
+ p=malloc(length);
+ if (p == NULL) goto err;
+ bsafeKeyBER.data=p;
+ i2d_X509_PUBKEY(pubkey,&p);
+
+ if (*to == NULL)
+ {
+ if ((i=B_CreateKeyObject(to)) != 0)
+ {
+ BSAFEerr(BSAFE_F_PUBLIC_EAY_TO_BSAFE,i);
+ goto err;
+ }
+ }
+ if ((i=B_SetKeyInfo(*to,KI_RSAPublicBER,
+ (POINTER)&bsafeKeyBER)) != 0)
+ {
+ BSAFEerr(BSAFE_F_PUBLIC_EAY_TO_BSAFE,i);
+ goto err;
+ }
+ X509_PUBKEY_free(pubkey);
+ free(bsafeKeyBER.data);
+ return(1);
+ err:
+ if (pubkey != NULL) X509_PUBKEY_free(pubkey);
+ if (bsafeKeyBER.data != NULL) free(bsafeKeyBER.data);
+ return 0;
+ }
+
+int
+BSAFE_private_decrypt(len,from,to,rsa,padding)
+int len;
+unsigned char *from,*to;
+RSA *rsa;
+int padding;
+ {
+ int i,outlen= -1;
+ int outlenUpdate=0;
+ int n;
+ B_KEY_OBJ RSAKey=NULL;
+ B_ALGORITHM_OBJ rsaDecryptor=NULL;
+ B_ALGORITHM_METHOD *RSA_CHOOSER[] = { &AM_RSA_DECRYPT,
+ &AM_RSA_CRT_DECRYPT, NULL };
+
+ if (!BSAFE_Private_eay2bsafe(rsa,&RSAKey))
+ goto err;
+
+ if ((i=B_CreateAlgorithmObject(&rsaDecryptor)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_DECRYPT,i);
+ goto err;
+ }
+ if ((i=B_SetAlgorithmInfo(rsaDecryptor, AI_PKCS_RSAPrivate, NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_DECRYPT,i);
+ goto err;
+ }
+ if ((i=B_DecryptInit(rsaDecryptor,RSAKey,RSA_CHOOSER,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_DECRYPT,i);
+ goto err;
+ }
+ n=RSA_size(rsa);
+ if ((i=B_DecryptUpdate(rsaDecryptor,to,&outlenUpdate,n,
+ from,len,NULL,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_DECRYPT,i);
+ goto err;
+ }
+ if ((i=B_DecryptFinal(rsaDecryptor,to + outlenUpdate,&outlen,
+ n-outlenUpdate,NULL,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_DECRYPT,i);
+ goto err;
+ }
+ outlen += outlenUpdate;
+err:
+ /* memset(RSAKey,0,sizeof(RSAKey)); */
+ if (rsaDecryptor) B_DestroyAlgorithmObject(&rsaDecryptor);
+ if (RSAKey) B_DestroyKeyObject(&RSAKey);
+
+ return(outlen);
+ }
+
+
+int
+BSAFE_private_encrypt(len,from,to,rsa,padding)
+int len;
+unsigned char *from,*to;
+RSA *rsa;
+int padding;
+ {
+ int outlen= -1;
+ int outlenUpdate=0;
+ unsigned char buf[16];
+ int i,n;
+ B_KEY_OBJ RSAKey=NULL;
+ B_ALGORITHM_OBJ randomAlg=NULL;
+ B_ALGORITHM_OBJ rsaEncryptor=NULL;
+ B_ALGORITHM_METHOD *RSA_CHOOSER[] = { &AM_RSA_ENCRYPT,
+ &AM_RSA_CRT_ENCRYPT, NULL };
+ B_ALGORITHM_METHOD *RANDOM_CHOOSER[] = { &AM_MD5_RANDOM, NULL };
+
+ if (!BSAFE_Private_eay2bsafe(rsa,&RSAKey))
+ goto err;
+ randomAlg=NULL;
+ if ((i=B_CreateAlgorithmObject(&randomAlg)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_DECRYPT,i);
+ goto err;
+ }
+ if ((i=B_SetAlgorithmInfo(randomAlg,AI_MD5Random,NULL_PTR)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_DECRYPT,i);
+ goto err;
+ }
+ if ((i=B_RandomInit(randomAlg,RANDOM_CHOOSER,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_DECRYPT,i);
+ goto err;
+ }
+
+ /* Throw in 256 bytes of random data */
+ n=256;
+ while (n > 0)
+ {
+ RAND_bytes(buf,16);
+ if ((i=B_RandomUpdate(randomAlg,buf,
+ (unsigned int)((n>16)?16:n), NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_DECRYPT,i);
+ goto err;
+ }
+ n -= 16;
+ }
+
+ if ((i=B_CreateAlgorithmObject(&rsaEncryptor)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_ENCRYPT,i);
+ goto err;
+ }
+ if ((i=B_SetAlgorithmInfo(rsaEncryptor,AI_PKCS_RSAPrivate,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_ENCRYPT,i);
+ goto err;
+ }
+ if ((i=B_EncryptInit(rsaEncryptor,RSAKey,RSA_CHOOSER,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_ENCRYPT,i);
+ goto err;
+ }
+ n=RSA_size(rsa);
+ if ((i=B_EncryptUpdate(rsaEncryptor,to,&outlenUpdate,n,from,len,
+ randomAlg, NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_ENCRYPT,i);
+ goto err;
+ }
+ if ((i=B_EncryptFinal(rsaEncryptor,to + outlenUpdate,&outlen,
+ n-outlenUpdate,randomAlg,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PRIVATE_ENCRYPT,i);
+ goto err;
+ }
+ outlen += outlenUpdate;
+err:
+ B_DestroyAlgorithmObject(&randomAlg);
+ B_DestroyAlgorithmObject(&rsaEncryptor);
+ /* memset(&RSAKey,0,sizeof(RSAKey)); */
+ B_DestroyKeyObject(&RSAKey);
+ return(outlen);
+ }
+
+int
+BSAFE_public_decrypt(len,from,to,rsa,padding)
+int len;
+unsigned char *from,*to;
+RSA *rsa;
+int padding;
+ {
+ int i,outlen= -1;
+ int n;
+ int outlenUpdate=0;
+ B_KEY_OBJ RSAKey=NULL;
+ B_ALGORITHM_OBJ rsaDecryptor=NULL;
+ B_ALGORITHM_METHOD *RSA_CHOOSER[] = { &AM_RSA_DECRYPT, NULL };
+
+ if (!BSAFE_Public_eay2bsafe(rsa,&RSAKey))
+ goto err;
+
+ if ((i=B_CreateAlgorithmObject(&rsaDecryptor)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_DECRYPT,i);
+ goto err;
+ }
+ if ((i=B_SetAlgorithmInfo(rsaDecryptor, AI_PKCS_RSAPublic, NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_DECRYPT,i);
+ goto err;
+ }
+ if ((i=B_DecryptInit(rsaDecryptor,RSAKey,RSA_CHOOSER,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_DECRYPT,i);
+ goto err;
+ }
+ n=RSA_size(rsa);
+ if ((i=B_DecryptUpdate(rsaDecryptor,to,&outlenUpdate,n,
+ from,len,NULL,0)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_DECRYPT,i);
+ goto err;
+ }
+ if ((i=B_DecryptFinal(rsaDecryptor,to + outlenUpdate,&outlen,
+ n-outlenUpdate,NULL, NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_DECRYPT,i);
+ goto err;
+ }
+ outlen += outlenUpdate;
+err:
+ /* memset(RSAKey,0,sizeof(RSAKey)); */
+ if (rsaDecryptor) B_DestroyAlgorithmObject(&rsaDecryptor);
+ if (RSAKey) B_DestroyKeyObject(&RSAKey);
+
+ return(outlen);
+ }
+
+int
+BSAFE_public_encrypt(len,from,to,rsa,padding)
+int len;
+unsigned char *from,*to;
+RSA *rsa;
+int padding;
+ {
+ int outlen= -1;
+ int outlenUpdate=0;
+ unsigned char buf[16];
+ int i,n;
+ B_KEY_OBJ RSAKey=NULL;
+ B_ALGORITHM_OBJ randomAlg=NULL;
+ B_ALGORITHM_OBJ rsaEncryptor=NULL;
+ B_ALGORITHM_METHOD *RSA_CHOOSER[] = { &AM_RSA_ENCRYPT, NULL };
+ B_ALGORITHM_METHOD *RANDOM_CHOOSER[] = { &AM_MD5_RANDOM, NULL };
+
+ if (!BSAFE_Public_eay2bsafe(rsa,&RSAKey))
+ goto err;
+ randomAlg=NULL;
+ if ((i=B_CreateAlgorithmObject(&randomAlg)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_DECRYPT,i);
+ goto err;
+ }
+ if ((i=B_SetAlgorithmInfo(randomAlg,AI_MD5Random,NULL_PTR)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_DECRYPT,i);
+ goto err;
+ }
+ if ((i=B_RandomInit(randomAlg,RANDOM_CHOOSER,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_DECRYPT,i);
+ goto err;
+ }
+
+ /* Throw in 256 bytes of random data */
+ n=256;
+ while (n > 0)
+ {
+ RAND_bytes(buf,16);
+ if ((i=B_RandomUpdate(randomAlg,buf,
+ (unsigned int)((n>16)?16:n), NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_DECRYPT,i);
+ goto err;
+ }
+ n-=16;
+ }
+
+ if ((i=B_CreateAlgorithmObject(&rsaEncryptor)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_ENCRYPT,i);
+ goto err;
+ }
+ if ((i=B_SetAlgorithmInfo(rsaEncryptor,AI_PKCS_RSAPublic,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_ENCRYPT,i);
+ goto err;
+ }
+ if ((i=B_EncryptInit(rsaEncryptor,RSAKey,RSA_CHOOSER,NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_ENCRYPT,i);
+ goto err;
+ }
+ n=RSA_size(rsa);
+ if ((i=B_EncryptUpdate(rsaEncryptor,to,&outlenUpdate,n,from,len,
+ randomAlg, NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_ENCRYPT,i);
+ goto err;
+ }
+ if ((i=B_EncryptFinal(rsaEncryptor,to + outlenUpdate,&outlen,
+ n-outlenUpdate, randomAlg, NULL)) != 0)
+ {
+ BSAFEerr(BSAFE_F_RSA_PUBLIC_ENCRYPT,i);
+ goto err;
+ }
+err:
+ B_DestroyAlgorithmObject(&randomAlg);
+ B_DestroyAlgorithmObject(&rsaEncryptor);
+ /* memset(&RSAKey,0,sizeof(RSAKey)); */
+ B_DestroyKeyObject(&RSAKey);
+ return(outlen);
+ }
+
+static int BSAFE_mod_exp(r0, I, rsa)
+BIGNUM *r0;
+BIGNUM *I;
+RSA *rsa;
+ {
+ RSAREFerr(BSAFE_F_BSAFE_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return(0);
+ }
+
+static int BN_ref_mod_exp(r,a,p,m,ctx)
+BIGNUM *r,*a,*p,*m;
+BN_CTX *ctx;
+ {
+ RSAREFerr(BSAFE_F_BN_BSAFE_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return(0);
+ }
+
+static RSA_METHOD rsa_pkcs1_bsafe_meth={
+ "BSAFE PKCS#1 RSA",
+ BSAFE_public_encrypt,
+ BSAFE_public_decrypt,
+ BSAFE_private_encrypt,
+ BSAFE_private_decrypt,
+ BSAFE_mod_exp,
+ BN_ref_mod_exp,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ };
+
+RSA_METHOD *RSA_PKCS1_BSAFE()
+ {
+ return(&rsa_pkcs1_bsafe_meth);
+ }
+
diff -Naur openssl-0.9.3a/crypto/bsafe/bsafe.err
openssl-0.9.3a-patch/crypto/bsafe/bsafe.err
--- openssl-0.9.3a/crypto/bsafe/bsafe.err Thu Jan 1 00:00:00 1970
+++ openssl-0.9.3a-patch/crypto/bsafe/bsafe.err Mon Jan 10 17:13:43 2000
@@ -0,0 +1,29 @@
+/* Error codes for the BSAFE functions. */
+
+/* Function codes. */
+#define BSAFE_F_BN_REF_MOD_EXP 100
+#define BSAFE_F_RSA_BN2BIN 101
+#define BSAFE_F_RSA_PRIVATE_DECRYPT 102
+#define BSAFE_F_RSA_PRIVATE_ENCRYPT 103
+#define BSAFE_F_RSA_PUBLIC_DECRYPT 104
+#define BSAFE_F_RSA_PUBLIC_ENCRYPT 105
+#define BSAFE_F_PUBLIC_BSAFE_TO_EAY 106
+#define BSAFE_F_PUBLIC_EAY_TO_BSAFE 107
+#define BSAFE_F_PRIVATE_BSAFE_TO_EAY 108
+#define BSAFE_F_PRIVATE_EAY_TO_BSAFE 109
+
+/* Reason codes. */
+#define BSAFE_R_CONTENT_ENCODING 0x0400
+#define BSAFE_R_DATA 0x0401
+#define BSAFE_R_DIGEST_ALGORITHM 0x0402
+#define BSAFE_R_ENCODING 0x0403
+#define BSAFE_R_ENCRYPTION_ALGORITHM 0x040d
+#define BSAFE_R_KEY 0x0404
+#define BSAFE_R_KEY_ENCODING 0x0405
+#define BSAFE_R_LEN 0x0406
+#define BSAFE_R_MODULUS_LEN 0x0407
+#define BSAFE_R_NEED_RANDOM 0x0408
+#define BSAFE_R_PRIVATE_KEY 0x0409
+#define BSAFE_R_PUBLIC_KEY 0x040a
+#define BSAFE_R_SIGNATURE 0x040b
+#define BSAFE_R_SIGNATURE_ENCODING 0x040c
diff -Naur openssl-0.9.3a/crypto/bsafe/bsafe_glue.h
openssl-0.9.3a-patch/crypto/bsafe/bsafe_glue.h
--- openssl-0.9.3a/crypto/bsafe/bsafe_glue.h Thu Jan 1 00:00:00 1970
+++ openssl-0.9.3a-patch/crypto/bsafe/bsafe_glue.h Mon Jan 10 17:13:43 2000
@@ -0,0 +1,99 @@
+/* bsafe/bsafe_glue.h */
+/* Copyright (C) 1995 Eric Young ([EMAIL PROTECTED])
+ * All rights reserved.
+ *
+ * This file is part of an SSL implementation written
+ * by Eric Young ([EMAIL PROTECTED]).
+ * The implementation was written so as to conform with Netscapes SSL
+ * specification. This library and applications are
+ * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
+ * as long as the following conditions are aheared to.
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed. If this code is used in a product,
+ * Eric Young should be given attribution as the author of the parts used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Eric Young ([EMAIL PROTECTED])
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BSAFE_GLUE_H
+#define HEADER_BSAFE_GLUE_H
+
+#include <aglobal.h>
+#include <bsafe.h>
+
+#ifndef NOPROTO
+int BSAFE_Public_eay2bsafe(RSA * from, B_KEY_OBJ * to);
+int BSAFE_Public_bsafe2eay(B_KEY_OBJ from, RSA ** to);
+int BSAFE_Private_eay2bsafe(RSA * from, B_KEY_OBJ * to);
+int BSAFE_Private_bsafe2eay(B_KEY_OBJ from, RSA ** to);
+RSA_METHOD *RSA_PKCS1_RSAref();
+#else
+int BSAFE_Public_eay2bsafe();
+int BSAFE_Public_bsafe2eay();
+int BSAFE_Private_eay2bsafe();
+int BSAFE_Private_bsafe2eay();
+RSA_METHOD *BSAFE_PKCS1_RSAref();
+#endif
+
+/* Error codes for the BSAFE functions. */
+
+/* Function codes. */
+#define BSAFE_F_BN_BSAFE_MOD_EXP 100
+#define BSAFE_F_RSA_BN2BIN 101
+#define BSAFE_F_RSA_PRIVATE_DECRYPT 102
+#define BSAFE_F_RSA_PRIVATE_ENCRYPT 103
+#define BSAFE_F_RSA_PUBLIC_DECRYPT 104
+#define BSAFE_F_RSA_PUBLIC_ENCRYPT 105
+#define BSAFE_F_PUBLIC_BSAFE_TO_EAY 106
+#define BSAFE_F_PUBLIC_EAY_TO_BSAFE 107
+#define BSAFE_F_PRIVATE_BSAFE_TO_EAY 108
+#define BSAFE_F_PRIVATE_EAY_TO_BSAFE 109
+#define BSAFE_F_BSAFE_MOD_EXP 110
+
+/* Reason codes. */
+#define BSAFE_R_CONTENT_ENCODING 0x0400
+#define BSAFE_R_DATA 0x0401
+#define BSAFE_R_DIGEST_ALGORITHM 0x0402
+#define BSAFE_R_ENCODING 0x0403
+#define BSAFE_R_ENCRYPTION_ALGORITHM 0x040d
+#define BSAFE_R_KEY 0x0404
+#define BSAFE_R_KEY_ENCODING 0x0405
+#define BSAFE_R_LEN 0x0406
+#define BSAFE_R_MODULUS_LEN 0x0407
+#define BSAFE_R_NEED_RANDOM 0x0408
+#define BSAFE_R_PRIVATE_KEY 0x0409
+#define BSAFE_R_PUBLIC_KEY 0x040a
+#define BSAFE_R_SIGNATURE 0x040b
+#define BSAFE_R_SIGNATURE_ENCODING 0x040c
+
+#endif
diff -Naur openssl-0.9.3a/crypto/bsafe/bsafetest.c
openssl-0.9.3a-patch/crypto/bsafe/bsafetest.c
--- openssl-0.9.3a/crypto/bsafe/bsafetest.c Thu Jan 1 00:00:00 1970
+++ openssl-0.9.3a-patch/crypto/bsafe/bsafetest.c Mon Jan 10 17:13:43 2000
@@ -0,0 +1,307 @@
+/* Copyright (C) RSA Data Security, Inc. created 1993.
+
+ This file is used to demonstrate how to interface to an
+ RSA Data Security, Inc. licensed development product.
+
+ You have a royalty-free right to use, modify, reproduce and
+ distribute this demonstration file (including any modified
+ version), provided that you agree that RSA Data Security,
+ Inc. has no warranty, implied or otherwise, or liability
+ for this demonstration file or any modified version.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "aglobal.h"
+#include "bsafe.h"
+
+/* SSLeay includes */
+#include "bn.h"
+#include "rsa.h"
+#include "x509.h"
+
+/* This chooser selects the standard C implementations of the algorithm
+ methods.
+ */
+B_ALGORITHM_METHOD *DEMO_ALGORITHM_CHOOSER[] = {
+ &AM_DES_CBC_DECRYPT,
+ &AM_DES_CBC_ENCRYPT,
+ &AM_DH_KEY_AGREE,
+ &AM_DH_PARAM_GEN,
+ &AM_MD2,
+ &AM_MD2_RANDOM,
+ &AM_MD5,
+ &AM_MD5_RANDOM,
+ &AM_MD,
+ &AM_MAC,
+ &AM_SHA,
+ &AM_RC2_CBC_DECRYPT,
+ &AM_RC2_CBC_ENCRYPT,
+ &AM_RC5_CBC_DECRYPT,
+ &AM_RC5_CBC_ENCRYPT,
+ &AM_RC4_DECRYPT,
+ &AM_RC4_ENCRYPT,
+ &AM_RC4_WITH_MAC_DECRYPT,
+ &AM_RC4_WITH_MAC_ENCRYPT,
+ &AM_RSA_CRT_DECRYPT,
+ &AM_RSA_CRT_ENCRYPT,
+ &AM_RSA_DECRYPT,
+ &AM_RSA_ENCRYPT,
+ &AM_RSA_KEY_GEN,
+ &AM_DSA_PARAM_GEN,
+ &AM_DSA_KEY_GEN,
+ &AM_DSA_SIGN,
+ &AM_DSA_VERIFY,
+ (B_ALGORITHM_METHOD *)NULL_PTR
+};
+
+/* the public key encryption exponent Fermat 4 (F4) = 65537 */
+unsigned char EXPONENT_F4[3] = {0x1, 0x0, 0x1};
+
+static unsigned char PUBLIC_KEY3_DATA[1024];
+static unsigned int PUBLIC_KEY3_LEN = 0;
+static unsigned char PRIVATE_KEY3_DATA[2048];
+static unsigned int PRIVATE_KEY3_LEN = 0;
+
+/* define parameters for password-based encryption */
+#define PBE_ITERATION_COUNT 1000
+
+/* define size calculation macros for RSA key and DH parameter generation */
+
+#define MAX_OBJECT_ID_LEN 11
+#define MAX_PBE_PARAMETER_LEN (2 + MAX_OBJECT_ID_LEN + 18)
+#define MAX_RSA_PARAMETER_LEN 8
+
+#define MAX_RSA_ALGORITHM_ID_LEN \
+ (2 + MAX_OBJECT_ID_LEN + MAX_RSA_PARAMETER_LEN)
+
+#define MAX_PASSWORD_PROTECT_DELTA 8
+#define PUB_KEY_BYTES(modBits) (23 + MAX_RSA_ALGORITHM_ID_LEN + (modBits / 8))
+
+#define PP_PRIV_KEY_BYTES(modBits) \
+ (59 + MAX_RSA_ALGORITHM_ID_LEN + 2 * (modBits / 8) \
+ + 5 * ((modBits + 1) / 16) + MAX_PASSWORD_PROTECT_DELTA)
+
+#define DH_PARAMS_BYTES(pBits) \
+ (3 + MAX_OBJECT_ID_LEN + 13 + 2 * ((pBits / 8) + 1))
+
+/* define maximum output buffer size for Diffie-Hellman computation,
+ RSA signatures and RSA Envelopes
+ */
+
+#define MAX_DH_PRIME_BITS 2048
+#define MAX_DH_OUTPUT_BYTES (MAX_DH_PRIME_BITS / 8 + 1)
+#define MAX_RSA_MODULUS 2048
+#define MAX_RSA_OUTPUT_BYTES (MAX_RSA_MODULUS / 8 + 1)
+
+
+int BSL_MakeRSAKeyPairFromSeed
+ (publicKey, publicKeyLen, ppPrivateKey, ppPrivateKeyLen,
+ pbeParams, pbeParamsLen, keySizeBits, seed, seedLen, password, passwordLen)
+unsigned char *publicKey;
+unsigned int *publicKeyLen;
+unsigned char *ppPrivateKey;
+unsigned int *ppPrivateKeyLen;
+unsigned char *pbeParams;
+unsigned int *pbeParamsLen;
+unsigned int keySizeBits;
+unsigned char *seed;
+unsigned int seedLen;
+unsigned char *password;
+unsigned int passwordLen;
+{
+ A_RSA_KEY_GEN_PARAMS keyGenParams;
+ B_ALGORITHM_OBJ generateAlgorithmObj = NULL_PTR;
+ B_ALGORITHM_OBJ pbEncryptionAlgorithmObj = NULL_PTR;
+ B_ALGORITHM_OBJ randomAlgorithmObj = NULL_PTR;
+ B_ALGORITHM_OBJ saltDigestAlgorithmObj = NULL_PTR;
+ B_KEY_OBJ passwordKeyObj = NULL_PTR;
+ B_KEY_OBJ privateKeyObj = NULL_PTR;
+ B_KEY_OBJ publicKeyObj = NULL_PTR;
+ int status;
+ RSA *ssleayPublicKey=NULL;
+ RSA *ssleayPrivateKey=NULL;
+ B_KEY_OBJ bsafePublicKey=NULL;
+ B_KEY_OBJ bsafePrivateKey=NULL;
+
+ unsigned char toPrivateEncrypt[32] = {
+ 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16,
+ 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0};
+ unsigned char publicEncrypted[64] = {0};
+ unsigned char publicDecrypted[64] = {0};
+
+ unsigned char toPublicEncrypt[32] = {
+ 63, 62, 61, 60, 59, 58, 57, 56, 55, 54, 53, 52, 51, 50, 49, 48,
+ 47, 46, 45, 44, 43, 42, 41, 40, 39, 38, 37, 36, 35, 34, 33, 32};
+ unsigned char privateEncrypted[64] = {0};
+ unsigned char privateDecrypted[64] = {0};
+
+ extern int BSAFE_Public_eay2bsafe(RSA * from, B_KEY_OBJ * to);
+ extern int BSAFE_Public_bsafe2eay(B_KEY_OBJ from, RSA ** to);
+ extern int BSAFE_Private_eay2bsafe(RSA * from, B_KEY_OBJ * to);
+ extern int BSAFE_Private_bsafe2eay(B_KEY_OBJ from, RSA ** to);
+
+ /* do {} while(0); provides convenient way to ensure cleanup upon error */
+ do {
+
+ /* create random algorithm objects and set algorithm info */
+ status = B_CreateAlgorithmObject (&randomAlgorithmObj);
+ if (status != 0)
+ break;
+
+ status = B_SetAlgorithmInfo (randomAlgorithmObj, AI_MD5Random, NULL_PTR);
+ if (status != 0)
+ break;
+ /******************************************************************
+ NOTE: The choice of MD5 for hashing random numbers is arbitrary.
+ AI_MD5Random may also be used. See Internet RFC1319 and RFC1321.
+ ******************************************************************/
+
+ /* call random init, update with supplied seed bytes */
+ status = B_RandomInit
+ (randomAlgorithmObj, DEMO_ALGORITHM_CHOOSER,
+ (A_SURRENDER_CTX *)NULL_PTR);
+ if (status != 0)
+ break;
+
+ status = B_RandomUpdate
+ (randomAlgorithmObj, seed, seedLen, (A_SURRENDER_CTX *)NULL_PTR);
+ if (status != 0)
+ break;
+
+ /* create generate algorithm object */
+ status = B_CreateAlgorithmObject (&generateAlgorithmObj);
+ if (status != 0)
+ break;
+
+ /* set up key generation parameters and set algorithm object */
+ keyGenParams.modulusBits = keySizeBits;
+ keyGenParams.publicExponent.data = EXPONENT_F4;
+ keyGenParams.publicExponent.len = sizeof (EXPONENT_F4);
+ status = B_SetAlgorithmInfo
+ (generateAlgorithmObj, AI_RSAKeyGen, (POINTER)&keyGenParams);
+ if (status != 0)
+ break;
+ /******************************************************************
+ NOTE: The choice of F4 (65537) for a public exponent is arbitrary.
+ The value 3 or other value may also be used. See PKCS #1.
+ ******************************************************************/
+
+ /* generate init */
+ status = B_GenerateInit
+ (generateAlgorithmObj, DEMO_ALGORITHM_CHOOSER,
+ (A_SURRENDER_CTX *)NULL_PTR);
+ if (status != 0)
+ break;
+
+ /* create private and public key objects */
+ status = B_CreateKeyObject (&privateKeyObj);
+ if (status != 0)
+ break;
+
+ status = B_CreateKeyObject (&publicKeyObj);
+ if (status != 0)
+ break;
+
+ /* generate keys and store in key objects (may take a few moments) */
+ printf("Creating key pair...\n"); fflush(stdout);
+ status = B_GenerateKeypair
+ (generateAlgorithmObj, publicKeyObj, privateKeyObj,
+ randomAlgorithmObj, (A_SURRENDER_CTX *)NULL_PTR);
+ if (status != 0)
+ break;
+
+ printf("BSAFE to SSLeay public key..."); fflush(stdout);
+ if (! BSAFE_Public_bsafe2eay(publicKeyObj, &ssleayPublicKey)) {
+ printf(" Failed.\n"); fflush(stdout);
+ break;
+ } else {
+ printf(" OK.\n"); fflush(stdout);
+ }
+ printf("SSLeay to BSAFE public key..."); fflush(stdout);
+ if (! BSAFE_Public_eay2bsafe(ssleayPublicKey, &bsafePublicKey)) {
+ printf(" Failed.\n"); fflush(stdout);
+ break;
+ } else {
+ printf(" OK.\n"); fflush(stdout);
+ }
+
+ printf("BSAFE to SSLeay private key..."); fflush(stdout);
+ if (! BSAFE_Private_bsafe2eay(privateKeyObj, &ssleayPrivateKey)) {
+ printf(" Failed.\n"); fflush(stdout);
+ break;
+ } else {
+ printf(" OK.\n"); fflush(stdout);
+ }
+
+ printf("SSLeay to BSAFE private key..."); fflush(stdout);
+ if (! BSAFE_Private_eay2bsafe(ssleayPrivateKey, &bsafePrivateKey)) {
+ printf(" Failed.\n"); fflush(stdout);
+ break;
+ } else {
+ printf(" OK.\n"); fflush(stdout);
+ }
+
+ printf("RSA Private Encrypt..."); fflush(stdout);
+ if (RSA_private_encrypt(sizeof(toPrivateEncrypt), toPrivateEncrypt,
+ privateEncrypted, ssleayPrivateKey,0) == -1) {
+ printf(" Failed.\n"); fflush(stdout);
+ } else {
+ printf(" OK.\n"); fflush(stdout);
+ }
+
+ printf("RSA Public Decrypt..."); fflush(stdout);
+ if (RSA_public_decrypt(sizeof(privateEncrypted), privateEncrypted,
+ privateDecrypted, ssleayPublicKey,0) == -1) {
+ printf(" Failed.\n"); fflush(stdout);
+ } else {
+ printf(" OK.\n"); fflush(stdout);
+ }
+
+ printf("RSA Public Encrypt..."); fflush(stdout);
+ if (RSA_public_encrypt(sizeof(toPublicEncrypt), toPublicEncrypt,
+ publicEncrypted, ssleayPublicKey,0) == -1) {
+ printf(" Failed.\n"); fflush(stdout);
+ } else {
+ printf(" OK.\n"); fflush(stdout);
+ }
+ printf("RSA Private Decrypt..."); fflush(stdout);
+ if (RSA_private_decrypt(sizeof(publicEncrypted), publicEncrypted,
+ publicDecrypted, ssleayPrivateKey,0) == -1) {
+ printf(" Failed.\n"); fflush(stdout);
+ } else {
+ printf(" OK.\n"); fflush(stdout);
+ }
+
+ } while (0);
+
+ /* cleanup objects */
+ B_DestroyAlgorithmObject (&generateAlgorithmObj);
+ B_DestroyAlgorithmObject (&pbEncryptionAlgorithmObj);
+ B_DestroyAlgorithmObject (&randomAlgorithmObj);
+ B_DestroyAlgorithmObject (&saltDigestAlgorithmObj);
+ B_DestroyKeyObject (&passwordKeyObj);
+ B_DestroyKeyObject (&privateKeyObj);
+ B_DestroyKeyObject (&publicKeyObj);
+
+ return (status);
+}
+
+int
+main()
+{
+ int status;
+ unsigned int modulusBits = 512;
+ unsigned char *seed = "adfabadfafeafdkj";
+
+ if ((status = BSL_MakeRSAKeyPairFromSeed
+ (PUBLIC_KEY3_DATA, &PUBLIC_KEY3_LEN, PRIVATE_KEY3_DATA,
+ &PRIVATE_KEY3_LEN, (unsigned char *)NULL_PTR, 0,
+ (unsigned int)modulusBits, (unsigned char *)seed,
+ (unsigned int)strlen (seed), (unsigned char *)NULL_PTR, 0)) != 0) {
+ fprintf (stderr, "Error generating keys: %d\n", status);
+ exit(1);
+ }
+ return 0;
+}
diff -Naur openssl-0.9.3a/crypto/bsafe/tstdlib.c
openssl-0.9.3a-patch/crypto/bsafe/tstdlib.c
--- openssl-0.9.3a/crypto/bsafe/tstdlib.c Thu Jan 1 00:00:00 1970
+++ openssl-0.9.3a-patch/crypto/bsafe/tstdlib.c Mon Jan 10 17:13:43 2000
@@ -0,0 +1,111 @@
+/* Copyright (C) RSA Data Security, Inc. created 1992.
+
+ This file is used to demonstrate how to interface to an
+ RSA Data Security, Inc. licensed development product.
+
+ You have a royalty-free right to use, modify, reproduce and
+ distribute this demonstration file (including any modified
+ version), provided that you agree that RSA Data Security,
+ Inc. has no warranty, implied or otherwise, or liability
+ for this demonstration file or any modified version.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "aglobal.h"
+#include "bsafe.h"
+
+/* If the standard C library comes with a memmove() that correctly
+ handles overlapping buffers, MEMMOVE_PRESENT should be defined as
+ 1, else 0.
+ The following defines MEMMOVE_PRESENT as 1 if it has not already been
+ defined as 0 with C compiler flags.
+ */
+#ifndef MEMMOVE_PRESENT
+#define MEMMOVE_PRESENT 1
+#endif
+
+#ifndef WIN32
+#ifndef CALL_CONV
+#define CALL_CONV
+#endif
+#endif
+
+void CALL_CONV T_memset (p, c, count)
+POINTER p;
+int c;
+unsigned int count;
+{
+ if (count != 0)
+ memset (p, c, count);
+}
+
+void CALL_CONV T_memcpy (d, s, count)
+POINTER d, s;
+unsigned int count;
+{
+ if (count != 0)
+ memcpy (d, s, count);
+}
+
+void CALL_CONV T_memmove (d, s, count)
+POINTER d, s;
+unsigned int count;
+{
+#if MEMMOVE_PRESENT
+ if (count != 0)
+ memmove (d, s, count);
+#else
+ unsigned int i;
+
+ if ((char *)d == (char *)s)
+ return;
+ else if ((char *)d > (char *)s) {
+ for (i = count; i > 0; i--)
+ ((char *)d)[i-1] = ((char *)s)[i-1];
+ }
+ else {
+ for (i = 0; i < count; i++)
+ ((char *)d)[i] = ((char *)s)[i];
+ }
+#endif
+}
+
+int CALL_CONV T_memcmp (s1, s2, count)
+POINTER s1, s2;
+unsigned int count;
+{
+ if (count == 0)
+ return (0);
+ else
+ return (memcmp (s1, s2, count));
+}
+
+POINTER CALL_CONV T_malloc (size)
+unsigned int size;
+{
+ return ((POINTER)malloc (size == 0 ? 1 : size));
+}
+
+POINTER CALL_CONV T_realloc (p, size)
+POINTER p;
+unsigned int size;
+{
+ POINTER result;
+
+ if (p == NULL_PTR)
+ return (T_malloc (size));
+
+ if ((result = (POINTER)realloc (p, size == 0 ? 1 : size)) == NULL_PTR)
+ free (p);
+ return (result);
+}
+
+void CALL_CONV T_free (p)
+POINTER p;
+{
+ if (p != NULL_PTR)
+ free (p);
+}
+
diff -Naur openssl-0.9.3a/crypto/err/err.h openssl-0.9.3a-patch/crypto/err/err.h
--- openssl-0.9.3a/crypto/err/err.h Wed May 5 12:35:27 1999
+++ openssl-0.9.3a-patch/crypto/err/err.h Mon Jan 10 17:13:21 2000
@@ -122,6 +122,7 @@
#define ERR_LIB_PKCS7 33
#define ERR_LIB_X509V3 34
#define ERR_LIB_PKCS12 35
+#define ERR_LIB_BSAFE 39
#define ERR_LIB_USER 128
@@ -149,6 +150,7 @@
#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),ERR_file_name,__LINE__)
#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__)
+#define BSAFEerr(f,r) ERR_PUT_error(ERR_LIB_BSAFE,(f),(r),ERR_file_name,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */
@@ -196,6 +198,7 @@
#define ERR_R_BIO_LIB ERR_LIB_BIO
#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7
#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12
+#define ERR_R_BSAFE_LIB ERR_LIB_BSAFE
/* fatal error */
#define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL)
diff -Naur openssl-0.9.3a/crypto/rsa/Makefile.ssl
openssl-0.9.3a-patch/crypto/rsa/Makefile.ssl
--- openssl-0.9.3a/crypto/rsa/Makefile.ssl Sun May 23 12:36:16 1999
+++ openssl-0.9.3a-patch/crypto/rsa/Makefile.ssl Mon Jan 10 17:51:35 2000
@@ -5,7 +5,7 @@
DIR= rsa
TOP= ../..
CC= cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I../../include
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
diff -Naur openssl-0.9.3a/crypto/rsa/rsa.h openssl-0.9.3a-patch/crypto/rsa/rsa.h
--- openssl-0.9.3a/crypto/rsa/rsa.h Tue Apr 27 01:14:36 1999
+++ openssl-0.9.3a-patch/crypto/rsa/rsa.h Mon Jan 10 17:13:37 2000
@@ -167,6 +167,9 @@
/* If you have RSAref compiled in. */
RSA_METHOD *RSA_PKCS1_RSAref(void);
+/* If you are using BSAFE */
+RSA_METHOD *RSA_PKCS1_BSAFE(void);
+
/* these are the actual SSLeay RSA functions */
RSA_METHOD *RSA_PKCS1_SSLeay(void);
diff -Naur openssl-0.9.3a/crypto/rsa/rsa_lib.c
openssl-0.9.3a-patch/crypto/rsa/rsa_lib.c
--- openssl-0.9.3a/crypto/rsa/rsa_lib.c Fri Apr 23 22:12:14 1999
+++ openssl-0.9.3a-patch/crypto/rsa/rsa_lib.c Mon Jan 10 17:13:37 2000
@@ -87,6 +87,8 @@
{
#ifdef RSAref
default_RSA_meth=RSA_PKCS1_RSAref();
+#elif defined(BSAFE)
+ default_RSA_meth=RSA_PKCS1_BSAFE();
#else
default_RSA_meth=RSA_PKCS1_SSLeay();
#endif
diff -Naur openssl-0.9.3a/crypto/x509/x509.h openssl-0.9.3a-patch/crypto/x509/x509.h
--- openssl-0.9.3a/crypto/x509/x509.h Sun May 23 12:36:19 1999
+++ openssl-0.9.3a-patch/crypto/x509/x509.h Mon Jan 10 17:13:40 2000
@@ -133,6 +133,15 @@
EVP_PKEY *pkey;
} X509_PUBKEY;
+typedef struct x509_privkey_st
+ {
+ int type; /* Encrypted type not implemented */
+ ASN1_INTEGER *version;
+ X509_ALGOR *algor;
+ ASN1_OCTET_STRING *privkey;
+ STACK *attributes;
+ } X509_PRIVKEY;
+
typedef struct X509_sig_st
{
X509_ALGOR *algor;
@@ -269,6 +278,22 @@
int references;
} X509_CRL;
+typedef struct x509_pkey_info
+ {
+ /* PrivateKeyInfo type */
+ ASN1_INTEGER *version;
+ X509_ALGOR *pkey_algor;
+ ASN1_OCTET_STRING *pkey;
+ STACK /* X509_ATTRIBUTE */ *attrs;
+ } X509_PKEY_INFO;
+
+typedef struct x509_enc_pkey_info
+ {
+ /* EncryptedPrivateKeyInfo type */
+ X509_ALGOR *enc_algor;
+ ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
+ } X509_ENC_PKEY_INFO;
+
typedef struct private_key_st
{
int version;
@@ -644,6 +669,11 @@
EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK *chain);
+X509_PRIVKEY * X509_PRIVKEY_new(void );
+void X509_PRIVKEY_free(X509_PRIVKEY *a);
+int i2d_X509_PRIVKEY(X509_PRIVKEY *a,unsigned char **pp);
+X509_PRIVKEY * d2i_X509_PRIVKEY(X509_PRIVKEY **a,unsigned char **pp,
+ long length);
X509_SIG * X509_SIG_new(void );
void X509_SIG_free(X509_SIG *a);
diff -Naur openssl-0.9.3a/dep/files openssl-0.9.3a-patch/dep/files
--- openssl-0.9.3a/dep/files Mon Dec 21 11:00:56 1998
+++ openssl-0.9.3a-patch/dep/files Mon Jan 10 17:13:45 2000
@@ -510,6 +510,10 @@
./rsaref/rsaref.h RSAREF
./rsaref/rsar_err.c RSAREF
+./bsafe/bsafe.c BSAFE
+./bsafe/bsafe_glue.h BSAFE
+./bsafe/bsaf_err.c BSAFE
+
./apps/apps.c APPS
./apps/apps.h APPS
./apps/asn1pars.c APPS
diff -Naur openssl-0.9.3a/test/Makefile.ssl openssl-0.9.3a-patch/test/Makefile.ssl
--- openssl-0.9.3a/test/Makefile.ssl Sun May 23 12:38:02 1999
+++ openssl-0.9.3a-patch/test/Makefile.ssl Mon Jan 10 17:13:58 2000
@@ -26,7 +26,7 @@
DLIBCRYPTO= ../libcrypto.a
DLIBSSL= ../libssl.a
-LIBCRYPTO= -L.. -lcrypto
+LIBCRYPTO= -L.. -lcrypto -lBSAFEglue -lbsafe -lm -lBSAFEglue -lcrypto
LIBSSL= -L.. -lssl
BNTEST= bntest
