diff -ur ./openssl-0.9.7g/Makefile ./openssl-0.9.7g-xpgp-0.1c/Makefile --- ./openssl-0.9.7g/Makefile 2005-04-11 16:17:45.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/Makefile 2006-10-04 02:32:05.000000000 +0100 @@ -186,7 +186,7 @@ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa dh dso engine aes \ buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + evp asn1 pem x509 x509v3 xpgp conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 FDIRS= sha1 rand des aes dsa rsa dh diff -ur ./openssl-0.9.7g/Makefile.org ./openssl-0.9.7g-xpgp-0.1c/Makefile.org --- ./openssl-0.9.7g/Makefile.org 2005-03-15 09:46:13.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/Makefile.org 2006-10-04 02:31:55.000000000 +0100 @@ -184,7 +184,7 @@ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa dh dso engine aes \ buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + evp asn1 pem x509 x509v3 xpgp conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 FDIRS= sha1 rand des aes dsa rsa dh Only in ./openssl-0.9.7g-xpgp-0.1c/apps: Makefile.xpgp diff -ur ./openssl-0.9.7g/apps/sess_id.c ./openssl-0.9.7g-xpgp-0.1c/apps/sess_id.c --- ./openssl-0.9.7g/apps/sess_id.c 2002-12-03 16:34:26.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/apps/sess_id.c 2006-10-04 01:14:25.000000000 +0100 @@ -231,10 +231,10 @@ if (cert) { - if (x->peer == NULL) + if (x->peer.x509 == NULL) BIO_puts(out,"No certificate present\n"); else - X509_print(out,x->peer); + X509_print(out,x->peer.x509); } } @@ -253,12 +253,12 @@ goto end; } } - else if (!noout && (x->peer != NULL)) /* just print the certificate */ + else if (!noout && (x->peer.x509 != NULL)) /* just print the certificate */ { if (outformat == FORMAT_ASN1) - i=(int)i2d_X509_bio(out,x->peer); + i=(int)i2d_X509_bio(out,x->peer.x509); else if (outformat == FORMAT_PEM) - i=PEM_write_bio_X509(out,x->peer); + i=PEM_write_bio_X509(out,x->peer.x509); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; Only in ./openssl-0.9.7g-xpgp-0.1c/apps: xpgp_display.c Only in ./openssl-0.9.7g-xpgp-0.1c/apps: xpgp_keyring.c Only in ./openssl-0.9.7g-xpgp-0.1c/apps: xpgp_new.c Only in ./openssl-0.9.7g-xpgp-0.1c/apps: xpgp_sign.c diff -ur ./openssl-0.9.7g/crypto/Makefile ./openssl-0.9.7g-xpgp-0.1c/crypto/Makefile --- ./openssl-0.9.7g/crypto/Makefile 2005-03-15 09:46:14.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/crypto/Makefile 2006-10-04 01:32:54.000000000 +0100 @@ -29,7 +29,8 @@ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa dh dso engine aes \ buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 xpgp \ + GENERAL=Makefile README crypto-lib.com install.com diff -ur ./openssl-0.9.7g/crypto/asn1/Makefile ./openssl-0.9.7g-xpgp-0.1c/crypto/asn1/Makefile --- ./openssl-0.9.7g/crypto/asn1/Makefile 2004-11-02 23:53:28.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/crypto/asn1/Makefile 2006-10-04 01:31:00.000000000 +0100 @@ -33,7 +33,9 @@ f_int.c f_string.c n_pkey.c \ f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \ asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \ - evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c + evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c \ + x_xPGP.c t_xPGP.c + LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ @@ -45,7 +47,8 @@ f_int.o f_string.o n_pkey.o \ f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \ asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \ - evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o + evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o \ + x_xPGP.o t_xPGP.o SRC= $(LIBSRC) Only in ./openssl-0.9.7g-xpgp-0.1c/crypto/asn1: t_xPGP.c Only in ./openssl-0.9.7g-xpgp-0.1c/crypto/asn1: x_xPGP.c diff -ur ./openssl-0.9.7g/crypto/stack/safestack.h ./openssl-0.9.7g-xpgp-0.1c/crypto/stack/safestack.h --- ./openssl-0.9.7g/crypto/stack/safestack.h 2004-10-04 17:27:34.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/crypto/stack/safestack.h 2006-10-04 01:37:07.000000000 +0100 @@ -1363,6 +1363,90 @@ #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) #define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) +#define sk_XPGP_new(st) SKM_sk_new(XPGP, (st)) +#define sk_XPGP_new_null() SKM_sk_new_null(XPGP) +#define sk_XPGP_free(st) SKM_sk_free(XPGP, (st)) +#define sk_XPGP_num(st) SKM_sk_num(XPGP, (st)) +#define sk_XPGP_value(st, i) SKM_sk_value(XPGP, (st), (i)) +#define sk_XPGP_set(st, i, val) SKM_sk_set(XPGP, (st), (i), (val)) +#define sk_XPGP_zero(st) SKM_sk_zero(XPGP, (st)) +#define sk_XPGP_push(st, val) SKM_sk_push(XPGP, (st), (val)) +#define sk_XPGP_unshift(st, val) SKM_sk_unshift(XPGP, (st), (val)) +#define sk_XPGP_find(st, val) SKM_sk_find(XPGP, (st), (val)) +#define sk_XPGP_delete(st, i) SKM_sk_delete(XPGP, (st), (i)) +#define sk_XPGP_delete_ptr(st, ptr) SKM_sk_delete_ptr(XPGP, (st), (ptr)) +#define sk_XPGP_insert(st, val, i) SKM_sk_insert(XPGP, (st), (val), (i)) +#define sk_XPGP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(XPGP, (st), (cmp)) +#define sk_XPGP_dup(st) SKM_sk_dup(XPGP, st) +#define sk_XPGP_pop_free(st, free_func) SKM_sk_pop_free(XPGP, (st), (free_func)) +#define sk_XPGP_shift(st) SKM_sk_shift(XPGP, (st)) +#define sk_XPGP_pop(st) SKM_sk_pop(XPGP, (st)) +#define sk_XPGP_sort(st) SKM_sk_sort(XPGP, (st)) +#define sk_XPGP_is_sorted(st) SKM_sk_is_sorted(XPGP, (st)) + +#define sk_XPGP_SIGNATURE_new(st) SKM_sk_new(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_new_null() SKM_sk_new_null(XPGP_SIGNATURE) +#define sk_XPGP_SIGNATURE_free(st) SKM_sk_free(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_num(st) SKM_sk_num(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_value(st, i) SKM_sk_value(XPGP_SIGNATURE, (st), (i)) +#define sk_XPGP_SIGNATURE_set(st, i, val) SKM_sk_set(XPGP_SIGNATURE, (st), (i), (val)) +#define sk_XPGP_SIGNATURE_zero(st) SKM_sk_zero(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_push(st, val) SKM_sk_push(XPGP_SIGNATURE, (st), (val)) +#define sk_XPGP_SIGNATURE_unshift(st, val) SKM_sk_unshift(XPGP_SIGNATURE, (st), (val)) +#define sk_XPGP_SIGNATURE_find(st, val) SKM_sk_find(XPGP_SIGNATURE, (st), (val)) +#define sk_XPGP_SIGNATURE_delete(st, i) SKM_sk_delete(XPGP_SIGNATURE, (st), (i)) +#define sk_XPGP_SIGNATURE_delete_ptr(st, ptr) SKM_sk_delete_ptr(XPGP_SIGNATURE, (st), (ptr)) +#define sk_XPGP_SIGNATURE_insert(st, val, i) SKM_sk_insert(XPGP_SIGNATURE, (st), (val), (i)) +#define sk_XPGP_SIGNATURE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(XPGP_SIGNATURE, (st), (cmp)) +#define sk_XPGP_SIGNATURE_dup(st) SKM_sk_dup(XPGP_SIGNATURE, st) +#define sk_XPGP_SIGNATURE_pop_free(st, free_func) SKM_sk_pop_free(XPGP_SIGNATURE, (st), (free_func)) +#define sk_XPGP_SIGNATURE_shift(st) SKM_sk_shift(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_pop(st) SKM_sk_pop(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_sort(st) SKM_sk_sort(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_is_sorted(st) SKM_sk_is_sorted(XPGP_SIGNATURE, (st)) + +#define sk_XPGP_SIGNDATA_new(st) SKM_sk_new(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_new_null() SKM_sk_new_null(XPGP_SIGNDATA) +#define sk_XPGP_SIGNDATA_free(st) SKM_sk_free(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_num(st) SKM_sk_num(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_value(st, i) SKM_sk_value(XPGP_SIGNDATA, (st), (i)) +#define sk_XPGP_SIGNDATA_set(st, i, val) SKM_sk_set(XPGP_SIGNDATA, (st), (i), (val)) +#define sk_XPGP_SIGNDATA_zero(st) SKM_sk_zero(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_push(st, val) SKM_sk_push(XPGP_SIGNDATA, (st), (val)) +#define sk_XPGP_SIGNDATA_unshift(st, val) SKM_sk_unshift(XPGP_SIGNDATA, (st), (val)) +#define sk_XPGP_SIGNDATA_find(st, val) SKM_sk_find(XPGP_SIGNDATA, (st), (val)) +#define sk_XPGP_SIGNDATA_delete(st, i) SKM_sk_delete(XPGP_SIGNDATA, (st), (i)) +#define sk_XPGP_SIGNDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(XPGP_SIGNDATA, (st), (ptr)) +#define sk_XPGP_SIGNDATA_insert(st, val, i) SKM_sk_insert(XPGP_SIGNDATA, (st), (val), (i)) +#define sk_XPGP_SIGNDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(XPGP_SIGNDATA, (st), (cmp)) +#define sk_XPGP_SIGNDATA_dup(st) SKM_sk_dup(XPGP_SIGNDATA, st) +#define sk_XPGP_SIGNDATA_pop_free(st, free_func) SKM_sk_pop_free(XPGP_SIGNDATA, (st), (free_func)) +#define sk_XPGP_SIGNDATA_shift(st) SKM_sk_shift(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_pop(st) SKM_sk_pop(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_sort(st) SKM_sk_sort(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_is_sorted(st) SKM_sk_is_sorted(XPGP_SIGNDATA, (st)) + +#define sk_XPGP_TRUST_OBJ_new(st) SKM_sk_new(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_new_null() SKM_sk_new_null(XPGP_TRUST_OBJ) +#define sk_XPGP_TRUST_OBJ_free(st) SKM_sk_free(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_num(st) SKM_sk_num(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_value(st, i) SKM_sk_value(XPGP_TRUST_OBJ, (st), (i)) +#define sk_XPGP_TRUST_OBJ_set(st, i, val) SKM_sk_set(XPGP_TRUST_OBJ, (st), (i), (val)) +#define sk_XPGP_TRUST_OBJ_zero(st) SKM_sk_zero(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_push(st, val) SKM_sk_push(XPGP_TRUST_OBJ, (st), (val)) +#define sk_XPGP_TRUST_OBJ_unshift(st, val) SKM_sk_unshift(XPGP_TRUST_OBJ, (st), (val)) +#define sk_XPGP_TRUST_OBJ_find(st, val) SKM_sk_find(XPGP_TRUST_OBJ, (st), (val)) +#define sk_XPGP_TRUST_OBJ_delete(st, i) SKM_sk_delete(XPGP_TRUST_OBJ, (st), (i)) +#define sk_XPGP_TRUST_OBJ_delete_ptr(st, ptr) SKM_sk_delete_ptr(XPGP_TRUST_OBJ, (st), (ptr)) +#define sk_XPGP_TRUST_OBJ_insert(st, val, i) SKM_sk_insert(XPGP_TRUST_OBJ, (st), (val), (i)) +#define sk_XPGP_TRUST_OBJ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(XPGP_TRUST_OBJ, (st), (cmp)) +#define sk_XPGP_TRUST_OBJ_dup(st) SKM_sk_dup(XPGP_TRUST_OBJ, st) +#define sk_XPGP_TRUST_OBJ_pop_free(st, free_func) SKM_sk_pop_free(XPGP_TRUST_OBJ, (st), (free_func)) +#define sk_XPGP_TRUST_OBJ_shift(st) SKM_sk_shift(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_pop(st) SKM_sk_pop(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_sort(st) SKM_sk_sort(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_is_sorted(st) SKM_sk_is_sorted(XPGP_TRUST_OBJ, (st)) + #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1561,6 +1645,42 @@ #define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) +#define d2i_ASN1_SET_OF_XPGP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(XPGP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_XPGP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(XPGP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_XPGP(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(XPGP, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_XPGP(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(XPGP, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_XPGP_SIGNATURE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(XPGP_SIGNATURE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_XPGP_SIGNATURE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(XPGP_SIGNATURE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_XPGP_SIGNATURE(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(XPGP_SIGNATURE, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_XPGP_SIGNATURE(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(XPGP_SIGNATURE, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_XPGP_SIGNDATA(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(XPGP_SIGNDATA, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_XPGP_SIGNDATA(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(XPGP_SIGNDATA, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_XPGP_SIGNDATA(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(XPGP_SIGNDATA, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_XPGP_SIGNDATA(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(XPGP_SIGNDATA, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_XPGP_TRUST_OBJ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(XPGP_TRUST_OBJ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_XPGP_TRUST_OBJ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(XPGP_TRUST_OBJ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_XPGP_TRUST_OBJ(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(XPGP_TRUST_OBJ, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_XPGP_TRUST_OBJ(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(XPGP_TRUST_OBJ, (buf), (len), (d2i_func), (free_func)) + #define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) Only in ./openssl-0.9.7g-xpgp-0.1c/crypto: xpgp Only in ./openssl-0.9.7g-xpgp-0.1c/include/openssl: pgp1.h diff -ur ./openssl-0.9.7g/include/openssl/safestack.h ./openssl-0.9.7g-xpgp-0.1c/include/openssl/safestack.h --- ./openssl-0.9.7g/include/openssl/safestack.h 2004-10-04 17:27:34.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/include/openssl/safestack.h 2006-10-04 01:37:07.000000000 +0100 @@ -1363,6 +1363,90 @@ #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) #define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) +#define sk_XPGP_new(st) SKM_sk_new(XPGP, (st)) +#define sk_XPGP_new_null() SKM_sk_new_null(XPGP) +#define sk_XPGP_free(st) SKM_sk_free(XPGP, (st)) +#define sk_XPGP_num(st) SKM_sk_num(XPGP, (st)) +#define sk_XPGP_value(st, i) SKM_sk_value(XPGP, (st), (i)) +#define sk_XPGP_set(st, i, val) SKM_sk_set(XPGP, (st), (i), (val)) +#define sk_XPGP_zero(st) SKM_sk_zero(XPGP, (st)) +#define sk_XPGP_push(st, val) SKM_sk_push(XPGP, (st), (val)) +#define sk_XPGP_unshift(st, val) SKM_sk_unshift(XPGP, (st), (val)) +#define sk_XPGP_find(st, val) SKM_sk_find(XPGP, (st), (val)) +#define sk_XPGP_delete(st, i) SKM_sk_delete(XPGP, (st), (i)) +#define sk_XPGP_delete_ptr(st, ptr) SKM_sk_delete_ptr(XPGP, (st), (ptr)) +#define sk_XPGP_insert(st, val, i) SKM_sk_insert(XPGP, (st), (val), (i)) +#define sk_XPGP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(XPGP, (st), (cmp)) +#define sk_XPGP_dup(st) SKM_sk_dup(XPGP, st) +#define sk_XPGP_pop_free(st, free_func) SKM_sk_pop_free(XPGP, (st), (free_func)) +#define sk_XPGP_shift(st) SKM_sk_shift(XPGP, (st)) +#define sk_XPGP_pop(st) SKM_sk_pop(XPGP, (st)) +#define sk_XPGP_sort(st) SKM_sk_sort(XPGP, (st)) +#define sk_XPGP_is_sorted(st) SKM_sk_is_sorted(XPGP, (st)) + +#define sk_XPGP_SIGNATURE_new(st) SKM_sk_new(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_new_null() SKM_sk_new_null(XPGP_SIGNATURE) +#define sk_XPGP_SIGNATURE_free(st) SKM_sk_free(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_num(st) SKM_sk_num(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_value(st, i) SKM_sk_value(XPGP_SIGNATURE, (st), (i)) +#define sk_XPGP_SIGNATURE_set(st, i, val) SKM_sk_set(XPGP_SIGNATURE, (st), (i), (val)) +#define sk_XPGP_SIGNATURE_zero(st) SKM_sk_zero(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_push(st, val) SKM_sk_push(XPGP_SIGNATURE, (st), (val)) +#define sk_XPGP_SIGNATURE_unshift(st, val) SKM_sk_unshift(XPGP_SIGNATURE, (st), (val)) +#define sk_XPGP_SIGNATURE_find(st, val) SKM_sk_find(XPGP_SIGNATURE, (st), (val)) +#define sk_XPGP_SIGNATURE_delete(st, i) SKM_sk_delete(XPGP_SIGNATURE, (st), (i)) +#define sk_XPGP_SIGNATURE_delete_ptr(st, ptr) SKM_sk_delete_ptr(XPGP_SIGNATURE, (st), (ptr)) +#define sk_XPGP_SIGNATURE_insert(st, val, i) SKM_sk_insert(XPGP_SIGNATURE, (st), (val), (i)) +#define sk_XPGP_SIGNATURE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(XPGP_SIGNATURE, (st), (cmp)) +#define sk_XPGP_SIGNATURE_dup(st) SKM_sk_dup(XPGP_SIGNATURE, st) +#define sk_XPGP_SIGNATURE_pop_free(st, free_func) SKM_sk_pop_free(XPGP_SIGNATURE, (st), (free_func)) +#define sk_XPGP_SIGNATURE_shift(st) SKM_sk_shift(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_pop(st) SKM_sk_pop(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_sort(st) SKM_sk_sort(XPGP_SIGNATURE, (st)) +#define sk_XPGP_SIGNATURE_is_sorted(st) SKM_sk_is_sorted(XPGP_SIGNATURE, (st)) + +#define sk_XPGP_SIGNDATA_new(st) SKM_sk_new(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_new_null() SKM_sk_new_null(XPGP_SIGNDATA) +#define sk_XPGP_SIGNDATA_free(st) SKM_sk_free(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_num(st) SKM_sk_num(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_value(st, i) SKM_sk_value(XPGP_SIGNDATA, (st), (i)) +#define sk_XPGP_SIGNDATA_set(st, i, val) SKM_sk_set(XPGP_SIGNDATA, (st), (i), (val)) +#define sk_XPGP_SIGNDATA_zero(st) SKM_sk_zero(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_push(st, val) SKM_sk_push(XPGP_SIGNDATA, (st), (val)) +#define sk_XPGP_SIGNDATA_unshift(st, val) SKM_sk_unshift(XPGP_SIGNDATA, (st), (val)) +#define sk_XPGP_SIGNDATA_find(st, val) SKM_sk_find(XPGP_SIGNDATA, (st), (val)) +#define sk_XPGP_SIGNDATA_delete(st, i) SKM_sk_delete(XPGP_SIGNDATA, (st), (i)) +#define sk_XPGP_SIGNDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(XPGP_SIGNDATA, (st), (ptr)) +#define sk_XPGP_SIGNDATA_insert(st, val, i) SKM_sk_insert(XPGP_SIGNDATA, (st), (val), (i)) +#define sk_XPGP_SIGNDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(XPGP_SIGNDATA, (st), (cmp)) +#define sk_XPGP_SIGNDATA_dup(st) SKM_sk_dup(XPGP_SIGNDATA, st) +#define sk_XPGP_SIGNDATA_pop_free(st, free_func) SKM_sk_pop_free(XPGP_SIGNDATA, (st), (free_func)) +#define sk_XPGP_SIGNDATA_shift(st) SKM_sk_shift(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_pop(st) SKM_sk_pop(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_sort(st) SKM_sk_sort(XPGP_SIGNDATA, (st)) +#define sk_XPGP_SIGNDATA_is_sorted(st) SKM_sk_is_sorted(XPGP_SIGNDATA, (st)) + +#define sk_XPGP_TRUST_OBJ_new(st) SKM_sk_new(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_new_null() SKM_sk_new_null(XPGP_TRUST_OBJ) +#define sk_XPGP_TRUST_OBJ_free(st) SKM_sk_free(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_num(st) SKM_sk_num(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_value(st, i) SKM_sk_value(XPGP_TRUST_OBJ, (st), (i)) +#define sk_XPGP_TRUST_OBJ_set(st, i, val) SKM_sk_set(XPGP_TRUST_OBJ, (st), (i), (val)) +#define sk_XPGP_TRUST_OBJ_zero(st) SKM_sk_zero(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_push(st, val) SKM_sk_push(XPGP_TRUST_OBJ, (st), (val)) +#define sk_XPGP_TRUST_OBJ_unshift(st, val) SKM_sk_unshift(XPGP_TRUST_OBJ, (st), (val)) +#define sk_XPGP_TRUST_OBJ_find(st, val) SKM_sk_find(XPGP_TRUST_OBJ, (st), (val)) +#define sk_XPGP_TRUST_OBJ_delete(st, i) SKM_sk_delete(XPGP_TRUST_OBJ, (st), (i)) +#define sk_XPGP_TRUST_OBJ_delete_ptr(st, ptr) SKM_sk_delete_ptr(XPGP_TRUST_OBJ, (st), (ptr)) +#define sk_XPGP_TRUST_OBJ_insert(st, val, i) SKM_sk_insert(XPGP_TRUST_OBJ, (st), (val), (i)) +#define sk_XPGP_TRUST_OBJ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(XPGP_TRUST_OBJ, (st), (cmp)) +#define sk_XPGP_TRUST_OBJ_dup(st) SKM_sk_dup(XPGP_TRUST_OBJ, st) +#define sk_XPGP_TRUST_OBJ_pop_free(st, free_func) SKM_sk_pop_free(XPGP_TRUST_OBJ, (st), (free_func)) +#define sk_XPGP_TRUST_OBJ_shift(st) SKM_sk_shift(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_pop(st) SKM_sk_pop(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_sort(st) SKM_sk_sort(XPGP_TRUST_OBJ, (st)) +#define sk_XPGP_TRUST_OBJ_is_sorted(st) SKM_sk_is_sorted(XPGP_TRUST_OBJ, (st)) + #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1561,6 +1645,42 @@ #define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) +#define d2i_ASN1_SET_OF_XPGP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(XPGP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_XPGP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(XPGP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_XPGP(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(XPGP, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_XPGP(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(XPGP, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_XPGP_SIGNATURE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(XPGP_SIGNATURE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_XPGP_SIGNATURE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(XPGP_SIGNATURE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_XPGP_SIGNATURE(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(XPGP_SIGNATURE, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_XPGP_SIGNATURE(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(XPGP_SIGNATURE, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_XPGP_SIGNDATA(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(XPGP_SIGNDATA, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_XPGP_SIGNDATA(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(XPGP_SIGNDATA, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_XPGP_SIGNDATA(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(XPGP_SIGNDATA, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_XPGP_SIGNDATA(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(XPGP_SIGNDATA, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_XPGP_TRUST_OBJ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(XPGP_TRUST_OBJ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_XPGP_TRUST_OBJ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(XPGP_TRUST_OBJ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_XPGP_TRUST_OBJ(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(XPGP_TRUST_OBJ, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_XPGP_TRUST_OBJ(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(XPGP_TRUST_OBJ, (buf), (len), (d2i_func), (free_func)) + #define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) diff -ur ./openssl-0.9.7g/include/openssl/ssl.h ./openssl-0.9.7g-xpgp-0.1c/include/openssl/ssl.h --- ./openssl-0.9.7g/include/openssl/ssl.h 2005-03-23 08:21:30.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/include/openssl/ssl.h 2006-10-04 02:11:03.000000000 +0100 @@ -180,6 +180,8 @@ #include #include +#include + #ifdef __cplusplus extern "C" { #endif @@ -436,7 +438,16 @@ * On clients, it will be the same as sess_cert->peer_key->x509 * (the latter is not enough as sess_cert is not retained * in the external representation of sessions, see ssl_asn1.c). */ - X509 *peer; + + // rmf24: replacing peer with a union. + //X509 *peer; + int peer_ctype; // like CERT - defined in ssl_locl.h + union + { + X509 *x509; + XPGP *xpgp; + } peer; + /* when app_verify_callback accepts a session where the peer's certificate * is not ok, we must remember the error for session reuse: */ long verify_result; /* only for servers */ @@ -669,6 +680,8 @@ /* get client cert callback */ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); + // rmf24 - adding pgp cert callback. + int (*client_pgp_cert_cb)(SSL *ssl, XPGP **xpgp, EVP_PKEY **pkey); CRYPTO_EX_DATA ex_data; @@ -714,6 +727,9 @@ int trust; /* Trust setting */ int quiet_shutdown; + + /* rmfern: adding reference to keyring,,,, for xPGP */ + XPGP_KEYRING *kr; }; #define SSL_SESS_CACHE_OFF 0x0000 @@ -939,6 +955,7 @@ #include #include /* This is mostly sslv3 with a few tweaks */ #include +#include #ifdef __cplusplus extern "C" { Only in ./openssl-0.9.7g-xpgp-0.1c/include/openssl: xPGP.h Only in ./openssl-0.9.7g-xpgp-0.1c/include/openssl: xPGP_vfy.h diff -ur ./openssl-0.9.7g/ssl/Makefile ./openssl-0.9.7g-xpgp-0.1c/ssl/Makefile --- ./openssl-0.9.7g/ssl/Makefile 2004-11-02 23:52:33.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/Makefile 2006-10-04 02:18:16.000000000 +0100 @@ -33,7 +33,10 @@ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_algs.c \ - bio_ssl.c ssl_err.c kssl.c + bio_ssl.c ssl_err.c kssl.c \ + pgp1_cert.c pgp1_clnt.c pgp1_lib.c pgp1_meth.c \ + pgp1_srvr.c pgp_lib.c pgp_rsa.c pgp1_both.c + LIBOBJ= \ s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \ @@ -42,7 +45,11 @@ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_asn1.o ssl_txt.o ssl_algs.o \ - bio_ssl.o ssl_err.o kssl.o + bio_ssl.o ssl_err.o kssl.o \ + pgp1_lib.o pgp1_meth.o \ + pgp_lib.o pgp_rsa.o pgp1_both.o \ + pgp1_clnt.o pgp1_srvr.o pgp1_cert.o + SRC= $(LIBSRC) Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgp1.h Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgp1_both.c Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgp1_cert.c Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgp1_clnt.c Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgp1_lib.c Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgp1_meth.c Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgp1_srvr.c Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgp_lib.c Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgp_rsa.c Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgp_rsa.h Only in ./openssl-0.9.7g-xpgp-0.1c/ssl: pgptest1.c diff -ur ./openssl-0.9.7g/ssl/s2_clnt.c ./openssl-0.9.7g-xpgp-0.1c/ssl/s2_clnt.c --- ./openssl-0.9.7g/ssl/s2_clnt.c 2004-05-15 17:39:22.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/s2_clnt.c 2006-10-04 02:10:27.000000000 +0100 @@ -526,19 +526,19 @@ s->session->cipher=sk_SSL_CIPHER_value(prio,i); - if (s->session->peer != NULL) /* can't happen*/ + if (s->session->peer.x509 != NULL) /* can't happen*/ { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); return(-1); } - s->session->peer = s->session->sess_cert->peer_key->x509; + s->session->peer.x509 = s->session->sess_cert->peer_key->gct.x509; /* peer_key->x509 has been set by ssl2_set_certificate. */ - CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); + CRYPTO_add(&s->session->peer.x509->references, 1, CRYPTO_LOCK_X509); } - if (s->session->peer != s->session->sess_cert->peer_key->x509) + if (s->session->peer.x509 != s->session->sess_cert->peer_key->gct.x509) /* can't happen */ { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); @@ -794,7 +794,7 @@ } if ((s->cert == NULL) || - (s->cert->key->x509 == NULL) || + (s->cert->key->gct.x509 == NULL) || (s->cert->key->privatekey == NULL)) { s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE; @@ -880,14 +880,14 @@ EVP_SignUpdate(&ctx,s->s2->key_material, s->s2->key_material_length); EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len); - n=i2d_X509(s->session->sess_cert->peer_key->x509,&p); + n=i2d_X509(s->session->sess_cert->peer_key->gct.x509,&p); EVP_SignUpdate(&ctx,buf,(unsigned int)n); p=buf; d=p+6; *(p++)=SSL2_MT_CLIENT_CERTIFICATE; *(p++)=SSL2_CT_X509_CERTIFICATE; - n=i2d_X509(s->cert->key->x509,&d); + n=i2d_X509(s->cert->key->gct.x509,&d); s2n(n,p); if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey)) @@ -1079,7 +1079,7 @@ if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); s->session->sess_cert=sc; - sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509; + sc->peer_pkeys[SSL_PKEY_RSA_ENC].gct.x509=x509; sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]); pkey=X509_get_pubkey(x509); @@ -1111,8 +1111,8 @@ EVP_PKEY *pkey=NULL; int i= -1; - if ((sc == NULL) || (sc->peer_key->x509 == NULL) || - ((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL)) + if ((sc == NULL) || (sc->peer_key->gct.x509 == NULL) || + ((pkey=X509_get_pubkey(sc->peer_key->gct.x509)) == NULL)) { SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY); return(-1); diff -ur ./openssl-0.9.7g/ssl/s2_srvr.c ./openssl-0.9.7g-xpgp-0.1c/ssl/s2_srvr.c --- ./openssl-0.9.7g/ssl/s2_srvr.c 2004-05-15 17:39:22.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/s2_srvr.c 2006-10-04 02:10:32.000000000 +0100 @@ -316,7 +316,8 @@ * don't want to, or we already have one, and * we only want to do it once. */ if (!(s->verify_mode & SSL_VERIFY_PEER) || - ((s->session->peer != NULL) && +// rmf24:: mods..... + ((s->session->peer.x509 != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) { s->state=SSL2_ST_SEND_SERVER_FINISHED_A; @@ -789,9 +790,10 @@ /* put certificate type */ *(p++)=SSL2_CT_X509_CERTIFICATE; s2n(s->version,p); /* version */ - n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); +// rmf24:: mods..... + n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].gct.x509,NULL); s2n(n,p); /* certificate length */ - i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d); + i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].gct.x509,&d); n=0; /* lets send out the ciphers we like in the @@ -1081,7 +1083,8 @@ s->s2->key_material_length); EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); - i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); +// rmf24:: mods..... + i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].gct.x509,NULL); buf2=OPENSSL_malloc((unsigned int)i); if (buf2 == NULL) { @@ -1089,7 +1092,8 @@ goto msg_end; } p2=buf2; - i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2); +// rmf24:: mods..... + i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].gct.x509,&p2); EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i); OPENSSL_free(buf2); @@ -1101,9 +1105,10 @@ if (i) { - if (s->session->peer != NULL) - X509_free(s->session->peer); - s->session->peer=x509; +// rmf24:: mods..... + if (s->session->peer.x509 != NULL) + X509_free(s->session->peer.x509); + s->session->peer.x509=x509; CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); s->session->verify_result = s->verify_result; ret=1; diff -ur ./openssl-0.9.7g/ssl/s3_clnt.c ./openssl-0.9.7g-xpgp-0.1c/ssl/s3_clnt.c --- ./openssl-0.9.7g/ssl/s3_clnt.c 2005-03-22 14:10:32.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/s3_clnt.c 2006-10-04 02:10:43.000000000 +0100 @@ -898,24 +898,24 @@ CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); /* Why would the following ever happen? * We just created sc a couple of lines ago. */ - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); - sc->peer_pkeys[i].x509=x; + if (sc->peer_pkeys[i].gct.x509 != NULL) + X509_free(sc->peer_pkeys[i].gct.x509); + sc->peer_pkeys[i].gct.x509=x; sc->peer_key= &(sc->peer_pkeys[i]); - if (s->session->peer != NULL) - X509_free(s->session->peer); + if (s->session->peer.x509 != NULL) + X509_free(s->session->peer.x509); CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - s->session->peer=x; + s->session->peer.x509=x; } else { sc->peer_cert_type=i; sc->peer_key= NULL; - if (s->session->peer != NULL) - X509_free(s->session->peer); - s->session->peer=NULL; + if (s->session->peer.x509 != NULL) + X509_free(s->session->peer.x509); + s->session->peer.x509=NULL; } s->session->verify_result = s->verify_result; @@ -1037,7 +1037,7 @@ /* this should be because we are using an export cipher */ if (alg & SSL_aRSA) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].gct.x509); else { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); @@ -1106,14 +1106,14 @@ #ifndef OPENSSL_NO_RSA if (alg & SSL_aRSA) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].gct.x509); #else if (0) ; #endif #ifndef OPENSSL_NO_DSA else if (alg & SSL_aDSS) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].gct.x509); #endif /* else anonymous DH, so no certificate or pkey. */ @@ -1452,7 +1452,7 @@ rsa=s->session->sess_cert->peer_rsa_tmp; else { - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].gct.x509); if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) @@ -1792,7 +1792,7 @@ if (s->state == SSL3_ST_CW_CERT_A) { if ((s->cert == NULL) || - (s->cert->key->x509 == NULL) || + (s->cert->key->gct.x509 == NULL) || (s->cert->key->privatekey == NULL)) s->state=SSL3_ST_CW_CERT_B; else @@ -1851,7 +1851,7 @@ { s->state=SSL3_ST_CW_CERT_D; l=ssl3_output_cert_chain(s, - (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); + (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->gct.x509); s->init_num=(int)l; s->init_off=0; } @@ -1898,8 +1898,8 @@ /* This is the passed certificate */ idx=sc->peer_cert_type; - pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); - i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); + pkey=X509_get_pubkey(sc->peer_pkeys[idx].gct.x509); + i=X509_certificate_type(sc->peer_pkeys[idx].gct.x509,pkey); EVP_PKEY_free(pkey); @@ -1983,3 +1983,39 @@ return(0); } + + + +int pgp1_client_hello(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_client_hello()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_client_hello(s); +} + +int pgp1_get_server_hello(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_get_server_hello()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_get_server_hello(s); +} + +int pgp1_get_server_done(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_get_server_done()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_get_server_done(s); +} + +int pgp1_send_client_verify(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_send_client_verify()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_send_client_verify(s); +} + + diff -ur ./openssl-0.9.7g/ssl/s3_srvr.c ./openssl-0.9.7g-xpgp-0.1c/ssl/s3_srvr.c --- ./openssl-0.9.7g/ssl/s3_srvr.c 2005-04-10 00:52:53.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/s3_srvr.c 2006-10-04 02:10:47.000000000 +0100 @@ -369,7 +369,7 @@ !(s->verify_mode & SSL_VERIFY_PEER) || /* if SSL_VERIFY_CLIENT_ONCE is set, * don't request cert during re-negotiation: */ - ((s->session->peer != NULL) && + ((s->session->peer.x509 != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || /* never request cert in anonymous ciphersuites * (see section "Certificate request" in SSL 3 drafts @@ -1778,9 +1778,9 @@ if (!ok) return((int)n); - if (s->session->peer != NULL) + if (s->session->peer.x509 != NULL) { - peer=s->session->peer; + peer=s->session->peer.x509; pkey=X509_get_pubkey(peer); type=X509_certificate_type(peer,pkey); } @@ -2017,9 +2017,9 @@ } } - if (s->session->peer != NULL) /* This should not be needed */ - X509_free(s->session->peer); - s->session->peer=sk_X509_shift(sk); + if (s->session->peer.x509 != NULL) /* This should not be needed */ + X509_free(s->session->peer.x509); + s->session->peer.x509=sk_X509_shift(sk); s->session->verify_result = s->verify_result; /* With the current implementation, sess_cert will always be NULL @@ -2080,3 +2080,64 @@ /* SSL3_ST_SW_CERT_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); } + +/* rmf24: Exporting ssl3 internal functions for use by pgp */ + +int pgp1_send_hello_request(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_send_hello_request()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_send_hello_request(s); +} + +int pgp1_get_client_hello(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_get_client_hello()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_get_client_hello(s); +} + +int pgp1_check_client_hello(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_check_client_hello()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_check_client_hello(s); +} + +int pgp1_send_server_hello(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_send_server_hello()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_send_server_hello(s); +} + +int pgp1_send_server_done(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_send_server_done()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_send_server_done(s); +} + +int pgp1_send_server_key_exchange(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_send_server_key_exchange()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_send_server_key_exchange(s); +} + +int pgp1_get_client_key_exchange(SSL *s) +{ +#ifdef XPGP_DEBUG + fprintf(stderr,"(wrapper) pgp1_get_client_key_exchange()\n"); +#endif /* XPGP_DEBUG */ + return ssl3_get_client_key_exchange(s); +} + + + diff -ur ./openssl-0.9.7g/ssl/ssl.h ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl.h --- ./openssl-0.9.7g/ssl/ssl.h 2005-03-23 08:21:30.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl.h 2006-10-04 02:11:03.000000000 +0100 @@ -180,6 +180,8 @@ #include #include +#include + #ifdef __cplusplus extern "C" { #endif @@ -436,7 +438,16 @@ * On clients, it will be the same as sess_cert->peer_key->x509 * (the latter is not enough as sess_cert is not retained * in the external representation of sessions, see ssl_asn1.c). */ - X509 *peer; + + // rmf24: replacing peer with a union. + //X509 *peer; + int peer_ctype; // like CERT - defined in ssl_locl.h + union + { + X509 *x509; + XPGP *xpgp; + } peer; + /* when app_verify_callback accepts a session where the peer's certificate * is not ok, we must remember the error for session reuse: */ long verify_result; /* only for servers */ @@ -669,6 +680,8 @@ /* get client cert callback */ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); + // rmf24 - adding pgp cert callback. + int (*client_pgp_cert_cb)(SSL *ssl, XPGP **xpgp, EVP_PKEY **pkey); CRYPTO_EX_DATA ex_data; @@ -714,6 +727,9 @@ int trust; /* Trust setting */ int quiet_shutdown; + + /* rmfern: adding reference to keyring,,,, for xPGP */ + XPGP_KEYRING *kr; }; #define SSL_SESS_CACHE_OFF 0x0000 @@ -939,6 +955,7 @@ #include #include /* This is mostly sslv3 with a few tweaks */ #include +#include #ifdef __cplusplus extern "C" { diff -ur ./openssl-0.9.7g/ssl/ssl_asn1.c ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_asn1.c --- ./openssl-0.9.7g/ssl/ssl_asn1.c 2005-04-01 18:33:39.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_asn1.c 2006-10-04 02:11:10.000000000 +0100 @@ -194,8 +194,16 @@ M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); if (in->timeout != 0L) M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); - if (in->peer != NULL) - M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); + // rmf24 error to save PGP. + if (in->peer_ctype == CERT_TYPE_XPGP) + { + // ERROR can't handle this... + SSLerr(SSL_F_I2D_SSL_SESSION,SSL_R_BAD_LENGTH); + return -1; + } + if (in->peer.x509 != NULL) + M_ASN1_I2D_len_EXP_opt(in->peer.x509,i2d_X509,3,v3); + M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); if (in->verify_result != X509_V_OK) M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); @@ -217,8 +225,11 @@ M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); if (in->timeout != 0L) M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); - if (in->peer != NULL) - M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); + + // rmf24 error to save PGP. (but should be caught already. + if (in->peer.x509 != NULL) + M_ASN1_I2D_put_EXP_opt(in->peer.x509,i2d_X509,3,v3); + M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, v4); if (in->verify_result != X509_V_OK) @@ -356,12 +367,19 @@ else ret->timeout=3; - if (ret->peer != NULL) + + if ((ret->peer_ctype == CERT_TYPE_XPGP) && (ret->peer.xpgp != NULL)) + { + XPGP_free(ret->peer.xpgp); + ret->peer.xpgp=NULL; + } + else if (ret->peer.x509 != NULL) { - X509_free(ret->peer); - ret->peer=NULL; + X509_free(ret->peer.x509); + ret->peer.x509=NULL; } - M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); + + M_ASN1_D2I_get_EXP_opt(ret->peer.x509,d2i_X509,3); os.length=0; os.data=NULL; diff -ur ./openssl-0.9.7g/ssl/ssl_cert.c ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_cert.c --- ./openssl-0.9.7g/ssl/ssl_cert.c 2005-03-23 08:21:30.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_cert.c 2006-10-04 02:11:18.000000000 +0100 @@ -238,10 +238,20 @@ for (i = 0; i < SSL_PKEY_NUM; i++) { - if (cert->pkeys[i].x509 != NULL) + if ((cert->pkeys[i].ctype == CERT_TYPE_XPGP) && + (cert->pkeys[i].gct.xpgp != NULL)) { - ret->pkeys[i].x509 = cert->pkeys[i].x509; - CRYPTO_add(&ret->pkeys[i].x509->references, 1, + ret->pkeys[i].gct.xpgp = cert->pkeys[i].gct.xpgp; + ret->pkeys[i].ctype = CERT_TYPE_XPGP; + CRYPTO_add(&ret->pkeys[i].gct.xpgp->references, 1, + CRYPTO_LOCK_X509); + } + // original case. + else if (cert->pkeys[i].gct.x509 != NULL) + { + ret->pkeys[i].gct.x509 = cert->pkeys[i].gct.x509; + ret->pkeys[i].ctype = CERT_TYPE_X509; + CRYPTO_add(&ret->pkeys[i].gct.x509->references, 1, CRYPTO_LOCK_X509); } @@ -299,8 +309,15 @@ for (i = 0; i < SSL_PKEY_NUM; i++) { - if (ret->pkeys[i].x509 != NULL) - X509_free(ret->pkeys[i].x509); + if ((ret->pkeys[i].ctype == CERT_TYPE_XPGP) && + (ret->pkeys[i].gct.xpgp != NULL)) + { + XPGP_free(ret->pkeys[i].gct.xpgp); + } + else if (ret->pkeys[i].gct.x509 != NULL) + { + X509_free(ret->pkeys[i].gct.x509); + } if (ret->pkeys[i].privatekey != NULL) EVP_PKEY_free(ret->pkeys[i].privatekey); } @@ -338,8 +355,16 @@ for (i=0; ipkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); + if ((c->pkeys[i].ctype == CERT_TYPE_XPGP) && + (c->pkeys[i].gct.xpgp != NULL)) + { + XPGP_free(c->pkeys[i].gct.xpgp); + } + else if (c->pkeys[i].gct.x509 != NULL) + { + X509_free(c->pkeys[i].gct.x509); + } + if (c->pkeys[i].privatekey != NULL) EVP_PKEY_free(c->pkeys[i].privatekey); #if 0 @@ -423,8 +448,19 @@ sk_X509_pop_free(sc->cert_chain, X509_free); for (i = 0; i < SSL_PKEY_NUM; i++) { - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); + if ((sc->peer_pkeys[i].ctype == CERT_TYPE_XPGP) && + (sc->peer_pkeys[i].gct.xpgp != NULL)) + { + XPGP_free(sc->peer_pkeys[i].gct.xpgp); + } + else if (sc->peer_pkeys[i].gct.x509 != NULL) + { + X509_free(sc->peer_pkeys[i].gct.x509); + } + + //if (sc->peer_pkeys[i].x509 != NULL) + // X509_free(sc->peer_pkeys[i].x509); + #if 0 /* We don't have the peer's private key. These lines are just * here as a reminder that we're still using a not-quite-appropriate * data structure. */ diff -ur ./openssl-0.9.7g/ssl/ssl_lib.c ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_lib.c --- ./openssl-0.9.7g/ssl/ssl_lib.c 2005-03-23 08:21:30.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_lib.c 2006-10-04 02:11:22.000000000 +0100 @@ -708,7 +708,8 @@ if ((s == NULL) || (s->session == NULL)) r=NULL; else - r=s->session->peer; +// rmf24 mods. + r=s->session->peer.x509; if (r == NULL) return(r); @@ -767,7 +768,7 @@ { if ( (ctx == NULL) || (ctx->cert == NULL) || - (ctx->cert->key->x509 == NULL)) + (ctx->cert->key->gct.x509 == NULL)) { SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); return(0); @@ -777,7 +778,7 @@ SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); return(0); } - return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); + return(X509_check_private_key(ctx->cert->key->gct.x509, ctx->cert->key->privatekey)); } /* Fix this function so that it takes an optional type parameter */ @@ -793,7 +794,7 @@ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); return 0; } - if (ssl->cert->key->x509 == NULL) + if (ssl->cert->key->gct.x509 == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); return(0); @@ -803,7 +804,7 @@ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); return(0); } - return(X509_check_private_key(ssl->cert->key->x509, + return(X509_check_private_key(ssl->cert->key->gct.x509, ssl->cert->key->privatekey)); } @@ -1522,20 +1523,22 @@ #else dh_tmp=dh_tmp_export=0; #endif - +// rmf24 HACK. as just checking for existance. +// doesn't matter that could be other type.... +// cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); - rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); + rsa_enc= (cpk->gct.x509 != NULL && cpk->privatekey != NULL); rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); - rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); + rsa_sign=(cpk->gct.x509 != NULL && cpk->privatekey != NULL); cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); - dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); + dsa_sign=(cpk->gct.x509 != NULL && cpk->privatekey != NULL); cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); - dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); + dh_rsa= (cpk->gct.x509 != NULL && cpk->privatekey != NULL); dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); /* FIX THIS EAY EAY EAY */ - dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); + dh_dsa= (cpk->gct.x509 != NULL && cpk->privatekey != NULL); dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); mask=0; @@ -1600,6 +1603,8 @@ } /* THIS NEEDS CLEANING UP */ + +// rmf24 ... not for pgp .... X509 *ssl_get_server_send_cert(SSL *s) { unsigned long alg,mask,kalg; @@ -1621,7 +1626,7 @@ i=SSL_PKEY_DSA_SIGN; else if (kalg & SSL_aRSA) { - if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) + if (c->pkeys[SSL_PKEY_RSA_ENC].gct.x509 == NULL) i=SSL_PKEY_RSA_SIGN; else i=SSL_PKEY_RSA_ENC; @@ -1636,8 +1641,8 @@ SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); return(NULL); } - if (c->pkeys[i].x509 == NULL) return(NULL); - return(c->pkeys[i].x509); + if (c->pkeys[i].gct.x509 == NULL) return(NULL); + return(c->pkeys[i].gct.x509); } EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) @@ -2049,7 +2054,7 @@ X509 *SSL_get_certificate(const SSL *s) { if (s->cert != NULL) - return(s->cert->key->x509); + return(s->cert->key->gct.x509); else return(NULL); } diff -ur ./openssl-0.9.7g/ssl/ssl_locl.h ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_locl.h --- ./openssl-0.9.7g/ssl/ssl_locl.h 2005-03-23 08:21:30.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_locl.h 2006-10-04 02:11:29.000000000 +0100 @@ -129,6 +129,8 @@ #include #include +#include + #ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN # define OPENSSL_EXTERN OPENSSL_EXPORT @@ -361,9 +363,22 @@ #define CERT_PRIVATE_KEY 2 */ +/* rmf24 addition: */ +#define CERT_TYPE_UNKNOWN 0 +#define CERT_TYPE_X509 1 +#define CERT_TYPE_XPGP 2 + typedef struct cert_pkey_st { - X509 *x509; + // rmf24. + // union... to allow pgp certs in..... + // x509 - used by all except for pgp.... which will use xpgp. + int ctype; + union { + X509 *x509; + XPGP *xpgp; + } gct; // + EVP_PKEY *privatekey; } CERT_PKEY; diff -ur ./openssl-0.9.7g/ssl/ssl_rsa.c ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_rsa.c --- ./openssl-0.9.7g/ssl/ssl_rsa.c 2005-04-01 18:49:33.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_rsa.c 2006-10-04 02:11:46.000000000 +0100 @@ -189,11 +189,19 @@ SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); return(0); } + // rmf24 check for errors. + if ((c->pkeys[i].gct.x509 != NULL) && (c->pkeys[i].ctype == CERT_TYPE_XPGP)) + { + // XXX fix error message. + SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); + // This shouldn't ever happen in this function. + return 0; + } - if (c->pkeys[i].x509 != NULL) + if (c->pkeys[i].gct.x509 != NULL) { EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(c->pkeys[i].x509); + pktmp = X509_get_pubkey(c->pkeys[i].gct.x509); EVP_PKEY_copy_parameters(pktmp,pkey); EVP_PKEY_free(pktmp); ERR_clear_error(); @@ -207,19 +215,19 @@ ok=1; else #endif - if (!X509_check_private_key(c->pkeys[i].x509,pkey)) + if (!X509_check_private_key(c->pkeys[i].gct.x509,pkey)) { if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) { i=(i == SSL_PKEY_DH_RSA)? SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; - if (c->pkeys[i].x509 == NULL) + if (c->pkeys[i].gct.x509 == NULL) ok=1; else { if (!X509_check_private_key( - c->pkeys[i].x509,pkey)) + c->pkeys[i].gct.x509,pkey)) bad=1; else ok=1; @@ -236,8 +244,8 @@ if (bad) { - X509_free(c->pkeys[i].x509); - c->pkeys[i].x509=NULL; + X509_free(c->pkeys[i].gct.x509); + c->pkeys[i].gct.x509=NULL; return(0); } @@ -485,10 +493,14 @@ c->pkeys[i].privatekey=NULL; } - if (c->pkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); + if (c->pkeys[i].gct.x509 != NULL) + { + X509_free(c->pkeys[i].gct.x509); + } CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - c->pkeys[i].x509=x; + /* rmfern: set the key type */ + c->pkeys[i].ctype=CERT_TYPE_X509; + c->pkeys[i].gct.x509=x; c->key= &(c->pkeys[i]); c->valid=0; diff -ur ./openssl-0.9.7g/ssl/ssl_sess.c ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_sess.c --- ./openssl-0.9.7g/ssl/ssl_sess.c 2005-03-23 08:21:30.000000000 +0000 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/ssl_sess.c 2006-10-04 02:11:50.000000000 +0100 @@ -532,7 +532,14 @@ OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); - if (ss->peer != NULL) X509_free(ss->peer); + + if ((ss->peer_ctype == CERT_TYPE_XPGP) && (ss->peer.xpgp != NULL)) + { + XPGP_free(ss->peer.xpgp); + } + else if (ss->peer.x509 != NULL) X509_free(ss->peer.x509); + //if (ss->peer != NULL) X509_free(ss->peer); + if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); OPENSSL_cleanse(ss,sizeof(*ss)); OPENSSL_free(ss); diff -ur ./openssl-0.9.7g/ssl/ssltest.c ./openssl-0.9.7g-xpgp-0.1c/ssl/ssltest.c --- ./openssl-0.9.7g/ssl/ssltest.c 2005-04-11 16:03:27.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/ssl/ssltest.c 2006-10-10 21:13:05.000000000 +0100 @@ -129,6 +129,7 @@ #include #include #include +#include #include #ifndef OPENSSL_NO_ENGINE #include @@ -143,6 +144,10 @@ get screwed... */ +/* + * #define USE_PGP 1 + */ + #ifdef OPENSSL_SYS_WINDOWS #include #else @@ -252,7 +257,11 @@ static void print_details(SSL *c_ssl, const char *prefix) { SSL_CIPHER *ciph; +#ifdef USE_PGP + XPGP *cert; +#else X509 *cert; +#endif ciph=SSL_get_current_cipher(c_ssl); BIO_printf(bio_stdout,"%s%s, cipher %s %s", @@ -260,10 +269,19 @@ SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); + +#ifdef USE_PGP + cert=SSL_get_peer_pgp_certificate(c_ssl); +#else cert=SSL_get_peer_certificate(c_ssl); +#endif if (cert != NULL) { +#ifdef USE_PGP + EVP_PKEY *pkey = XPGP_get_pubkey(cert); +#else EVP_PKEY *pkey = X509_get_pubkey(cert); +#endif if (pkey != NULL) { if (0) @@ -286,7 +304,11 @@ #endif EVP_PKEY_free(pkey); } +#ifdef USE_PGP + XPGP_free(cert); +#else X509_free(cert); +#endif } /* The SSL API does not allow us to look at temporary RSA/DH keys, * otherwise we should print their lengths too */ @@ -391,6 +413,19 @@ const char *path=argv[0]; #endif +#ifdef USE_PGP + /* create our two KEY_RINGs */ + + /* first load Keys */ + XPGP *pgp_p1 = NULL; + XPGP *pgp_p2 = NULL; + EVP_PKEY *pgp_pk_p1 = NULL; + EVP_PKEY *pgp_pk_p2 = NULL; + XPGP_KEYRING *pgp_kr_p1 = NULL; + XPGP_KEYRING *pgp_kr_p2 = NULL; + +#endif + verbose = 0; debug = 0; cipher = 0; @@ -642,6 +677,11 @@ } } +#ifdef USE_PGP + /* rmfern; make the library work for you */ + meth=PGPv1_method(); +#else /* USE_PGP */ + #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) if (ssl2) meth=SSLv2_method(); @@ -661,6 +701,7 @@ #endif #endif +#endif /* USE_PGP */ c_ctx=SSL_CTX_new(meth); s_ctx=SSL_CTX_new(meth); if ((c_ctx == NULL) || (s_ctx == NULL)) @@ -749,6 +790,30 @@ int session_id_context = 0; SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context); } +#ifdef USE_PGP + /* create our two KEY_RINGs */ + + /* first load Keys */ + pgp_p1 = load_xpgp("pgp_srvr_cert.pem"); + pgp_p2 = load_xpgp("pgp_clnt_cert.pem"); + pgp_pk_p1 = load_privKey("pgp_srvr_pk.pem","aaaa"); + pgp_pk_p2 = load_privKey("pgp_clnt_pk.pem","aaaa"); + pgp_kr_p1 = createPGPContext(pgp_p1, pgp_pk_p1); + pgp_kr_p2 = createPGPContext(pgp_p2, pgp_pk_p2); + + /* each one should be signed by the other! */ + + /* p1 = s_ctx, p2 = c_ctx */ + SSL_CTX_set_XPGP_KEYRING(s_ctx, pgp_kr_p1); + SSL_CTX_use_pgp_certificate(s_ctx, pgp_p1); + SSL_CTX_use_pgp_PrivateKey(s_ctx, pgp_pk_p1); + + SSL_CTX_set_XPGP_KEYRING(c_ctx, pgp_kr_p2); + SSL_CTX_use_pgp_certificate(c_ctx, pgp_p2); + SSL_CTX_use_pgp_PrivateKey(c_ctx, pgp_pk_p2); + +#endif + c_ssl=SSL_new(c_ctx); s_ssl=SSL_new(s_ctx); @@ -813,6 +878,18 @@ SSL_free(c_ssl); end: + +#ifdef USE_PGP + if (pgp_p1 != NULL) XPGP_free(pgp_p1); + if (pgp_p2 != NULL) XPGP_free(pgp_p2); + if (pgp_pk_p1 != NULL) EVP_PKEY_free(pgp_pk_p1); + if (pgp_pk_p2 != NULL) EVP_PKEY_free(pgp_pk_p2); + + /* XXX This still doesn't clean up correctly */ + if (pgp_kr_p1 != NULL) freePGPContext(pgp_kr_p1); + if (pgp_kr_p2 != NULL) freePGPContext(pgp_kr_p2); +#endif + if (s_ctx != NULL) SSL_CTX_free(s_ctx); if (c_ctx != NULL) SSL_CTX_free(c_ctx); @@ -824,6 +901,7 @@ #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif + CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff -ur ./openssl-0.9.7g/test/Makefile ./openssl-0.9.7g-xpgp-0.1c/test/Makefile --- ./openssl-0.9.7g/test/Makefile 2005-04-11 16:03:26.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/test/Makefile 2006-10-04 02:12:39.000000000 +0100 @@ -60,6 +60,7 @@ FIPS_DSATEST= fips_dsatest METHTEST= methtest SSLTEST= ssltest +PGPTEST1= pgptest1 RSATEST= rsa_test ENGINETEST= enginetest EVPTEST= evp_test @@ -72,7 +73,8 @@ $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHA1TEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ $(RANDTEST)$(EXE_EXT) $(FIPS_RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ - $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) + $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \ + $(PGPTEST1)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -82,14 +84,17 @@ $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o $(FIPS_AESTEST).o + $(EVPTEST).o $(FIPS_AESTEST).o \ + $(PGPTEST1).o + SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(HMACTEST).c \ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c $(FIPS_AESTEST).c + $(EVPTEST).c $(FIPS_AESTEST).c \ + $(PGPTEST1).c EXHEADER= HEADER= $(EXHEADER) @@ -425,6 +430,9 @@ TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(SSLTEST); \ fi +$(PGPTEST1)$(EXE_EXT): $(PGPTEST1).o $(DLIBSSL) $(DLIBCRYPTO) + @target=$(PGPTEST1); $(BUILD_CMD) + $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) @target=$(ENGINETEST); $(BUILD_CMD) Only in ./openssl-0.9.7g-xpgp-0.1c/test: pgptest1.c diff -ur ./openssl-0.9.7g/test/ssltest.c ./openssl-0.9.7g-xpgp-0.1c/test/ssltest.c --- ./openssl-0.9.7g/test/ssltest.c 2005-04-11 16:03:27.000000000 +0100 +++ ./openssl-0.9.7g-xpgp-0.1c/test/ssltest.c 2006-10-10 21:13:05.000000000 +0100 @@ -129,6 +129,7 @@ #include #include #include +#include #include #ifndef OPENSSL_NO_ENGINE #include @@ -143,6 +144,10 @@ get screwed... */ +/* + * #define USE_PGP 1 + */ + #ifdef OPENSSL_SYS_WINDOWS #include #else @@ -252,7 +257,11 @@ static void print_details(SSL *c_ssl, const char *prefix) { SSL_CIPHER *ciph; +#ifdef USE_PGP + XPGP *cert; +#else X509 *cert; +#endif ciph=SSL_get_current_cipher(c_ssl); BIO_printf(bio_stdout,"%s%s, cipher %s %s", @@ -260,10 +269,19 @@ SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); + +#ifdef USE_PGP + cert=SSL_get_peer_pgp_certificate(c_ssl); +#else cert=SSL_get_peer_certificate(c_ssl); +#endif if (cert != NULL) { +#ifdef USE_PGP + EVP_PKEY *pkey = XPGP_get_pubkey(cert); +#else EVP_PKEY *pkey = X509_get_pubkey(cert); +#endif if (pkey != NULL) { if (0) @@ -286,7 +304,11 @@ #endif EVP_PKEY_free(pkey); } +#ifdef USE_PGP + XPGP_free(cert); +#else X509_free(cert); +#endif } /* The SSL API does not allow us to look at temporary RSA/DH keys, * otherwise we should print their lengths too */ @@ -391,6 +413,19 @@ const char *path=argv[0]; #endif +#ifdef USE_PGP + /* create our two KEY_RINGs */ + + /* first load Keys */ + XPGP *pgp_p1 = NULL; + XPGP *pgp_p2 = NULL; + EVP_PKEY *pgp_pk_p1 = NULL; + EVP_PKEY *pgp_pk_p2 = NULL; + XPGP_KEYRING *pgp_kr_p1 = NULL; + XPGP_KEYRING *pgp_kr_p2 = NULL; + +#endif + verbose = 0; debug = 0; cipher = 0; @@ -642,6 +677,11 @@ } } +#ifdef USE_PGP + /* rmfern; make the library work for you */ + meth=PGPv1_method(); +#else /* USE_PGP */ + #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) if (ssl2) meth=SSLv2_method(); @@ -661,6 +701,7 @@ #endif #endif +#endif /* USE_PGP */ c_ctx=SSL_CTX_new(meth); s_ctx=SSL_CTX_new(meth); if ((c_ctx == NULL) || (s_ctx == NULL)) @@ -749,6 +790,30 @@ int session_id_context = 0; SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context); } +#ifdef USE_PGP + /* create our two KEY_RINGs */ + + /* first load Keys */ + pgp_p1 = load_xpgp("pgp_srvr_cert.pem"); + pgp_p2 = load_xpgp("pgp_clnt_cert.pem"); + pgp_pk_p1 = load_privKey("pgp_srvr_pk.pem","aaaa"); + pgp_pk_p2 = load_privKey("pgp_clnt_pk.pem","aaaa"); + pgp_kr_p1 = createPGPContext(pgp_p1, pgp_pk_p1); + pgp_kr_p2 = createPGPContext(pgp_p2, pgp_pk_p2); + + /* each one should be signed by the other! */ + + /* p1 = s_ctx, p2 = c_ctx */ + SSL_CTX_set_XPGP_KEYRING(s_ctx, pgp_kr_p1); + SSL_CTX_use_pgp_certificate(s_ctx, pgp_p1); + SSL_CTX_use_pgp_PrivateKey(s_ctx, pgp_pk_p1); + + SSL_CTX_set_XPGP_KEYRING(c_ctx, pgp_kr_p2); + SSL_CTX_use_pgp_certificate(c_ctx, pgp_p2); + SSL_CTX_use_pgp_PrivateKey(c_ctx, pgp_pk_p2); + +#endif + c_ssl=SSL_new(c_ctx); s_ssl=SSL_new(s_ctx); @@ -813,6 +878,18 @@ SSL_free(c_ssl); end: + +#ifdef USE_PGP + if (pgp_p1 != NULL) XPGP_free(pgp_p1); + if (pgp_p2 != NULL) XPGP_free(pgp_p2); + if (pgp_pk_p1 != NULL) EVP_PKEY_free(pgp_pk_p1); + if (pgp_pk_p2 != NULL) EVP_PKEY_free(pgp_pk_p2); + + /* XXX This still doesn't clean up correctly */ + if (pgp_kr_p1 != NULL) freePGPContext(pgp_kr_p1); + if (pgp_kr_p2 != NULL) freePGPContext(pgp_kr_p2); +#endif + if (s_ctx != NULL) SSL_CTX_free(s_ctx); if (c_ctx != NULL) SSL_CTX_free(c_ctx); @@ -824,6 +901,7 @@ #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif + CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0);