update

apps/Makefile

@@ -946,6 +946,7 @@ speed.o: ../include/openssl/lhash.h ../include/openssl/md4.h
 speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
 speed.o: ../include/openssl/sm3.h ../include/openssl/sms4.h
 speed.o: ../include/openssl/zuc.h
+speed.o: ../include/openssl/cpk.h
 speed.o: ../include/openssl/modes.h ../include/openssl/obj_mac.h
 speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

apps/ca-gencert-engine.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+PIN=123456
+PUK=654321
+P11LIB=/usr/local/lib/opensc-pkcs11.so
+REQFILE=req.pem
+USERNAME="John Doe"
+
+echo " *** Erase card ***"
+pkcs15-init --erase-card --verbose
+
+echo " *** Initialization ***"
+pkcs15-init				\
+	--create-pkcs15			\
+	--profile pkcs15+onepin 	\
+	--pin $PIN 			\
+	--puk $PUK			\
+	--label "Personal Crypto Token"	\
+	--verbose
+
+echo " *** Generate Key Pair ***"
+pkcs11-tool 				\
+	--keypairgen			\
+	--module $P11LIB		\
+	--login --pin $PIN		\
+	--key-type rsa:2048		\
+	--usage-sign			\
+	--subject $USERNAME		\
+	--label "Private Key"
+
+KEYID=`pkcs11-tool --module $P11LIB --list-objects | grep "ID"  | awk '{ print $2}'`
+
+
+echo " *** Generate Certificate Request ***"
+openssl req				\
+	-new				\
+	-engine pkcs11 			\
+	-config openssl.conf		\
+	-keyform engine			\
+	-key 1:$KEYID			\
+	-subj "/C=CN/ST=Beijing/L=Beijing/O=PKU/OU=Infosec/CN=$1/emailAddress=$1@pku.edu.cn"	\
+	-out $REQFILE
+
+openssl req -in $REQFILE -text
+
+CERTFILE=user.pem
+CERTDER=user.der
+
+echo " *** Sign Certificate ***"
+openssl ca -batch -out $CERTFILE -notext -outdir . -infiles $REQFILE
+openssl x509 -in $CERTFILE -outform DER -out $CERTDER
+
+echo " *** Import Certificate to Token ***"
+pkcs11-tool --write-object $CERTDER	\
+	--module $P11LIB		\
+	--login --pin $PIN		\
+	--label Certificate		\
+	--type cert			
+
+echo " *** Show Token Info ***"
+pkcs11-tool --list-token-slots		\
+	--module $P11LIB
+
+pkcs11-tool --list-objects		\
+	--module $P11LIB		\
+	--login --pin $PIN	
+
+openssl x509 -in $CERTFILE -text -noout
+
+

apps/ca-gencert.sh

@@ -0,0 +1,17 @@
+#!/bin/bash -x
+
+CURVE=secp192k1
+KEY_FILE=user.key
+REQ_FILE=user.req
+CERT_FILE=user.pem
+
+#openssl ecparam -genkey -name $CURVE -text -out $KEY_FILE
+openssl genrsa 1024 -text > $KEY_FILE
+openssl req -new -key $KEY_FILE -out $REQ_FILE
+openssl ca -out $CERT_FILE  -outdir . -infiles $REQ_FILE
+openssl pkcs12 -export -out user.pfx -in $CERT_FILE -inkey $KEY_FILE -certfile .demoCA/cacert.pem
+
+#rm -f $KEY_FILE
+#rm -f $REQ_FILE
+#rm -f $CERT_FILE
+

apps/ca-key.pem

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
------END RSA PRIVATE KEY-----

apps/ca-req.pem

@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
-MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
-bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
-FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
-cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
-cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
-5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
-kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
------END CERTIFICATE REQUEST-----

apps/ca-setup.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+CURVE=prime256v1
+DIR=demoCA
+
+rm -fr $DIR
+mkdir $DIR
+mkdir $DIR/certs
+mkdir $DIR/crl
+mkdir $DIR/newcerts
+mkdir $DIR/private/
+touch $DIR/index.txt
+touch $DIR/crlnumber
+touch $DIR/private/.rand
+echo 01 > $DIR/serial
+
+#openssl ecparam -genkey -name $CURVE -text -out $DIR/private/cakey.pem
+
+openssl genrsa 2048 -text > $DIR/private/cakey.pem
+openssl req -new -x509 -days 3650 -key $DIR/private/cakey.pem -out $DIR/cacert.pem
+openssl x509 -text -noout -in $DIR/cacert.pem
+

apps/ca-show-token-info.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+PIN=123456
+PUK=654321
+P11LIB=/usr/local/lib/opensc-pkcs11.so
+
+pkcs11-tool --list-token-slots --module $P11LIB
+pkcs11-tool --list-objects		\
+	--module $P11LIB		\
+	--login --pin $PIN
+

apps/progs.h

@@ -1,6 +1,52 @@
 /* apps/progs.h */
 /* automatically generated by progs.pl for openssl.c */
 
+extern int verify_main(int argc,char *argv[]);
+extern int asn1parse_main(int argc,char *argv[]);
+extern int req_main(int argc,char *argv[]);
+extern int dgst_main(int argc,char *argv[]);
+extern int dh_main(int argc,char *argv[]);
+extern int dhparam_main(int argc,char *argv[]);
+extern int enc_main(int argc,char *argv[]);
+extern int passwd_main(int argc,char *argv[]);
+extern int gendh_main(int argc,char *argv[]);
+extern int errstr_main(int argc,char *argv[]);
+extern int ca_main(int argc,char *argv[]);
+extern int crl_main(int argc,char *argv[]);
+extern int rsa_main(int argc,char *argv[]);
+extern int rsautl_main(int argc,char *argv[]);
+extern int dsa_main(int argc,char *argv[]);
+extern int dsaparam_main(int argc,char *argv[]);
+extern int ec_main(int argc,char *argv[]);
+extern int ecparam_main(int argc,char *argv[]);
+extern int x509_main(int argc,char *argv[]);
+extern int genrsa_main(int argc,char *argv[]);
+extern int gendsa_main(int argc,char *argv[]);
+extern int genpkey_main(int argc,char *argv[]);
+extern int s_server_main(int argc,char *argv[]);
+extern int s_client_main(int argc,char *argv[]);
+extern int speed_main(int argc,char *argv[]);
+extern int s_time_main(int argc,char *argv[]);
+extern int version_main(int argc,char *argv[]);
+extern int pkcs7_main(int argc,char *argv[]);
+extern int cms_main(int argc,char *argv[]);
+extern int crl2pkcs7_main(int argc,char *argv[]);
+extern int sess_id_main(int argc,char *argv[]);
+extern int ciphers_main(int argc,char *argv[]);
+extern int nseq_main(int argc,char *argv[]);
+extern int pkcs12_main(int argc,char *argv[]);
+extern int pkcs8_main(int argc,char *argv[]);
+extern int pkey_main(int argc,char *argv[]);
+extern int pkeyparam_main(int argc,char *argv[]);
+extern int pkeyutl_main(int argc,char *argv[]);
+extern int spkac_main(int argc,char *argv[]);
+extern int smime_main(int argc,char *argv[]);
+extern int rand_main(int argc,char *argv[]);
+extern int engine_main(int argc,char *argv[]);
+extern int ocsp_main(int argc,char *argv[]);
+extern int prime_main(int argc,char *argv[]);
+extern int ts_main(int argc,char *argv[]);
+extern int srp_main(int argc,char *argv[]);
 
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -17,6 +63,94 @@ typedef struct {
 DECLARE_LHASH_OF(FUNCTION);
 
 FUNCTION functions[] = {
+	{FUNC_TYPE_GENERAL,"verify",verify_main},
+	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
+	{FUNC_TYPE_GENERAL,"req",req_main},
+	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
+#ifndef OPENSSL_NO_DH
+	{FUNC_TYPE_GENERAL,"dh",dh_main},
+#endif
+#ifndef OPENSSL_NO_DH
+	{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
+#endif
+	{FUNC_TYPE_GENERAL,"enc",enc_main},
+	{FUNC_TYPE_GENERAL,"passwd",passwd_main},
+#ifndef OPENSSL_NO_DH
+	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
+#endif
+	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
+	{FUNC_TYPE_GENERAL,"ca",ca_main},
+	{FUNC_TYPE_GENERAL,"crl",crl_main},
+#ifndef OPENSSL_NO_RSA
+	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
+#endif
+#ifndef OPENSSL_NO_RSA
+	{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+	{FUNC_TYPE_GENERAL,"dsa",dsa_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
+#endif
+#ifndef OPENSSL_NO_EC
+	{FUNC_TYPE_GENERAL,"ec",ec_main},
+#endif
+#ifndef OPENSSL_NO_EC
+	{FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
+#endif
+	{FUNC_TYPE_GENERAL,"x509",x509_main},
+#ifndef OPENSSL_NO_RSA
+	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
+#endif
+	{FUNC_TYPE_GENERAL,"genpkey",genpkey_main},
+#if !defined(OPENSSL_NO_SOCK)
+	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK)
+	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
+#endif
+#ifndef OPENSSL_NO_SPEED
+	{FUNC_TYPE_GENERAL,"speed",speed_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK)
+	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
+#endif
+	{FUNC_TYPE_GENERAL,"version",version_main},
+	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
+#ifndef OPENSSL_NO_CMS
+	{FUNC_TYPE_GENERAL,"cms",cms_main},
+#endif
+	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
+	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
+#if !defined(OPENSSL_NO_SOCK)
+	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
+#endif
+	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
+#endif
+	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
+	{FUNC_TYPE_GENERAL,"pkey",pkey_main},
+	{FUNC_TYPE_GENERAL,"pkeyparam",pkeyparam_main},
+	{FUNC_TYPE_GENERAL,"pkeyutl",pkeyutl_main},
+	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
+	{FUNC_TYPE_GENERAL,"smime",smime_main},
+	{FUNC_TYPE_GENERAL,"rand",rand_main},
+#ifndef OPENSSL_NO_ENGINE
+	{FUNC_TYPE_GENERAL,"engine",engine_main},
+#endif
+#ifndef OPENSSL_NO_OCSP
+	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+#endif
+	{FUNC_TYPE_GENERAL,"prime",prime_main},
+	{FUNC_TYPE_GENERAL,"ts",ts_main},
+#ifndef OPENSSL_NO_SRP
+	{FUNC_TYPE_GENERAL,"srp",srp_main},
+#endif
 #ifndef OPENSSL_NO_MD2
 	{FUNC_TYPE_MD,"md2",dgst_main},
 #endif