diff options
Diffstat (limited to 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos')
66 files changed, 3689 insertions, 0 deletions
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/README b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/README new file mode 100644 index 000000000..d2155ef97 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/README @@ -0,0 +1,9 @@ +NOTE: Don't expect any of these programs to work with current +OpenSSL releases, or even with later SSLeay releases. + +Original README: +============================================================================= + +Some demo programs sent to me by various people + +eric diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/Makefile b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/Makefile new file mode 100644 index 000000000..5a4e4a4ae --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/Makefile @@ -0,0 +1,30 @@ +# Quick instruction: +# To build against an OpenSSL built in the source tree, do this: +# +# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../.. +# +# To run the demos when linked with a shared library (default): +# +# LD_LIBRARY_PATH=../.. ./server-arg +# LD_LIBRARY_PATH=../.. ./server-cmod +# LD_LIBRARY_PATH=../.. ./server-conf +# LD_LIBRARY_PATH=../.. ./client-arg +# LD_LIBRARY_PATH=../.. ./client-conf +# LD_LIBRARY_PATH=../.. ./saccept +# LD_LIBRARY_PATH=../.. ./sconnect + +CFLAGS = $(OPENSSL_INCS_LOCATION) +LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS) + +all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf + +client-arg: client-arg.o +client-conf: client-conf.o +saccept: saccept.o +sconnect: sconnect.o +server-arg: server-arg.o +server-cmod: server-cmod.o +server-conf: server-conf.o + +client-arg client-conf saccept sconnect server-arg server-cmod server-conf: + $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/README b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/README new file mode 100644 index 000000000..a36bb48a5 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/README @@ -0,0 +1,7 @@ +This directory contains some simple examples of the use of BIO's +to simplify socket programming. + +The client-conf, server-conf, client-arg and client-conf include examples +of how to use the SSL_CONF API for configuration file or command line +processing. + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/accept.cnf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/accept.cnf new file mode 100644 index 000000000..cb0cefba7 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/accept.cnf @@ -0,0 +1,17 @@ +# Example configuration file +# Port to listen on +Port = 4433 +# Disable TLS v1.2 for test. +# Protocol = ALL, -TLSv1.2 +# Only support 3 curves +Curves = P-521:P-384:P-256 +# Restricted signature algorithms +SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 +Certificate=server.pem +PrivateKey=server.pem +ChainCAFile=root.pem +VerifyCAFile=root.pem + +# Request certificate +VerifyMode=Request +ClientCAFile=root.pem diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-arg.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-arg.c new file mode 100644 index 000000000..e8d5e46ab --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-arg.c @@ -0,0 +1,117 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +int main(int argc, char **argv) +{ + BIO *sbio = NULL, *out = NULL; + int len; + char tmpbuf[1024]; + SSL_CTX *ctx; + SSL_CONF_CTX *cctx; + SSL *ssl; + char **args = argv + 1; + const char *connect_str = "localhost:4433"; + int nargs = argc - 1; + + ctx = SSL_CTX_new(TLS_client_method()); + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + while (*args && **args == '-') { + int rv; + /* Parse standard arguments */ + rv = SSL_CONF_cmd_argv(cctx, &nargs, &args); + if (rv == -3) { + fprintf(stderr, "Missing argument for %s\n", *args); + goto end; + } + if (rv < 0) { + fprintf(stderr, "Error in command %s\n", *args); + ERR_print_errors_fp(stderr); + goto end; + } + /* If rv > 0 we processed something so proceed to next arg */ + if (rv > 0) + continue; + /* Otherwise application specific argument processing */ + if (strcmp(*args, "-connect") == 0) { + connect_str = args[1]; + if (connect_str == NULL) { + fprintf(stderr, "Missing -connect argument\n"); + goto end; + } + args += 2; + nargs -= 2; + continue; + } else { + fprintf(stderr, "Unknown argument %s\n", *args); + goto end; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + /* + * We'd normally set some stuff like the verify paths and * mode here + * because as things stand this will connect to * any server whose + * certificate is signed by any CA. + */ + + sbio = BIO_new_ssl_connect(ctx); + + BIO_get_ssl(sbio, &ssl); + + if (!ssl) { + fprintf(stderr, "Can't locate SSL pointer\n"); + goto end; + } + + /* Don't want any retries */ + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + + /* We might want to do other things with ssl here */ + + BIO_set_conn_hostname(sbio, connect_str); + + out = BIO_new_fp(stdout, BIO_NOCLOSE); + if (BIO_do_connect(sbio) <= 0) { + fprintf(stderr, "Error connecting to server\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + if (BIO_do_handshake(sbio) <= 0) { + fprintf(stderr, "Error establishing SSL connection\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + /* Could examine ssl here to get connection info */ + + BIO_puts(sbio, "GET / HTTP/1.0\n\n"); + for (;;) { + len = BIO_read(sbio, tmpbuf, 1024); + if (len <= 0) + break; + BIO_write(out, tmpbuf, len); + } + end: + SSL_CONF_CTX_free(cctx); + BIO_free_all(sbio); + BIO_free(out); + return 0; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-conf.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-conf.c new file mode 100644 index 000000000..e819030ee --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/client-conf.c @@ -0,0 +1,126 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/conf.h> + +int main(int argc, char **argv) +{ + BIO *sbio = NULL, *out = NULL; + int i, len, rv; + char tmpbuf[1024]; + SSL_CTX *ctx = NULL; + SSL_CONF_CTX *cctx = NULL; + SSL *ssl = NULL; + CONF *conf = NULL; + STACK_OF(CONF_VALUE) *sect = NULL; + CONF_VALUE *cnf; + const char *connect_str = "localhost:4433"; + long errline = -1; + + conf = NCONF_new(NULL); + + if (NCONF_load(conf, "connect.cnf", &errline) <= 0) { + if (errline <= 0) + fprintf(stderr, "Error processing config file\n"); + else + fprintf(stderr, "Error on line %ld\n", errline); + goto end; + } + + sect = NCONF_get_section(conf, "default"); + + if (sect == NULL) { + fprintf(stderr, "Error retrieving default section\n"); + goto end; + } + + ctx = SSL_CTX_new(TLS_client_method()); + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { + cnf = sk_CONF_VALUE_value(sect, i); + rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value); + if (rv > 0) + continue; + if (rv != -2) { + fprintf(stderr, "Error processing %s = %s\n", + cnf->name, cnf->value); + ERR_print_errors_fp(stderr); + goto end; + } + if (strcmp(cnf->name, "Connect") == 0) { + connect_str = cnf->value; + } else { + fprintf(stderr, "Unknown configuration option %s\n", cnf->name); + goto end; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + /* + * We'd normally set some stuff like the verify paths and * mode here + * because as things stand this will connect to * any server whose + * certificate is signed by any CA. + */ + + sbio = BIO_new_ssl_connect(ctx); + + BIO_get_ssl(sbio, &ssl); + + if (!ssl) { + fprintf(stderr, "Can't locate SSL pointer\n"); + goto end; + } + + /* Don't want any retries */ + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + + /* We might want to do other things with ssl here */ + + BIO_set_conn_hostname(sbio, connect_str); + + out = BIO_new_fp(stdout, BIO_NOCLOSE); + if (BIO_do_connect(sbio) <= 0) { + fprintf(stderr, "Error connecting to server\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + if (BIO_do_handshake(sbio) <= 0) { + fprintf(stderr, "Error establishing SSL connection\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + /* Could examine ssl here to get connection info */ + + BIO_puts(sbio, "GET / HTTP/1.0\n\n"); + for (;;) { + len = BIO_read(sbio, tmpbuf, 1024); + if (len <= 0) + break; + BIO_write(out, tmpbuf, len); + } + end: + SSL_CONF_CTX_free(cctx); + BIO_free_all(sbio); + BIO_free(out); + NCONF_free(conf); + return 0; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/cmod.cnf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/cmod.cnf new file mode 100644 index 000000000..39ac54edd --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/cmod.cnf @@ -0,0 +1,24 @@ +# Example config module configuration + +# Name supplied by application to CONF_modules_load_file +# and section containing configuration +testapp = test_sect + +[test_sect] +# list of configuration modules + +# SSL configuration module +ssl_conf = ssl_sect + +[ssl_sect] +# list of SSL configurations +server = server_sect + +[server_sect] +# Only support 3 curves +Curves = P-521:P-384:P-256 +# Restricted signature algorithms +SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 +# Certificates and keys +RSA.Certificate=server.pem +ECDSA.Certificate=server-ec.pem diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/connect.cnf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/connect.cnf new file mode 100644 index 000000000..ab764403a --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/connect.cnf @@ -0,0 +1,9 @@ +# Example configuration file +# Connects to the default port of s_server +Connect = localhost:4433 +# Disable TLS v1.2 for test. +# Protocol = ALL, -TLSv1.2 +# Only support 3 curves +Curves = P-521:P-384:P-256 +# Restricted signature algorithms +SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/descrip.mms b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/descrip.mms new file mode 100644 index 000000000..44ca2febc --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/descrip.mms @@ -0,0 +1,47 @@ +# This build description trusts that the following logical names are defined: +# +# For compilation: OPENSSL +# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR +# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL +# +# These are normally defined with the OpenSSL startup procedure + +# By default, we link with the shared libraries +SHARED = TRUE + +# Alternative, for linking with static libraries +#SHARED = FALSE + +.FIRST : + IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt + IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt + +.LAST : + DEASSIGN OPT + +.DEFAULT : + @ ! + +# Because we use an option file, we need to redefine this +.obj.exe : + $(LINK) $(LINKFLAGS) $<,OPT:/OPT + +all : client-arg.exe client-conf.exe saccept.exe sconnect.exe - + server-arg.exe server-cmod.exe server-conf.exe + +client-arg.exe : client-arg.obj +client-conf.exe : client-conf.obj +saccept.exe : saccept.obj +sconnect.exe : sconnect.obj +server-arg.exe : server-arg.obj +server-cmod.exe : server-cmod.obj +server-conf.exe : server-conf.obj + +# MMS doesn't infer this automatically... +client-arg.obj : client-arg.c +client-conf.obj : client-conf.c +saccept.obj : saccept.c +sconnect.obj : sconnect.c +server-arg.obj : server-arg.c +server-cmod.obj : server-cmod.c +server-conf.obj : server-conf.c diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/intca.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/intca.pem new file mode 100644 index 000000000..9f1cc025c --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/intca.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEPzCCAqegAwIBAgIILsaQqJAjK4IwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UE +BhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNU +SU5HIFBVUlBPU0VTIE9OTFkxHTAbBgNVBAMMFE9wZW5TU0wgVGVzdCBSb290IENB +MCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjBwMQswCQYDVQQGEwJV +SzEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcg +UFVSUE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0 +ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIpVng2wNFJp2kF +oJ6Yji25wy1YufnS8NxA82fk5OHdhGWj1CWqnQNotEqEQzcOUszQYrNxd8tEvoWk +Ik4JMBVoEcgBGedchftptTNulFWodWpi1yFaqA/Nz2BsVgcCJW4C+UWDT7VeHtGU +7tYKKr35lxp6io/a4jUDQXvO2nJA9YlrxOktunMqtoZSYqUz35ZXsdkn58o8Fbqm +dEpw6AqAr9aBgY5DSaGxbaX2lwNt9NvB+f9ucOqEnPP8AfTlPYc/ENwJ6u/H8RGw +d1im71mu2lHjcws3aHkbluH860U3vlKWx6Ff1qdQcH98e2HwElqxCK00xya8leu4 +u64nljkCAwEAAaNjMGEwHQYDVR0OBBYEFAoDRKVoOufDXW5Ui7L4ONxANVsFMB8G +A1UdIwQYMBaAFDZjTeLsQUG6KL9xuLhzXVdB4pkKMA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBgQDZQJLA90ewVaS3E3du +gSjPkQ1xsHm8H1am+7zr5oZ81J+R8XYIZgMR+9ShVo38OradiYNqDLso+4iuVdxh +hzoSoQELoDXCficzWKnlAtWvwDDoczyK+/p94g3VKx14n2+GvQzoZ4kwQQgaFH1w +YI6w0oH9zwoklCxvihj8D069QrYyuTT8JGZ2m0FHqVJg6teuQKFahSgwYR2CUoIb +6PrpSUQeCVCH8TPkzlRT6UgtM3ERt7+TlQ+zZ80dSf4YTAsDv9Z/CJXiF/5wZr6/ +lWuFjWmX2HkpEW6Wiv5KF8QP6Ft7Z+RYua7RMtELCYvqYbWDBs7fXWGBkZ5xhB09 +jCxz+F7zOeRbyzacfFq9DhxCWCRbIrdgGGE/Of2ujJtmK/2p4M6E5IsKNAI2SJBW +iJXvIgQgR22ehPqy6er2Gog5LkWUwqB0kHZJJpbp1IW01IGTpD6YAJyVCEAlyMbo +Kto9+wQFLT3Auv/W5h6OwxkNdfAyZBYy0ZSFk4EE8OdWWY4= +-----END CERTIFICATE----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/root.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/root.pem new file mode 100644 index 000000000..b1a1c2117 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/root.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEwzCCAyugAwIBAgIUHKKc7fxVgQjWQ7IF6l7m/fHQHH8wDQYJKoZIhvcNAQEL +BQAwaDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNV +BAsMGUZPUiBURVNUSU5HIFBVUlBPU0VTIE9OTFkxHTAbBgNVBAMMFE9wZW5TU0wg +VGVzdCBSb290IENBMCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjBo +MQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZ +Rk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEdMBsGA1UEAwwUT3BlblNTTCBUZXN0 +IFJvb3QgQ0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDaTVriXS5C +6C17OxGwWR4xxdLveLLkAb0+nSiYpzfCcEGX3qiBxHDA+Nj1kkihIJNkXmrKxa3w +1XIVoSUaVULuVxe3vqla+DScGC9MLVsfIwWe8UdGsKst4VvvtNvQUZ5CvLF4jv0V +nabvQhcjY5X7A/t8cZcjOHcaZ9fkThhG/7tJKwp4dLgPcXIimQ0UtP5gRBxnpEYd +l21mPjafqPt02lfOWTgnT5PeVoBDmN7QcrTlI7RzaeDglwFm10rNuYsRxrVsEfiG +Ejup/1eM/69zkV4Lb2RFbIpZ+oKqQ5AEemh6/IP9VwX08DOX3T1EqwthyB+yOZgp +BQ/MZ2M21E03sxlgPGKkRVTU520az84Tyft7T7sJ6BeGSMrdEZVUSJxsS/iFFwL2 +ubmhG6tq0ALIyoS+rUeHUeH2pVnEEcHIXAsLbCXfmsRpWU1fOHcpkTSzbMPhqMa3 +K8aKNHni0UtoD+ddOw0Zrx4uf3zlbPCzy2eQ2d8qb/TSynGxWmN8an8CAwEAAaNj +MGEwHQYDVR0OBBYEFDZjTeLsQUG6KL9xuLhzXVdB4pkKMB8GA1UdIwQYMBaAFDZj +TeLsQUG6KL9xuLhzXVdB4pkKMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMA0GCSqGSIb3DQEBCwUAA4IBgQCFbQA4yoXhxVQm+tEMpfKf2VEzQVNw0Tzd +Vy+zbscQ04RM4Hx4YbICdX+J7M2fYByU+KawllZJI++mfS9sbnuPIouD5NJLX5EH +//5rySOqA0OkN/Y8f41xp/YF5j96NUCjg3RoerefRSHZfNWJE1faQEHuhwDZK6OQ +GNgt246FZ7ittfe537MHUWY7CjKt6kILN03rVKSgRwwOw5Tv+VyUVyUtRppWl57L +Z+41g0gZ/r7h6ACd+n35nuzgbmqUF2VNYQLo7RzaxPvtkzJ4t96r+5NAr1cx8thr +3rnJWSgpm1ZKdtHMj1jCLxarn8gNz2gB35Tn2NdzHQI0/aEEcfLWpU9mrmhUW+yy +WEN2R8BqGsC++HhlUKKJZgR48SHF5MOBl4KyZPylBuPYcJFQdnEbioBLPlvt5bbt ++o/w3sCR3ZVHMB0n9OcQwd6tdN7aDiept6lJPlOp4dfFjkku8J5nM0oY/Xsg194A +rRK0SBUCVN/2NSHFl9LKEqQiQIUjOQM= +-----END CERTIFICATE----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/saccept.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/saccept.c new file mode 100644 index 000000000..de86ae632 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/saccept.c @@ -0,0 +1,121 @@ +/* + * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * A minimal program to serve an SSL connection. + * It uses blocking. + * saccept host:port + * host is the interface IP to use. If any interface, use *:port + * The default it *:4433 + * + * cc -I../../include saccept.c -L../.. -lssl -lcrypto -ldl + */ + +#include <stdio.h> +#include <signal.h> +#include <stdlib.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +#define CERT_FILE "server.pem" + +static volatile int done = 0; + +void interrupt(int sig) +{ + done = 1; +} + +void sigsetup(void) +{ + struct sigaction sa; + + /* + * Catch at most once, and don't restart the accept system call. + */ + sa.sa_flags = SA_RESETHAND; + sa.sa_handler = interrupt; + sigemptyset(&sa.sa_mask); + sigaction(SIGINT, &sa, NULL); +} + +int main(int argc, char *argv[]) +{ + char *port = NULL; + BIO *in = NULL; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + char buf[512]; + int ret = EXIT_FAILURE, i; + + if (argc <= 1) + port = "*:4433"; + else + port = argv[1]; + + ctx = SSL_CTX_new(TLS_server_method()); + if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE)) + goto err; + if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) + goto err; + if (!SSL_CTX_check_private_key(ctx)) + goto err; + + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + /* Arrange to leave server loop on interrupt */ + sigsetup(); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + while (!done) { + i = BIO_read(in, buf, 512); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) + goto err; + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = EXIT_SUCCESS; + err: + if (ret != EXIT_SUCCESS) + ERR_print_errors_fp(stderr); + BIO_free(in); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/sconnect.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/sconnect.c new file mode 100644 index 000000000..db71f29af --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/sconnect.c @@ -0,0 +1,129 @@ +/* + * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * A minimal program to do SSL to a passed host and port. + * It is actually using non-blocking IO but in a very simple manner + * sconnect host:port - it does a 'GET / HTTP/1.0' + * + * cc -I../../include sconnect.c -L../.. -lssl -lcrypto + */ +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <errno.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +#define HOSTPORT "localhost:4433" +#define CAFILE "root.pem" + +int main(int argc, char *argv[]) +{ + const char *hostport = HOSTPORT; + const char *CAfile = CAFILE; + char *hostname; + char *cp; + BIO *out = NULL; + char buf[1024 * 10], *p; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl; + BIO *ssl_bio; + int i, len, off, ret = EXIT_FAILURE; + + if (argc > 1) + hostport = argv[1]; + if (argc > 2) + CAfile = argv[2]; + + hostname = OPENSSL_strdup(hostport); + if ((cp = strchr(hostname, ':')) != NULL) + *cp = 0; + +#ifdef WATT32 + dbug_init(); + sock_init(); +#endif + + ssl_ctx = SSL_CTX_new(TLS_client_method()); + + /* Enable trust chain verification */ + SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); + SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL); + + /* Lets make a SSL structure */ + ssl = SSL_new(ssl_ctx); + SSL_set_connect_state(ssl); + + /* Enable peername verification */ + if (SSL_set1_host(ssl, hostname) <= 0) + goto err; + + /* Use it inside an SSL BIO */ + ssl_bio = BIO_new(BIO_f_ssl()); + BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); + + /* Lets use a connect BIO under the SSL BIO */ + out = BIO_new(BIO_s_connect()); + BIO_set_conn_hostname(out, hostport); + BIO_set_nbio(out, 1); + out = BIO_push(ssl_bio, out); + + p = "GET / HTTP/1.0\r\n\r\n"; + len = strlen(p); + + off = 0; + for (;;) { + i = BIO_write(out, &(p[off]), len); + if (i <= 0) { + if (BIO_should_retry(out)) { + fprintf(stderr, "write DELAY\n"); + sleep(1); + continue; + } else { + goto err; + } + } + off += i; + len -= i; + if (len <= 0) + break; + } + + for (;;) { + i = BIO_read(out, buf, sizeof(buf)); + if (i == 0) + break; + if (i < 0) { + if (BIO_should_retry(out)) { + fprintf(stderr, "read DELAY\n"); + sleep(1); + continue; + } + goto err; + } + fwrite(buf, 1, i, stdout); + } + + ret = EXIT_SUCCESS; + goto done; + + err: + if (ERR_peek_error() == 0) { /* system call error */ + fprintf(stderr, "errno=%d ", errno); + perror("error"); + } else { + ERR_print_errors_fp(stderr); + } + done: + BIO_free_all(out); + SSL_CTX_free(ssl_ctx); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-arg.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-arg.c new file mode 100644 index 000000000..d80d070f7 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-arg.c @@ -0,0 +1,144 @@ +/* + * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * A minimal program to serve an SSL connection. It uses blocking. It use the + * SSL_CONF API with the command line. cc -I../../include server-arg.c + * -L../.. -lssl -lcrypto -ldl + */ + +#include <stdio.h> +#include <string.h> +#include <signal.h> +#include <stdlib.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +int main(int argc, char *argv[]) +{ + char *port = "*:4433"; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + SSL_CONF_CTX *cctx; + char buf[512]; + BIO *in = NULL; + int ret = EXIT_FAILURE, i; + char **args = argv + 1; + int nargs = argc - 1; + + ctx = SSL_CTX_new(TLS_server_method()); + + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + while (*args && **args == '-') { + int rv; + /* Parse standard arguments */ + rv = SSL_CONF_cmd_argv(cctx, &nargs, &args); + if (rv == -3) { + fprintf(stderr, "Missing argument for %s\n", *args); + goto err; + } + if (rv < 0) { + fprintf(stderr, "Error in command %s\n", *args); + ERR_print_errors_fp(stderr); + goto err; + } + /* If rv > 0 we processed something so proceed to next arg */ + if (rv > 0) + continue; + /* Otherwise application specific argument processing */ + if (strcmp(*args, "-port") == 0) { + port = args[1]; + if (port == NULL) { + fprintf(stderr, "Missing -port argument\n"); + goto err; + } + args += 2; + nargs -= 2; + continue; + } else { + fprintf(stderr, "Unknown argument %s\n", *args); + goto err; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto err; + } +#ifdef ITERATE_CERTS + /* + * Demo of how to iterate over all certificates in an SSL_CTX structure. + */ + { + X509 *x; + int rv; + rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST); + while (rv) { + X509 *x = SSL_CTX_get0_certificate(ctx); + X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0, + XN_FLAG_ONELINE); + printf("\n"); + rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT); + } + fflush(stdout); + } +#endif + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + for (;;) { + i = BIO_read(in, buf, 512); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) + goto err; + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = EXIT_SUCCESS; + err: + if (ret != EXIT_SUCCESS) + ERR_print_errors_fp(stderr); + BIO_free(in); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-cmod.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-cmod.c new file mode 100644 index 000000000..f1079ad32 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-cmod.c @@ -0,0 +1,94 @@ +/* + * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * A minimal TLS server it ses SSL_CTX_config and a configuration file to + * set most server parameters. + */ + +#include <stdio.h> +#include <signal.h> +#include <stdlib.h> +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/conf.h> + +int main(int argc, char *argv[]) +{ + unsigned char buf[512]; + char *port = "*:4433"; + BIO *in = NULL; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + int ret = EXIT_FAILURE, i; + + ctx = SSL_CTX_new(TLS_server_method()); + + if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) { + fprintf(stderr, "Error processing config file\n"); + goto err; + } + + if (SSL_CTX_config(ctx, "server") == 0) { + fprintf(stderr, "Error configuring server.\n"); + goto err; + } + + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + for (;;) { + i = BIO_read(in, buf, sizeof(buf)); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) { + if (BIO_should_retry(in)) + continue; + goto err; + } + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = EXIT_SUCCESS; + err: + if (ret != EXIT_SUCCESS) + ERR_print_errors_fp(stderr); + BIO_free(in); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-conf.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-conf.c new file mode 100644 index 000000000..4d1655bfc --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-conf.c @@ -0,0 +1,139 @@ +/* + * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * A minimal program to serve an SSL connection. It uses blocking. It uses + * the SSL_CONF API with a configuration file. cc -I../../include saccept.c + * -L../.. -lssl -lcrypto -ldl + */ + +#include <stdio.h> +#include <string.h> +#include <signal.h> +#include <stdlib.h> +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/conf.h> + +int main(int argc, char *argv[]) +{ + char *port = "*:4433"; + BIO *in = NULL; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + SSL_CONF_CTX *cctx = NULL; + CONF *conf = NULL; + STACK_OF(CONF_VALUE) *sect = NULL; + CONF_VALUE *cnf; + long errline = -1; + char buf[512]; + int ret = EXIT_FAILURE, i; + + ctx = SSL_CTX_new(TLS_server_method()); + + conf = NCONF_new(NULL); + + if (NCONF_load(conf, "accept.cnf", &errline) <= 0) { + if (errline <= 0) + fprintf(stderr, "Error processing config file\n"); + else + fprintf(stderr, "Error on line %ld\n", errline); + goto err; + } + + sect = NCONF_get_section(conf, "default"); + + if (sect == NULL) { + fprintf(stderr, "Error retrieving default section\n"); + goto err; + } + + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { + int rv; + cnf = sk_CONF_VALUE_value(sect, i); + rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value); + if (rv > 0) + continue; + if (rv != -2) { + fprintf(stderr, "Error processing %s = %s\n", + cnf->name, cnf->value); + ERR_print_errors_fp(stderr); + goto err; + } + if (strcmp(cnf->name, "Port") == 0) { + port = cnf->value; + } else { + fprintf(stderr, "Unknown configuration option %s\n", cnf->name); + goto err; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto err; + } + + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + for (;;) { + i = BIO_read(in, buf, 512); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) { + if (BIO_should_retry(in)) + continue; + goto err; + } + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = EXIT_SUCCESS; + err: + if (ret != EXIT_SUCCESS) + ERR_print_errors_fp(stderr); + BIO_free(in); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-ec.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-ec.pem new file mode 100644 index 000000000..ce8dccc9c --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server-ec.pem @@ -0,0 +1,17 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsoKOpzTm/+VR5xOk +kgwtljzMFYtX4NGdqCkxjitXvLmhRANCAASsxTC21z8mDYAX/RgLK5XGJNmPlHcY +VMql6fSeS+9fTZnn1Ma12932/UBfFTITOuHviJYkQ5KxVSitmgMwnF3V +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIBvjCCAWSgAwIBAgIURVOfyUojPPQMfDEVhKY4DIdeLY0wCgYIKoZIzj0EAwIw +NTEfMB0GA1UECwwWVGVzdCBFQ0RTQSBDZXJ0aWZpY2F0ZTESMBAGA1UEAwwJbG9j +YWxob3N0MCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjA1MR8wHQYD +VQQLDBZUZXN0IEVDRFNBIENlcnRpZmljYXRlMRIwEAYDVQQDDAlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASsxTC21z8mDYAX/RgLK5XGJNmPlHcY +VMql6fSeS+9fTZnn1Ma12932/UBfFTITOuHviJYkQ5KxVSitmgMwnF3Vo1AwTjAd +BgNVHQ4EFgQUA0dWehTLHzBYhzfXiTIVUOXDusMwHwYDVR0jBBgwFoAUA0dWehTL +HzBYhzfXiTIVUOXDusMwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEA +8/l8RyihzqlEnLjcyIEaXTZm4HyNgZRQKhNACCW3jd4CIEbMJAf/D0eY38EeP2xY +/BDy/BYXYmyDQeqiE+RDjG5X +-----END CERTIFICATE----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server.pem new file mode 100644 index 000000000..d4bc3937d --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/server.pem @@ -0,0 +1,79 @@ +subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert +issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA +-----BEGIN CERTIFICATE----- +MIID0DCCArigAwIBAgIIcsOElVeHzfYwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE +BhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNU +SU5HIFBVUlBPU0VTIE9OTFkxJTAjBgNVBAMMHE9wZW5TU0wgVGVzdCBJbnRlcm1l +ZGlhdGUgQ0EwIBcNMTgwNjE0MTI0NjI4WhgPMjExODA2MTQxMjQ2MjhaMGQxCzAJ +BgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1Ig +VEVTVElORyBQVVJQT1NFUyBPTkxZMRkwFwYDVQQDDBBUZXN0IFNlcnZlciBDZXJ0 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jIZ8IZ4dIzBc+ZfdmG5 +n8G3JzRX99QvIqv52s4hFVfdzoa+AciKJpo9zkegWPmfsAVNa4uVceg/ZQt6qJsu +G/pxbQSZVnyjDQGtt7rgaDEbyUP0XJCnzyRdWSUjFS8yNZn4NkmZU01GlHtXdzWy +dEa5PaiTIwW0HI+bjjOEhwJ1hFuFqzlKHVKHA6DBzNcl6ly0E/q2kyslbR+0hq7p +NMqKvvuAxqgc//W8KvLDlKAt9D3t5zgh2+BrMPemrzjEaM97yHTogJo7+SKVDdUw +YQ7Br3xfyki9u2bUYib1BMSvLezxNP0qf/iU91z4xyLmMvOXE6W0D1WHwya1CfE7 +vwIDAQABo3gwdjAdBgNVHQ4EFgQU3ulCbvgfxej6rHnddMpBidwnLIIwHwYDVR0j +BBgwFoAUCgNEpWg658NdblSLsvg43EA1WwUwCQYDVR0TBAIwADATBgNVHSUEDDAK +BggrBgEFBQcDATAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQAD +ggEBAENMzaqJtmWED++W4KXFVwNBkQ87errBXe4jVeYKpjNb0JGMm60MS5ty54fb +r27SsR2EEk3EK2rcd85RR7TEKZCn9SvPykVtVf0tru7nOptQJgSbRvxIzyyq1UcE +K+BXDgN/I0f1X6qbk4Stb6uJF7yyAUabacjwKqgVifOOeKF9WJhVA8qJKoVq7HLN +k+uvm0geO1I4LKeULXVnQy8kwB6twcxN8iPyO45ZxbYIVeEKaYtbj/XPoq6KsLIb +5fj+mK1r/LkWk352ksNhf73r3alF8TBcSLqnbMoy1/ZvzlI4ksp9IGWtIU+CzP/f +VUjh00NOwDLd5jJbPoWW0oNp9m4= +-----END CERTIFICATE----- +subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA +issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Root CA +-----BEGIN CERTIFICATE----- +MIIEPzCCAqegAwIBAgIILsaQqJAjK4IwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UE +BhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNU +SU5HIFBVUlBPU0VTIE9OTFkxHTAbBgNVBAMMFE9wZW5TU0wgVGVzdCBSb290IENB +MCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjBwMQswCQYDVQQGEwJV +SzEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcg +UFVSUE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0 +ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIpVng2wNFJp2kF +oJ6Yji25wy1YufnS8NxA82fk5OHdhGWj1CWqnQNotEqEQzcOUszQYrNxd8tEvoWk +Ik4JMBVoEcgBGedchftptTNulFWodWpi1yFaqA/Nz2BsVgcCJW4C+UWDT7VeHtGU +7tYKKr35lxp6io/a4jUDQXvO2nJA9YlrxOktunMqtoZSYqUz35ZXsdkn58o8Fbqm +dEpw6AqAr9aBgY5DSaGxbaX2lwNt9NvB+f9ucOqEnPP8AfTlPYc/ENwJ6u/H8RGw +d1im71mu2lHjcws3aHkbluH860U3vlKWx6Ff1qdQcH98e2HwElqxCK00xya8leu4 +u64nljkCAwEAAaNjMGEwHQYDVR0OBBYEFAoDRKVoOufDXW5Ui7L4ONxANVsFMB8G +A1UdIwQYMBaAFDZjTeLsQUG6KL9xuLhzXVdB4pkKMA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBgQDZQJLA90ewVaS3E3du +gSjPkQ1xsHm8H1am+7zr5oZ81J+R8XYIZgMR+9ShVo38OradiYNqDLso+4iuVdxh +hzoSoQELoDXCficzWKnlAtWvwDDoczyK+/p94g3VKx14n2+GvQzoZ4kwQQgaFH1w +YI6w0oH9zwoklCxvihj8D069QrYyuTT8JGZ2m0FHqVJg6teuQKFahSgwYR2CUoIb +6PrpSUQeCVCH8TPkzlRT6UgtM3ERt7+TlQ+zZ80dSf4YTAsDv9Z/CJXiF/5wZr6/ +lWuFjWmX2HkpEW6Wiv5KF8QP6Ft7Z+RYua7RMtELCYvqYbWDBs7fXWGBkZ5xhB09 +jCxz+F7zOeRbyzacfFq9DhxCWCRbIrdgGGE/Of2ujJtmK/2p4M6E5IsKNAI2SJBW +iJXvIgQgR22ehPqy6er2Gog5LkWUwqB0kHZJJpbp1IW01IGTpD6YAJyVCEAlyMbo +Kto9+wQFLT3Auv/W5h6OwxkNdfAyZBYy0ZSFk4EE8OdWWY4= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA0jIZ8IZ4dIzBc+ZfdmG5n8G3JzRX99QvIqv52s4hFVfdzoa+ +AciKJpo9zkegWPmfsAVNa4uVceg/ZQt6qJsuG/pxbQSZVnyjDQGtt7rgaDEbyUP0 +XJCnzyRdWSUjFS8yNZn4NkmZU01GlHtXdzWydEa5PaiTIwW0HI+bjjOEhwJ1hFuF +qzlKHVKHA6DBzNcl6ly0E/q2kyslbR+0hq7pNMqKvvuAxqgc//W8KvLDlKAt9D3t +5zgh2+BrMPemrzjEaM97yHTogJo7+SKVDdUwYQ7Br3xfyki9u2bUYib1BMSvLezx +NP0qf/iU91z4xyLmMvOXE6W0D1WHwya1CfE7vwIDAQABAoIBAQC2HAo1RYvfDoQc +sh9LJWf5bZANO2Brqz4bP/x9AdHP+AyH/l1oliJ7R2785TmbXMppam6lGo4j3h/u +n39pzOip/NWAqldfgySRBD9Jy3LZUpLMUT/JYtrAsLTfozk+BWHu5rMR9boNXgok +Yqho8/DkpNGhBghUc4CUricLkL7laD3ziAHpx8yALL3tnLGOpgT9hNrA8Dm3yfUS +JEfiG12ILXvq1IP+vUNuaLpTLJZuqUmLpK8v+CBYgKxfd+TDnEjul4PqhhIIFK3A +xEZYQR2D/AXUwng9hP9uCbVm5lOY6vRbi9Fpbt+KRv+m25s1AnuhJFBOsL30h/Tb +iCKWm/nhAoGBAO0bFqMvZHjaT2KiwOwG/Ze9NsjynFPVltiuCqNj8HE5wM6imC5J +SdB+jMkgN6ERXALWrtr8Uf2pqzfeMsi6pekOOVTWLe/8c4bAZRxaCZn/BlZRysZI +vB9Gb7m7Oymw5iDSqrYywgOiUu+oIiCrmPOealhmn7zmHzHaETvdL9zDAoGBAOLy +DVT1csoexnuHVIWqnp7FK7lv6eOGZSdXpfJ3XYjmKJLK2hpVZe+J/mFOL1wsKSt4 +0k/V0dnkHR7V4Pa4ECiCthkWMWrBVIHe7+ZnZ0ocKQSC+EEecavOiZ57S/qnUlT6 +NtQP4cSy4DHzzFZdTZnn+2oymapPZpb2mvSN/GVVAoGADrIlHwwq8Aqn7Pclefuc +8DC8GoxfABs29EslQadKGdp4htYxFH1aY9/UHgsvJ36J82sW/1+wPUas5BOTljlr +WxyUlRuJUVyWVH3MRouWGMNjwynipZOQhWe6OQrPye+688Ha7twKhmsjNNN4+glo +u4DQGpaRxAWHXXGkq88zzj0CgYEAsICEceD7R8srnwMfb13FQ8IhQXWSuAvcO/7k +53CCZGhsgc4WVoi4YNY360G9f7gwxMiQ+NpY/Vd2dnbtIbUBjCAss9IY2OhHa0IR +3mXpZTAFjqa1oR+mVHKrgYBvFSBw3fpEDiXT9wEPcIomD709D0fmty9nZ5edOCfP +WAfdlokCgYEAqXuMuAg3NMMgEv+eBfsf43v3hRwBqPYanE26wcO3GoT/S8BpB6wy +vBoPZOlO5ZfsD2jaTec60GLay+MofxC7qNXIjzHOw50ry4bqHqqoQbn2cONE1k+0 +ov7H2keTcG9FEGgL7dRUq3pRUo/W12WmRuDN17IEgkzAeisJnoiPtaQ= +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/shared.opt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/shared.opt new file mode 100644 index 000000000..4141b93a5 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/shared.opt @@ -0,0 +1,2 @@ +OSSL$LIBSSL_SHR/SHARE +OSSL$LIBCRYPTO_SHR/SHARE diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/static.opt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/static.opt new file mode 100644 index 000000000..9ca1588f7 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/bio/static.opt @@ -0,0 +1,2 @@ +OSSL$LIBSSL/LIB +OSSL$LIBCRYPTO/LIB diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/README b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/README new file mode 100644 index 000000000..fde832eb2 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/README @@ -0,0 +1,21 @@ +There is often a need to generate test certificates automatically using +a script. This is often a cause for confusion which can result in incorrect +CA certificates, obsolete V1 certificates or duplicate serial numbers. +The range of command line options can be daunting for a beginner. + +The mkcerts.sh script is an example of how to generate certificates +automatically using scripts. Example creates a root CA, an intermediate CA +signed by the root and several certificates signed by the intermediate CA. + +The script then creates an empty index.txt file and adds entries for the +certificates and generates a CRL. Then one certificate is revoked and a +second CRL generated. + +The script ocsprun.sh runs the test responder on port 8888 covering the +client certificates. + +The script ocspquery.sh queries the status of the certificates using the +test responder. + + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/apps.cnf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/apps.cnf new file mode 100644 index 000000000..531afe64b --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/apps.cnf @@ -0,0 +1,69 @@ +# +# OpenSSL configuration file to create apps directory certificates +# + +# This definition stops the following lines choking if HOME or CN +# is undefined. +HOME = . +RANDFILE = $ENV::HOME/.rnd +CN = "Not Defined" + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +# Don't prompt for fields: use those in section directly +prompt = no +distinguished_name = req_distinguished_name +x509_extensions = v3_ca # The extensions to add to the self signed cert +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = UK + +organizationName = OpenSSL Group +organizationalUnitName = FOR TESTING PURPOSES ONLY +# Take CN from environment so it can come from a script. +commonName = $ENV::CN + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request for an end entity +# certificate + +basicConstraints=critical, CA:FALSE +keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +[ ec_cert ] + +# These extensions are added when 'ca' signs a request for an end entity +# certificate + +basicConstraints=critical, CA:FALSE +keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid + +[ v3_ca ] + + +# Extensions for a typical CA + +# PKIX recommendation. + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always +basicConstraints = critical,CA:true +keyUsage = critical, cRLSign, keyCertSign + + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/ckey.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/ckey.pem new file mode 100644 index 000000000..8e9054d29 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/ckey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f +wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr +agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy +mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr +MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x +HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L +p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT +KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB +1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx +L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl +LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO +Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn +/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai +1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX +1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3 +NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ +zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC +mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7 +5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK +u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+ +HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV +tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn +SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh +kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww +1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw= +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/intkey.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/intkey.pem new file mode 100644 index 000000000..d586cb7c6 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/intkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsErw75CmLYD6pkrGW/YhAl/K8L5wJYxDjqu2FghxjD8K308W +3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VLIdurBEAIEUdbzx0so74FPawgz5EW2CTq +oJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJGNXND2ip0TcyTSPLROXOyQakcVfIGJmd +Sa1wHKi+c2gMA4emADudZUOYLrg80gr2ldePm07ynbVsKKzCcStw8MdmoW9Qt3fL +nPJn2TFUUBNWj+4kvL+88edWCVQXKNdsysD/CDrH4W/hjyPDStVsM6XpiNU0+L2Z +Y6fcj3OP8d0goOx45xotMn9m8hNkCGsrVXx9IwIDAQABAoIBACg3wIV2o2KIJSZg +sqXyHY+0GNEZMO5v9E2NAMo//N941lshaN6wrww5FbK39qH9yNylfxmFLe6sgJhA +fLZprbcXgH+onto+Fpv4UqvCI+4WdHa03U3sJ+70SvxzSy1Gtrbc8FUPJl7qgrFf +Nn5S8CgOwYb4J6KPguTh5G3Z9RPiCKObwOwEM34hrZUlgPS88wmzu9H6L2GM8A1v +YBtEr0msBnlJBJOgStyUEfHW2KspNQ+VllQ6c0cedgFXUpl9EoKTLxP+WXwFI1sx +jFCFzSrMqPcPz1PxU6bXoZE0WH6r+3c8WAW4xR/HVu04BrBDu0CGwn6zAXDy6wCU +pWogDlkCgYEA4o+nIu2CTzqUlgc22pj+hjenfS5lnCtJfAdrXOJHmnuL+J9h8Nzz +9kkL+/Y0Xg9bOM6xXPm+81UNpDvOLbUahSSQsfB+LNVEkthJIL4XIk083LsHjFaJ +9SiCFRbf2OgWrEhe/c1drySwz9u/0f4Q7B6VGqxMnTDjzS5JacZ1pE8CgYEAxzMn +/n/Dpdn+c4rf14BRNKCv1qBXngPNylKJCmiRpKRJAn+B+Msdwtggk/1Ihju21wSo +IGy0Gw7WQd1Iq7V85cB2G5PAFY6ybpSV6G3QrzmzuvjHmKvXgUAuuaN+7Pp1YkMY +rLVjUOcdP5JbXG6XnaCkHYJR8uapPwWPkDt+oO0CgYBI4yZGGlr92j7LNW70TJw1 +2dnMcAzIfTSa7lgf/bxDetPBHKWJs8vYxA9S9BZM3Gvgjr6IxuAjsI0+9O6TzdvG +UckrNc+h5Mq241ZDbmRK6MZXzOPUxlKDyJBw8Hb7dU82BeJpjJRDMG6hsHS5vh77 +l6sodZ4ARCZFcEq1+N8ICQKBgDeBHJLAXO6YmFrvhkGQ4o+senJuSRuhabUHXGIH +ExXyJNnKV5fQWOGSwTkbKRsmBmNRS9uFDoY/kxnVI8ucjUmjYAV9HNek5DkFs+OI +vc4lYNwnN85li23bSWm2kcZMX2ra0URGYn8HdtHg4Q4XTq3ANhp21oi9FsmVrhP9 +T+JdAoGBAK2ebwZ7CXFavDFo4mzLKkGitBjrSi/udFhZECXZWEbNzWlVc3Y3q0cU +drDqUtbVm+/Xb5CMU044Gqq6SKdObAb3JElKmFylFL9fp2rfL/foUr2sdb87Vqdp +2j5jZyvt1DKnNaJ7JaFbUdRxlvHQRiqKlZpafN/SMQ0jCs1bSgCg +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/mkacerts.sh b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/mkacerts.sh new file mode 100644 index 000000000..70984969f --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/mkacerts.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +# Recreate the demo certificates in the apps directory. + +OPENSSL=openssl + +# Root CA: create certificate directly +CN="OpenSSL Test Root CA" $OPENSSL req -config apps.cnf -x509 -nodes \ + -keyout root.pem -out root.pem -key rootkey.pem -new -days 3650 +# Intermediate CA: request first +CN="OpenSSL Test Intermediate CA" $OPENSSL req -config apps.cnf -nodes \ + -key intkey.pem -out intreq.pem -new +# Sign request: CA extensions +$OPENSSL x509 -req -in intreq.pem -CA root.pem -CAkey rootkey.pem -days 3630 \ + -extfile apps.cnf -extensions v3_ca -CAcreateserial -out intca.pem +# Client certificate: request first +CN="Test Client Cert" $OPENSSL req -config apps.cnf -nodes \ + -key ckey.pem -out creq.pem -new +# Sign using intermediate CA +$OPENSSL x509 -req -in creq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ + -extfile apps.cnf -extensions usr_cert -CAcreateserial | \ + $OPENSSL x509 -nameopt oneline -subject -issuer >client.pem +# Server certificate: request first +CN="Test Server Cert" $OPENSSL req -config apps.cnf -nodes \ + -key skey.pem -out sreq.pem -new +# Sign using intermediate CA +$OPENSSL x509 -req -in sreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ + -extfile apps.cnf -extensions usr_cert -CAcreateserial | \ + $OPENSSL x509 -nameopt oneline -subject -issuer >server.pem +# Server certificate #2: request first +CN="Test Server Cert #2" $OPENSSL req -config apps.cnf -nodes \ + -key skey2.pem -out sreq2.pem -new +# Sign using intermediate CA +$OPENSSL x509 -req -in sreq2.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ + -extfile apps.cnf -extensions usr_cert -CAcreateserial | \ + $OPENSSL x509 -nameopt oneline -subject -issuer >server2.pem + +# Append keys to file. + +cat skey.pem >>server.pem +cat skey2.pem >>server2.pem +cat ckey.pem >>client.pem + +$OPENSSL verify -CAfile root.pem -untrusted intca.pem \ + server2.pem server.pem client.pem diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/mkxcerts.sh b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/mkxcerts.sh new file mode 100644 index 000000000..ebe192043 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/mkxcerts.sh @@ -0,0 +1,29 @@ + +# Create certificates using various algorithms to test multi-certificate +# functionality. + +OPENSSL=../../../apps/openssl +CN="OpenSSL Test RSA SHA-1 cert" $OPENSSL req \ + -config apps.cnf -extensions usr_cert -x509 -nodes \ + -keyout tsha1.pem -out tsha1.pem -new -days 3650 -sha1 +CN="OpenSSL Test RSA SHA-256 cert" $OPENSSL req \ + -config apps.cnf -extensions usr_cert -x509 -nodes \ + -keyout tsha256.pem -out tsha256.pem -new -days 3650 -sha256 +CN="OpenSSL Test RSA SHA-512 cert" $OPENSSL req \ + -config apps.cnf -extensions usr_cert -x509 -nodes \ + -keyout tsha512.pem -out tsha512.pem -new -days 3650 -sha512 + +# Create EC parameters + +$OPENSSL ecparam -name P-256 -out ecp256.pem +$OPENSSL ecparam -name P-384 -out ecp384.pem + +CN="OpenSSL Test P-256 SHA-256 cert" $OPENSSL req \ + -config apps.cnf -extensions ec_cert -x509 -nodes \ + -nodes -keyout tecp256.pem -out tecp256.pem -newkey ec:ecp256.pem \ + -days 3650 -sha256 + +CN="OpenSSL Test P-384 SHA-384 cert" $OPENSSL req \ + -config apps.cnf -extensions ec_cert -x509 -nodes \ + -nodes -keyout tecp384.pem -out tecp384.pem -newkey ec:ecp384.pem \ + -days 3650 -sha384 diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/rootkey.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/rootkey.pem new file mode 100644 index 000000000..2600aab8e --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/rootkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEA0xpquKAoY6trkxz8uuE6RyYfMOy+Rgvt19pqG3x8sEpFNjDN +IG873HniShNaOrseRtrGRgCDcecNOQ0LLOQYo10zz0er8+0YgUWVx5Ag5q3cqN3T +kjDc+0sRZMONPoUwD0ySOT9dumbJypEjA0q2AgKgWwaO4ilzg/fWTEruLeuL4meX +K9WZFmMnGuF4kHSocZeKWs5UM86WIOf/+NdtzLNd6a5HwqAB5Azggiz2Ngck6Aet +Mi0inBr3A1MSn0oIaQ7rGvbQ2QrIOnpdHJ36GadQHuvvtZOm28o8UVONMMWoS1yJ +/1TaRWQJ+faZJE7yegJtUf75+5HwsxaUP32C3wIDAQABAoIBAQCEybEnwVamm0Vn +nGw9AT+vUYN9Ou3VEdviUzk7YOrt2Un/9GKTbGSzItf80H+JQfqhhywBDIGiPDxN +Dq9g5Xm6CP51/BdlsFYhuqukhDyt3d9XOXHEG4hlaarfP0KxeQXqGbhA2mMSxWVZ +TkI/59blHNHRcCagjIJlGJhsFRYNO1/ApfA5zN7fWCFvH1XWZhuvsPDgUXKm4BS0 +p3ol67MVJHRfYcLb/txBO5rBhSXinK0jEBiljRcE0rWzRycSedmDgG3SNV17wvA0 +UWgMNpPcJ1b7Satr0nM7A8+siV8FRcfvPqCuGPKCYTrNn71hGJEhKXKwlURj9+95 +O5yzRxjBAoGBAPtTRYN40/piRB0XLpi+zNh+4Ba4TGfXSymbaozgC/pI5wfgGXrz +IpT9ujjV42r8TABHvXa6uiGm0cbxcUgq2n6Y8rf6iHxmn23ezCEBUs7rd6jtt11b +m58T8o0XWyOgAovaH0UgzMtrlsZYR2fli5254oRkTWwaUTuO38z6CVddAoGBANcH +nvdu3RniIYStsr5/deu7l81ZQ9rSiR1m3H6Wy8ryMIfkYfa0WqXhwNHrLrhvhLIQ +7mGnJ+jAkJyVQULE6UdbmVW8tC58Dfrgz/1s7RMeUYPnOmRpx79c/LqZ2IunfFWx +IvBvFu7vidEHA+1tU2N+oXNsU+B9XpfsJ+/d2QtrAoGBAJTuP58tFtClMp/agO5b +AqC4bqqIBB704cGCK53XlsF2OhHcprzJH5ES2iub8+wOHit8V7Xn6SzP4jf2E58k +Zd3nXM3RVNgDKC6/fE+CrUOZHYupcqOMCag29eDOGl/+DgQ5+ZXJXhKdaveWkJns +2NNat/SkS4zn+4NDozOgZ7CxAoGBAIuXjfJRTUXNUDci0APtGO9U1AJiLbOzs4Gb +0g539IqmWS0O7S3L/YDsolFkXOsssjcq2KYabsUhpX+RQVGIJWzGoS9QlqQKssSo +Bz4c5Xbg2shHZtfi9+JaClNVJofazdOPcAAoDfpFFPHWnQ0YSOcxQLx+maEFok/7 +5h1IputLAoGBAKGBWDPwskgRRfCAIFpCJLOu/9D30M/akMtO0kJYQpBjOaKuigUy +ic7pthFVse/pMUljXHAd1hs2CTjMW1ukEusU3x1Ei6wvnHHqn0Hs+6D5NQFQkcMn +7rejJ+bpJPRAn40AAV5hGBYI12XycB8ZgyPC4hTUK6unGVK06DC4qvdv +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/skey.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/skey.pem new file mode 100644 index 000000000..dbd403d19 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/skey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv +h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL +tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu +D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI +uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6 +qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn +zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3 +r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D +AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R +5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm +W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH +674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg +utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY +BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX +4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a +WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8 +bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH +6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex +4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa +WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g +n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB +JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+ +OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX +xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK +UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/skey2.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/skey2.pem new file mode 100644 index 000000000..785382285 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/apps/skey2.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f +UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq +2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi +92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33 +DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k +KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5 +x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A +DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD +F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd +rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb ++znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb +Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a +E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs +Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL +8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf +rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq +bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX +5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG +3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0 +5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP +5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng +38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k +z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok +kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ +NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/ca.cnf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/ca.cnf new file mode 100644 index 000000000..5a8a5f29e --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/ca.cnf @@ -0,0 +1,86 @@ +# +# OpenSSL example configuration file for automated certificate creation. +# + +# This definition stops the following lines choking if HOME or CN +# is undefined. +HOME = . +RANDFILE = $ENV::HOME/.rnd +CN = "Not Defined" +default_ca = ca + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +# Don't prompt for fields: use those in section directly +prompt = no +distinguished_name = req_distinguished_name +x509_extensions = v3_ca # The extensions to add to the self signed cert +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = UK + +organizationName = OpenSSL Group +# Take CN from environment so it can come from a script. +commonName = $ENV::CN + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request for an end entity +# certificate + +basicConstraints=critical, CA:FALSE +keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +# OCSP responder certificate +[ ocsp_cert ] + +basicConstraints=critical, CA:FALSE +keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +extendedKeyUsage=OCSPSigning + +[ dh_cert ] + +# These extensions are added when 'ca' signs a request for an end entity +# DH certificate + +basicConstraints=critical, CA:FALSE +keyUsage=critical, keyAgreement + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid + +[ v3_ca ] + + +# Extensions for a typical CA + +# PKIX recommendation. + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always +basicConstraints = critical,CA:true +keyUsage = critical, cRLSign, keyCertSign + +# Minimal CA entry to allow generation of CRLs. +[ca] +database=index.txt +crlnumber=crlnum.txt diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/mkcerts.sh b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/mkcerts.sh new file mode 100644 index 000000000..2d14a9598 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/mkcerts.sh @@ -0,0 +1,96 @@ +#!/bin/sh + +OPENSSL=../../apps/openssl +OPENSSL_CONF=../../apps/openssl.cnf +export OPENSSL_CONF + +# Root CA: create certificate directly +CN="Test Root CA" $OPENSSL req -config ca.cnf -x509 -nodes \ + -keyout root.pem -out root.pem -newkey rsa:2048 -days 3650 +# Intermediate CA: request first +CN="Test Intermediate CA" $OPENSSL req -config ca.cnf -nodes \ + -keyout intkey.pem -out intreq.pem -newkey rsa:2048 +# Sign request: CA extensions +$OPENSSL x509 -req -in intreq.pem -CA root.pem -days 3600 \ + -extfile ca.cnf -extensions v3_ca -CAcreateserial -out intca.pem + +# Server certificate: create request first +CN="Test Server Cert" $OPENSSL req -config ca.cnf -nodes \ + -keyout skey.pem -out req.pem -newkey rsa:1024 +# Sign request: end entity extensions +$OPENSSL x509 -req -in req.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial -out server.pem + +# Client certificate: request first +CN="Test Client Cert" $OPENSSL req -config ca.cnf -nodes \ + -keyout ckey.pem -out creq.pem -newkey rsa:1024 +# Sign using intermediate CA +$OPENSSL x509 -req -in creq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial -out client.pem + +# Revoked certificate: request first +CN="Test Revoked Cert" $OPENSSL req -config ca.cnf -nodes \ + -keyout revkey.pem -out rreq.pem -newkey rsa:1024 +# Sign using intermediate CA +$OPENSSL x509 -req -in rreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ + -extfile ca.cnf -extensions usr_cert -CAcreateserial -out rev.pem + +# OCSP responder certificate: request first +CN="Test OCSP Responder Cert" $OPENSSL req -config ca.cnf -nodes \ + -keyout respkey.pem -out respreq.pem -newkey rsa:1024 +# Sign using intermediate CA and responder extensions +$OPENSSL x509 -req -in respreq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ + -extfile ca.cnf -extensions ocsp_cert -CAcreateserial -out resp.pem + +# Example creating a PKCS#3 DH certificate. + +# First DH parameters + +[ -f dhp.pem ] || $OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_prime_len:1024 -out dhp.pem + +# Now a DH private key +$OPENSSL genpkey -paramfile dhp.pem -out dhskey.pem +# Create DH public key file +$OPENSSL pkey -in dhskey.pem -pubout -out dhspub.pem +# Certificate request, key just reuses old one as it is ignored when the +# request is signed. +CN="Test Server DH Cert" $OPENSSL req -config ca.cnf -new \ + -key skey.pem -out dhsreq.pem +# Sign request: end entity DH extensions +$OPENSSL x509 -req -in dhsreq.pem -CA root.pem -days 3600 \ + -force_pubkey dhspub.pem \ + -extfile ca.cnf -extensions dh_cert -CAcreateserial -out dhserver.pem + +# DH client certificate + +$OPENSSL genpkey -paramfile dhp.pem -out dhckey.pem +$OPENSSL pkey -in dhckey.pem -pubout -out dhcpub.pem +CN="Test Client DH Cert" $OPENSSL req -config ca.cnf -new \ + -key skey.pem -out dhcreq.pem +$OPENSSL x509 -req -in dhcreq.pem -CA root.pem -days 3600 \ + -force_pubkey dhcpub.pem \ + -extfile ca.cnf -extensions dh_cert -CAcreateserial -out dhclient.pem + +# Examples of CRL generation without the need to use 'ca' to issue +# certificates. +# Create zero length index file +>index.txt +# Create initial crl number file +echo 01 >crlnum.txt +# Add entries for server and client certs +$OPENSSL ca -valid server.pem -keyfile root.pem -cert root.pem \ + -config ca.cnf -md sha1 +$OPENSSL ca -valid client.pem -keyfile root.pem -cert root.pem \ + -config ca.cnf -md sha1 +$OPENSSL ca -valid rev.pem -keyfile root.pem -cert root.pem \ + -config ca.cnf -md sha1 +# Generate a CRL. +$OPENSSL ca -gencrl -keyfile root.pem -cert root.pem -config ca.cnf \ + -md sha1 -crldays 1 -out crl1.pem +# Revoke a certificate +openssl ca -revoke rev.pem -crl_reason superseded \ + -keyfile root.pem -cert root.pem -config ca.cnf -md sha1 +# Generate another CRL +$OPENSSL ca -gencrl -keyfile root.pem -cert root.pem -config ca.cnf \ + -md sha1 -crldays 1 -out crl2.pem + diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/ocspquery.sh b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/ocspquery.sh new file mode 100644 index 000000000..f66411330 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/ocspquery.sh @@ -0,0 +1,21 @@ +# Example querying OpenSSL test responder. Assumes ocsprun.sh has been +# called. + +OPENSSL=../../apps/openssl +OPENSSL_CONF=../../apps/openssl.cnf +export OPENSSL_CONF + +# Send responder queries for each certificate. + +echo "Requesting OCSP status for each certificate" +$OPENSSL ocsp -issuer intca.pem -cert client.pem -CAfile root.pem \ + -url http://127.0.0.1:8888/ +$OPENSSL ocsp -issuer intca.pem -cert server.pem -CAfile root.pem \ + -url http://127.0.0.1:8888/ +$OPENSSL ocsp -issuer intca.pem -cert rev.pem -CAfile root.pem \ + -url http://127.0.0.1:8888/ +# One query for all three certificates. +echo "Requesting OCSP status for three certificates in one request" +$OPENSSL ocsp -issuer intca.pem \ + -cert client.pem -cert server.pem -cert rev.pem \ + -CAfile root.pem -url http://127.0.0.1:8888/ diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/ocsprun.sh b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/ocsprun.sh new file mode 100644 index 000000000..a65e5f2fd --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/certs/ocsprun.sh @@ -0,0 +1,14 @@ +# Example of running an querying OpenSSL test OCSP responder. +# This assumes "mkcerts.sh" or similar has been run to set up the +# necessary file structure. + +OPENSSL=../../apps/openssl +OPENSSL_CONF=../../apps/openssl.cnf +export OPENSSL_CONF + +# Run OCSP responder. + +PORT=8888 + +$OPENSSL ocsp -port $PORT -index index.txt -CA intca.pem \ + -rsigner resp.pem -rkey respkey.pem -rother intca.pem $* diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cacert.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cacert.pem new file mode 100644 index 000000000..1949fc33a --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cacert.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA26gAwIBAgIUM/WihZJZUTZvqoyNaUlp59DOaWYwDQYJKoZIhvcNAQEL +BQAwVzELMAkGA1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwN +T3BlblNTTCBHcm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0x +ODA2MTQxMjQ2MjhaGA8yMTE4MDYxNDEyNDYyOFowVzELMAkGA1UEBhMCVUsxEjAQ +BgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEcMBoGA1UE +AwwTVGVzdCBTL01JTUUgUm9vdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC +AYoCggGBAMzxOVHZFVxN9XQIVW3y1bK5ir3jKpKkU6zKrw8MdRvm233eqWSOYJvs +3rgdT59iv+CaPcBT5offbP0eH43H96CubJji/vQLMUzc/cLrJuCbLHREbSCsFNpf +lYw5mkT98dCFV66HuN6Nwqi5kW8TxGSXkD4OZqklbbicrXoXh5qhREID5hgbrijy +BiIHyp6bDq5zUCcmHP/Gdw2aTMEQZNsdw4MavtB65vI7dYxo2zEzdmJ3NnjlG7qZ +6Od6V4IW8yRAK9GLj0TUCZl28pq6rNio+F5Lst3clX9PDxh7LphNrXXYiHjXp2Kn +LZbOnz1SJSmCeisy/EFN6fRtwdwqcM1AcKNBU+UqFq0Mv0sgNdRwghYWGQht0mT9 ++Pg5HxTzDlOOmBT1kAduxJNLiRQlgysPDN94Os0EpzJyA87Z6yJRGvYGZ5mrdfx2 +8p6bHptf46h1WzCX4wDy2J86y+odgWMnSkmF9h8ySj66rgmLrz40n+mDm8bhUblK +AV8IqN8WmQIDAQABo4HHMIHEMB0GA1UdDgQWBBSkmMaBYQPTEGcqe1maU2IDOMLQ +ezCBlAYDVR0jBIGMMIGJgBSkmMaBYQPTEGcqe1maU2IDOMLQe6FbpFkwVzELMAkG +A1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBH +cm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQYIUM/WihZJZUTZvqoyN +aUlp59DOaWYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAqP1CQRGM +roHvk6dhI4ElNae5seRdSQNTtwAhlP1RoSoFz8xybMgDksKE07t77gDsKvU2SuXV +fdICqVpjpN9cRYKM6VmiREdU6OGsPQ74u4sOg4cT/tuou0RsD/uQaznb5NOvo2T0 +8rmX0Ai3+lbEuMBCaGNU0KYJifYy4QrSqEapq4W3NbqH85msOiKHEDh1vz9IWz6z +WKjdv9lst56XuLTZrJ/O0T0qD6aMXyqK6ZART/FELjDXc+9Ey4TH+msOEKq0uQWt +y7Grfmz52dTnAjBw+6/ggE9sA8Wo6DhwbEUaOA9BB5YP+XWsIkUUbiVHU7D8TyiE +KHt2DkaWvjl1/RdtzQUO/vGI4yuFTZfLf23KcwgtHJI3JxLNAMLM3I2jmoWhKm/d +GkVYsGH1GWonv0UTv/TKlOXaTYWK9fQVoYkFc+FrwUd2lev5FizJNigL9qatGyRZ +giJmWWlf0bMMIxwWZzQswxLyKdkNlvkKf9T6BjEmGLeOHZCn0x2sOyUi +-----END CERTIFICATE----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cakey.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cakey.pem new file mode 100644 index 000000000..486c975b7 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cakey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5QIBAAKCAYEAzPE5UdkVXE31dAhVbfLVsrmKveMqkqRTrMqvDwx1G+bbfd6p +ZI5gm+zeuB1Pn2K/4Jo9wFPmh99s/R4fjcf3oK5smOL+9AsxTNz9wusm4JssdERt +IKwU2l+VjDmaRP3x0IVXroe43o3CqLmRbxPEZJeQPg5mqSVtuJyteheHmqFEQgPm +GBuuKPIGIgfKnpsOrnNQJyYc/8Z3DZpMwRBk2x3Dgxq+0Hrm8jt1jGjbMTN2Ync2 +eOUbupno53pXghbzJEAr0YuPRNQJmXbymrqs2Kj4Xkuy3dyVf08PGHsumE2tddiI +eNenYqctls6fPVIlKYJ6KzL8QU3p9G3B3CpwzUBwo0FT5SoWrQy/SyA11HCCFhYZ +CG3SZP34+DkfFPMOU46YFPWQB27Ek0uJFCWDKw8M33g6zQSnMnIDztnrIlEa9gZn +mat1/Hbynpsem1/jqHVbMJfjAPLYnzrL6h2BYydKSYX2HzJKPrquCYuvPjSf6YOb +xuFRuUoBXwio3xaZAgMBAAECggGBAJrqILzozke2ujpablEtBTITJHgC9lRgmMt9 +bjR+4ysTJ4kOvZbANPDIbVZY+a3uVEIv9UujYBgG4Hi4w3tF074G+xnaRIQuzbZf +OgaUABA527GLY74VtbGYHRAhHqbWGmrX0H6iIzE/kQw/MVr4YzTyiFsQQbPMEhNB +g7RNgvh0vIb2MYC5s71JrS8eGqAnb0KY8daV7ce9upJyt2Acx1AGQJqipegrbtVd +8q4PONkJIIyvtmJONNaprq8DAJDaTNdcZu7f7mymF5UFpp4Lh6raAvOZAZjgkPYW +PsX2uMAsYchXTmSDGOHNafqeyTS0UEaw6FRhpxzMoSxRXX4/RhjeShadYwHxbh7s +UwFU7S9EWlj8CjgGs00KFM1eMV0sEYsL8sRf7ZiWM5XJsmXKbRZjA5V+7OoSGElB +zJcERK6NFCISijApZlVveEVZS0qESivKd9bspOzbMdoJyjBW1LZdMH85YIwM8Dox +VqGR0QD3UP8RpZBRwTiFenqOpwARnQKBwQD1NBGcTxLLUUluEBG/TD9KM5sCnkm8 +cn5RomwTeBrUr9SXOJuUPa8RNLrAeosuWCrx9JkF25IBExQbbs1NRHuziOIOyI0+ +hvqP85zJln7kUDtiDMFfUdS8Q6PF3b3wJl6cbipowWwsahvUSkx3W8UWrzZHsvrO +LBtvEZdwetNWN50FK040uM6y/x71xfvUhlKBsuZBgDFU9aXJZAGpkCklZnByURN6 +LZudDQETdYo7/X8qqPlcHwHStGj9YXg/e38CgcEA1fdVA6s+KlRUGRTUDaUFPDji +MciTcvA3teXJWNAsFWd71oLT5eQNI50afF242ikTT6JuXFH0mMYKoVe/LFo7m2mf +uLcW4yM/FiKTkhnBQGm7KNqyvXB0T0DWTDSeS7hTzD6KjuJPf7JVH5I4In8jSKJd +3mzTA9keIosnxjX7EOsZNQd0+MKaJYHnvJsxYaoT9FXoONuyzQu96TQ8Q+fkVHXh +I/ENAw0qfoJ5mw5dQnU2UtjP6cSNVQ9Rsr48GNnnAoHBAJcI65AMZNc3yrMw0r2y +iYl7IBAMz/5zx7shANE9OcmoRJqhE7PMCvneMOo+kVyKkmlW8KrbBKQEzG3ZYjwl +4sxDlHrmrZnGKrBgrkK9oIuhn/JVSQcdsJwGTeqjG0vBVqWkdhrwiWESOvIYkeEz +dcLzScwAQtyb7ooLm+x8u5Bv0RhOBG4VJ7y5yKg6u1O9KTUarRnLjJd4eBYEs8Fu +Oun+n2TK6+RmE2Q5jmAeFne9PYdZbb+Ame7fkYwBbcAsoQKBwQC1KHQSZyp7LGsH +0Vq5Mr77/i2FeQ1eg4SnvaZ8S8UHWla/iIVgX3XAcYO7SJ76F00CX8SQ5dLyhrr5 +YBG8u6k8LHHPMzVtmqoPU7cePDAjGWIddQ1g15WihILsgqCD+8z3YPxvfa1RsOvh +jyt4Ca0WEmLnr7v5xhp9pNRIPewUpvjwrR+cfyeEGjjat4tX5Wh/tzym51y7vvVM +Pa3I0M3BtQyqIa2ip8MS2eWcIs1TN2qHOorOolwHaLEDZY38fIECgcAKns98A2G3 +tLvZaDZlVsJWZsdSDUrFCKvx9QbTZHbyOL5JU/8TgLBgfOgV2yxLXn9Pq+0Quvb2 +EjaFuA3GKOFi50WtfwR6Yo1DaFcx5n0bDShnaHOF+dUi0BVQd2V1DsqAwF5/Eh3A +lX+XuWeSam4/91WhmNMCZpfYv0GErs4ZBHHsl54jmvrrjbhg/efUvpWKi/9vlKm+ ++ITH+nG1xCnyEEVZ+vm9Qq57lCLBZGyGT4PetllpsRrGcdO4/gfK8lY= +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_comp.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_comp.c new file mode 100644 index 000000000..0d548f93c --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_comp.c @@ -0,0 +1,64 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Simple S/MIME compress example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + /* + * On OpenSSL 1.0.0+ only: + * for streaming set CMS_STREAM + */ + int flags = CMS_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Open content being compressed */ + + in = BIO_new_file("comp.txt", "r"); + + if (!in) + goto err; + + /* compress content */ + cms = CMS_compress(in, NID_zlib_compression, flags); + + if (!cms) + goto err; + + out = BIO_new_file("smcomp.txt", "w"); + if (!out) + goto err; + + /* Write out S/MIME message */ + if (!SMIME_write_CMS(out, cms, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) { + fprintf(stderr, "Error Compressing Data\n"); + ERR_print_errors_fp(stderr); + } + + CMS_ContentInfo_free(cms); + BIO_free(in); + BIO_free(out); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_ddec.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_ddec.c new file mode 100644 index 000000000..8f2e9aecb --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_ddec.c @@ -0,0 +1,88 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * S/MIME detached data decrypt example: rarely done but should the need + * arise this is an example.... + */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL; + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!rcert || !rkey) + goto err; + + /* Open PEM file containing enveloped data */ + + in = BIO_new_file("smencr.pem", "r"); + + if (!in) + goto err; + + /* Parse PEM content */ + cms = PEM_read_bio_CMS(in, NULL, 0, NULL); + + if (!cms) + goto err; + + /* Open file containing detached content */ + dcont = BIO_new_file("smencr.out", "rb"); + + if (!in) + goto err; + + out = BIO_new_file("encrout.txt", "w"); + if (!out) + goto err; + + /* Decrypt S/MIME message */ + if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0)) + goto err; + + ret = 0; + + err: + + if (ret) { + fprintf(stderr, "Error Decrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + CMS_ContentInfo_free(cms); + X509_free(rcert); + EVP_PKEY_free(rkey); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + BIO_free(dcont); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_dec.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_dec.c new file mode 100644 index 000000000..4f9428b4e --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_dec.c @@ -0,0 +1,78 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Simple S/MIME decryption example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!rcert || !rkey) + goto err; + + /* Open S/MIME message to decrypt */ + + in = BIO_new_file("smencr.txt", "r"); + + if (!in) + goto err; + + /* Parse message */ + cms = SMIME_read_CMS(in, NULL); + + if (!cms) + goto err; + + out = BIO_new_file("decout.txt", "w"); + if (!out) + goto err; + + /* Decrypt S/MIME message */ + if (!CMS_decrypt(cms, rkey, rcert, NULL, out, 0)) + goto err; + + ret = 0; + + err: + + if (ret) { + fprintf(stderr, "Error Decrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + CMS_ContentInfo_free(cms); + X509_free(rcert); + EVP_PKEY_free(rkey); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_denc.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_denc.c new file mode 100644 index 000000000..adba69b96 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_denc.c @@ -0,0 +1,97 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * S/MIME detached data encrypt example: rarely done but should the need + * arise this is an example.... + */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL; + X509 *rcert = NULL; + STACK_OF(X509) *recips = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + int flags = CMS_STREAM | CMS_DETACHED; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!rcert) + goto err; + + /* Create recipient STACK and add recipient cert to it */ + recips = sk_X509_new_null(); + + if (!recips || !sk_X509_push(recips, rcert)) + goto err; + + /* + * sk_X509_pop_free will free up recipient STACK and its contents so set + * rcert to NULL so it isn't freed up twice. + */ + rcert = NULL; + + /* Open content being encrypted */ + + in = BIO_new_file("encr.txt", "r"); + + dout = BIO_new_file("smencr.out", "wb"); + + if (!in) + goto err; + + /* encrypt content */ + cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags); + + if (!cms) + goto err; + + out = BIO_new_file("smencr.pem", "w"); + if (!out) + goto err; + + if (!CMS_final(cms, in, dout, flags)) + goto err; + + /* Write out CMS structure without content */ + if (!PEM_write_bio_CMS(out, cms)) + goto err; + + ret = 0; + + err: + + if (ret) { + fprintf(stderr, "Error Encrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + CMS_ContentInfo_free(cms); + X509_free(rcert); + sk_X509_pop_free(recips, X509_free); + BIO_free(in); + BIO_free(out); + BIO_free(dout); + BIO_free(tbio); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_enc.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_enc.c new file mode 100644 index 000000000..4d17d720c --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_enc.c @@ -0,0 +1,92 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Simple S/MIME encrypt example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + STACK_OF(X509) *recips = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + /* + * On OpenSSL 1.0.0 and later only: + * for streaming set CMS_STREAM + */ + int flags = CMS_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!rcert) + goto err; + + /* Create recipient STACK and add recipient cert to it */ + recips = sk_X509_new_null(); + + if (!recips || !sk_X509_push(recips, rcert)) + goto err; + + /* + * sk_X509_pop_free will free up recipient STACK and its contents so set + * rcert to NULL so it isn't freed up twice. + */ + rcert = NULL; + + /* Open content being encrypted */ + + in = BIO_new_file("encr.txt", "r"); + + if (!in) + goto err; + + /* encrypt content */ + cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags); + + if (!cms) + goto err; + + out = BIO_new_file("smencr.txt", "w"); + if (!out) + goto err; + + /* Write out S/MIME message */ + if (!SMIME_write_CMS(out, cms, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) { + fprintf(stderr, "Error Encrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + CMS_ContentInfo_free(cms); + X509_free(rcert); + sk_X509_pop_free(recips, X509_free); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_sign.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_sign.c new file mode 100644 index 000000000..15bd5b8dd --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_sign.c @@ -0,0 +1,88 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Simple S/MIME signing example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL; + EVP_PKEY *skey = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + /* + * For simple S/MIME signing use CMS_DETACHED. On OpenSSL 1.0.0 only: for + * streaming detached set CMS_DETACHED|CMS_STREAM for streaming + * non-detached set CMS_STREAM + */ + int flags = CMS_DETACHED | CMS_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in signer certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert || !skey) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + cms = CMS_sign(scert, skey, NULL, in, flags); + + if (!cms) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + if (!(flags & CMS_STREAM)) + BIO_reset(in); + + /* Write out S/MIME message */ + if (!SMIME_write_CMS(out, cms, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + CMS_ContentInfo_free(cms); + X509_free(scert); + EVP_PKEY_free(skey); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_sign2.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_sign2.c new file mode 100644 index 000000000..14ebf2777 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_sign2.c @@ -0,0 +1,98 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* S/MIME signing example: 2 signers */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL, *scert2 = NULL; + EVP_PKEY *skey = NULL, *skey2 = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + BIO_free(tbio); + + tbio = BIO_new_file("signer2.pem", "r"); + + if (!tbio) + goto err; + + scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert2 || !skey2) + goto err; + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM | CMS_PARTIAL); + + if (!cms) + goto err; + + /* Add each signer in turn */ + + if (!CMS_add1_signer(cms, scert, skey, NULL, 0)) + goto err; + + if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0)) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + /* NB: content included and finalized by SMIME_write_CMS */ + + if (!SMIME_write_CMS(out, cms, in, CMS_STREAM)) + goto err; + + ret = 0; + + err: + + if (ret) { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + CMS_ContentInfo_free(cms); + X509_free(scert); + EVP_PKEY_free(skey); + X509_free(scert2); + EVP_PKEY_free(skey2); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_uncomp.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_uncomp.c new file mode 100644 index 000000000..3e3b4c4c6 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_uncomp.c @@ -0,0 +1,58 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Simple S/MIME uncompression example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Open compressed content */ + + in = BIO_new_file("smcomp.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + cms = SMIME_read_CMS(in, NULL); + + if (!cms) + goto err; + + out = BIO_new_file("smuncomp.txt", "w"); + if (!out) + goto err; + + /* Uncompress S/MIME message */ + if (!CMS_uncompress(cms, out, NULL, 0)) + goto err; + + ret = 0; + + err: + + if (ret) { + fprintf(stderr, "Error Uncompressing Data\n"); + ERR_print_errors_fp(stderr); + } + + CMS_ContentInfo_free(cms); + BIO_free(in); + BIO_free(out); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_ver.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_ver.c new file mode 100644 index 000000000..43c10e251 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/cms_ver.c @@ -0,0 +1,85 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Simple S/MIME verification example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL; + X509_STORE *st = NULL; + X509 *cacert = NULL; + CMS_ContentInfo *cms = NULL; + + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Set up trusted CA certificate store */ + + st = X509_STORE_new(); + + /* Read in CA certificate */ + tbio = BIO_new_file("cacert.pem", "r"); + + if (!tbio) + goto err; + + cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!cacert) + goto err; + + if (!X509_STORE_add_cert(st, cacert)) + goto err; + + /* Open message being verified */ + + in = BIO_new_file("smout.txt", "r"); + + if (!in) + goto err; + + /* parse message */ + cms = SMIME_read_CMS(in, &cont); + + if (!cms) + goto err; + + /* File to output verified content to */ + out = BIO_new_file("smver.txt", "w"); + if (!out) + goto err; + + if (!CMS_verify(cms, NULL, st, cont, out, 0)) { + fprintf(stderr, "Verification Failure\n"); + goto err; + } + + fprintf(stderr, "Verification Successful\n"); + + ret = 0; + + err: + + if (ret) { + fprintf(stderr, "Error Verifying Data\n"); + ERR_print_errors_fp(stderr); + } + + CMS_ContentInfo_free(cms); + X509_free(cacert); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/comp.txt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/comp.txt new file mode 100644 index 000000000..1672328e7 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/comp.txt @@ -0,0 +1,22 @@ +Content-type: text/plain + +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/encr.txt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/encr.txt new file mode 100644 index 000000000..0eceb407b --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/encr.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Sample OpenSSL Data for CMS encryption diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/sign.txt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/sign.txt new file mode 100644 index 000000000..c3f9d73d6 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/sign.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Test OpenSSL CMS Signed Content diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/signer.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/signer.pem new file mode 100644 index 000000000..4bbf7a69f --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/signer.pem @@ -0,0 +1,52 @@ +-----BEGIN CERTIFICATE----- +MIIELDCCApSgAwIBAgIIcsOElVeHzfQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDExIDAeBgkqhkiG9w0BCQEWEXRlc3QxQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vvSgaL1 +byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhhNo6SK1Mp8daQ0MZoMzbT1aKp +JTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6rirB390fuL4qt5PiAb571QFtu +L8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk5K37QYKaAB6ItWR5KhjiAuDt +zsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WWh+idKErtmYSinmhE0H7+yoJB +s1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+RjCgK8cRSCpg6VQr+ZTii6k7C +m9CP81QhUoV3QwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUg1DE7OaNqMQQ +8Z1bvjhnlisxfsMwHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAGxAivCwPsAYmMZfVJTELWNNMBzKzmeRvrp6k/6S74Pw +LDEhTnslCV4U1gTSd3nQ+LRm1fkzxLA12A/rlqN51P8B+hyVSMN9dj54YUcFd+KO +XhkSDrSpph6hRqGy8zqELzlb1Q8yoIBclEmyv+CkXMrpnm+4JL4kzyj/iBRkZTDz +ns15jJD9KHgrOnclaoDRkOT6lGbsd3j+aviKEj8ZILufSMw+W2YORy3nSAencjbO +ezivVujqm+pjkfqdCS1HcFB7LhQEILfFqkssw8YmtJVrM9LF8VIcqueXbVZmeS/1 +QV5B7OEmtsM+NkoLF5ldWdPQvmftbShh+AAlpcsmqiRefQgA3aQn6YOnOHnnQwgB +oQRNjQXsjgxV4t2HFYpwkK41kx4HToVGciPNMkndzfY/GJmgXsXfB6/AfUfhLTDv +tbws1MZhaCNOffw3/SVS2nLREMFCGn5uAgNkqssWqeWJu3910XF640tqPBj5YGFc +fykwWNhG5xS04EHpztgKdQ== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1vvSgaL1byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhh +No6SK1Mp8daQ0MZoMzbT1aKpJTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6r +irB390fuL4qt5PiAb571QFtuL8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk +5K37QYKaAB6ItWR5KhjiAuDtzsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WW +h+idKErtmYSinmhE0H7+yoJBs1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+R +jCgK8cRSCpg6VQr+ZTii6k7Cm9CP81QhUoV3QwIDAQABAoIBAQC6LCWmIisNcmgK +RmOvbszKc0sYYj7eOGl8EgbHR2xUA2hNNk4pYtnuLvzZ84hBZDCEeWyFS3HTRuql +z/QhDl6mc1k0pXtsXkNHQlIamksbVvHPnzIKzrt1J5N7FEt3SERhZXTZoNQRB6di +k7qdK+YmhdZtucnt0GrPisaJaf0yU/EjLuX+MU/0Xrc23lVhR3yqYhaOhWvrxTHM +evykI0kOL+gU58eN2eWE4ELjS2z+njKDqcEyeIy00FdBAtCoKjMsWpRytKNmcFm9 +LdtMmizskF8VS3+XsDbkseIODx1xJ65IFmHHMV2xLG5/+bQppkB8JuE3EDrtFiUJ +lGdfmBlxAoGBAP3Asg0drdunv7imeEOGpyj5JwF1hCVQ71IBGdqTr3aPqOlDH/io +up7t+VBuSLqj1P20HygNjow+ALw/Ko+a0icodg7QA2Co0/RiBwa+u2SgpYDqC9Kt +KIdRcv+NXkhXF/DLIn0jJvI53OtKsbgTv/C+aCipblofnO9sF4AhShq1AoGBANjj +Ou0czloNORbk3qAxLi4b5P/YOyZBJDa0zijFdD1jImfOeyNFXeg2ID+8ZjDkP/eP +pLy/Gt/8bVb+O+9wMOho3kWKZBN3O2VsLJYakAehDsC5ax7i2HtEqg1L1krW2duS +POiKg3qNjETM30zTA4pHwkNAETIktResze7SRm0XAoGABH7KaLMS5mZFXjcMwF19 +TpuDVmJHkgWqB7DfTWD6ZcZLvr4irdwHWlNq7ELX5P6MAmaTerkqwk9C4hLYZSzf +9jOgS8jhlm/HOXgXGcZ9OV4jMHJ0/Sl2I1eNCvvtJKjuUqS2mrLpuLbPtBdhqJoo +91HYNIgz3ULcG921WN6+GlUCgYEA066T6LDgxgt52NpwXrEhfWdETmDg+ilCCxLU +0/5DwVZsUhy5Gmeti+Kn/w0GQFnGBP1xr7ZlqI9auDlSjhNV6L/RkNXNbyJEGm1F +5wrt4ERVfcx6vJ5y43zU7D1EXa7s2t0UDXKDeK2GZe//UZ/yKJh5BeIV5nblOMI0 +DA+3JOkCgYEA80QGLjGlCvxKceVbuohbIZ1+/EoXPq993ER9S8D2MTGATsEcygtF +rM8JcHTv75sjycqu68BAQr1Z5qwwrMyY0vWVEorKzvAXEWolC67asR4cDutOd+qy +WlEIyojX45GwHCHpcbVRiGRWuj3kwkc+WzdgusBoAJrPCigES/Cr8uA= +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/signer2.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/signer2.pem new file mode 100644 index 000000000..52827297e --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/cms/signer2.pem @@ -0,0 +1,52 @@ +-----BEGIN CERTIFICATE----- +MIIELDCCApSgAwIBAgIIcsOElVeHzfUwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDIxIDAeBgkqhkiG9w0BCQEWEXRlc3QyQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ledrM9R +3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjDAY5KswavKKa3vZxoUz2omNSg +4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr2DCdCdbRhCWoiS/ba5tKIhlb +gFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjDKhUi0ukVDYHDd9+FtNM3H1t3 +AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsEyzKesft3NFd1AcVY9W5MRCK4 +lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzALyT0LXNx6w3kSfx0TLdNjXLD +O9a2dzwhHhPtCQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYJEUXnMb/ux0 +WrzSh+bnhpi6GS0wHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAFbrwfsSciDFI97c7oqS8jtxOSa3c4B7xhmcgUkYCiaD +7mbZuqTUf4ltJJZXP/TJ44fhL0zVAvRXSXw1LE3YvLGOlBc6dM3D7DyL5pfUTUBY +ICt+NLfG5iHtkiZPPSfK2t5f4UGFwU/ERT62sLu4keLI5igi9J2jKSykN3u5SQ3s +Zsennow5zUsFkcz9hkB4RczlHRogA0SgVhELQbN1nYIqJJDRFZL+CmarDRTFMilk +7dXCacw6xt9vIc3ZXO+pu2g1ezgSPwOoUykQcL3UhAEIIyt+TRe3fafh5TXwd8tr +FAecAuz5Mqsmek5nEW9ZeYmxNz5VFwc4F61y4xFj7lI0frLCCAu3gVoqiQrW+WwR +e27z1Nm4uUcduFqj45Pu2eTyV3LZtLUbFvL5ZSPUCSk1wVmC2otX8ksFDDTO1rIy +l5Qd1g1P8bLuj8NG98J2zVOabtaxYCAIBPZ3dUh2eNrPKoLAvrgKh1MH+K2Eh5Oy +z1T4Eu+e5Kq/uQkZpI5QzA== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA1ledrM9R3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjD +AY5KswavKKa3vZxoUz2omNSg4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr +2DCdCdbRhCWoiS/ba5tKIhlbgFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjD +KhUi0ukVDYHDd9+FtNM3H1t3AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsE +yzKesft3NFd1AcVY9W5MRCK4lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzA +LyT0LXNx6w3kSfx0TLdNjXLDO9a2dzwhHhPtCQIDAQABAoIBAGMEGJfTMiwS+979 +ph3GeJjRGO0JQAk1TYiDvcpbZiItJg9YSOV4GTP4u4PY+HqEPYFus2relu/mx2Iy +4kb9zCqNLmvSQ67M8pdrSJ093pEPJlvAPbmiQ3lfHmyghOnTDNb55tY3xphVZQmI +I7HxM9ydO4skva6NXNgGwLDvYBFc6z6d95ai/WEFWHOt5Mt7OVOWAHQ0lAOofWLA +2BwKmrQnCwMvm1TMoKaAU/ngTToUGBMIN1HwRcY6qDraZte5o3EDRABHB78OHrSu +I/Eoi//5C8A7iZ5Y189lMbahIN6xVMwHwwIqLptTV2GNZOKSiIXnM06vIf4CPZKl +3VlwBgECgYEA/BKnn23KtefA906QNkrIOXASLEE1T77NlTYIRDTsUoz6XTVSvOCI +ARxdsoLwFko5ICMhti9S/1G/MYH0BoJN8rbzvjmZDfwF612p0AYALyBlRgW+ID9L +41CJQcLWxeiQd/GcrUZmudVNUGXa8nsNHmFleGLchXeqU7M6fljJOkECgYEA2a56 +yvYQgMF/SIPkxU1+WcQC6+JGc+ax220/lysBsDb4SkXomfGtFWbenxwamuQu+n67 +DJWi9oJIi9Vj4eKOXS6vjCAkYeLgCpK6S26frPtxJuZwl/lF7mFl8Z4ZnJeiFJ4h +AXt5r9vqnOZtCnLqRRAlqF5OswWgv/mhJ6jpMMkCgYBMPaAxWlXLexMkOcDoiunQ +ZZM5i2eCfSVVEgiiCJfJyBYZhv1FX2wDWf8E9RGEzGJG1BloLxwdWS5I3RNfvJ2y +4Z8LVAR09Fsd+zBXWNlJZ7T53tbIjhx33m4FU9b9+P9pJ8zJo9eCMX+253e3i3xG +ShMUvGIShEUiF72DZXtHgQKBgDi867CfNmn5BW4nQqfSrQ5EsuY80lQ/WzhwX1TN +luERUuI5GomVnqGncHtUXfLlawFLqwF6t0E9cB9SfXhRDv5mvsbtUc5Zzj+zQu+K +ZAA4gaO8CLjz9jBOHr49kTtpootxM/Uo8+zMi3hd7yn8Def2b3pVKnorC10+eazW +sAFRAoGAet6fQbQD+4vZ1oukZcZhmVlIWTSZJ1vAGCcT/3E40pqpPY+Ho56Lcwh0 +9f4TAykuGwFgqvZvR8yD2gpuISYGYplWqa1N6qxMaiVzmY5q1XW+O74xRH5Kz5fr +D+3j2x4EiyG7AYyZMOphDtBd/TSQQMYmGW6PiyM9ceIVnDK1Dd4= +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/engines/e_chil.txt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/engines/e_chil.txt new file mode 100644 index 000000000..dc7076ba4 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/engines/e_chil.txt @@ -0,0 +1,12 @@ +HWCRHK_F_BIND_HELPER 110 +HWCRHK_F_HWCRHK_CTRL 100 +HWCRHK_F_HWCRHK_FINISH 101 +HWCRHK_F_HWCRHK_GET_PASS 102 +HWCRHK_F_HWCRHK_INIT 103 +HWCRHK_F_HWCRHK_INSERT_CARD 104 +HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105 +HWCRHK_F_HWCRHK_LOAD_PUBKEY 106 +HWCRHK_F_HWCRHK_MOD_EXP 107 +HWCRHK_F_HWCRHK_MUTEX_INIT 111 +HWCRHK_F_HWCRHK_RAND_BYTES 108 +HWCRHK_F_HWCRHK_RSA_MOD_EXP 109 diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/evp/Makefile b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/evp/Makefile new file mode 100644 index 000000000..c2e10a1de --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/evp/Makefile @@ -0,0 +1,23 @@ +# Quick instruction: +# To build against an OpenSSL built in the source tree, do this: +# +# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../.. +# +# To run the demos when linked with a shared library (default): +# +# LD_LIBRARY_PATH=../.. ./aesccm +# LD_LIBRARY_PATH=../.. ./aesgcm + +CFLAGS = $(OPENSSL_INCS_LOCATION) +LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto + +all: aesccm aesgcm + +aesccm: aesccm.o +aesgcm: aesgcm.o + +aesccm aesgcm: + $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) + +clean: + $(RM) aesccm aesgcm *.o diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/evp/aesccm.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/evp/aesccm.c new file mode 100644 index 000000000..cc4d0b5ee --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/evp/aesccm.c @@ -0,0 +1,125 @@ +/* + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Simple AES CCM test program, uses the same NIST data used for the FIPS + * self test but uses the application level EVP APIs. + */ +#include <stdio.h> +#include <openssl/bio.h> +#include <openssl/evp.h> + +/* AES-CCM test data from NIST public test vectors */ + +static const unsigned char ccm_key[] = { + 0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6, + 0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8 +}; + +static const unsigned char ccm_nonce[] = { + 0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7 +}; + +static const unsigned char ccm_adata[] = { + 0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7, + 0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5, + 0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4 +}; + +static const unsigned char ccm_pt[] = { + 0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f, + 0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10 +}; + +static const unsigned char ccm_ct[] = { + 0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2, + 0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd +}; + +static const unsigned char ccm_tag[] = { + 0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44, + 0x14, 0xdb, 0x50, 0x6d +}; + +void aes_ccm_encrypt(void) +{ + EVP_CIPHER_CTX *ctx; + int outlen, tmplen; + unsigned char outbuf[1024]; + printf("AES CCM Encrypt:\n"); + printf("Plaintext:\n"); + BIO_dump_fp(stdout, ccm_pt, sizeof(ccm_pt)); + ctx = EVP_CIPHER_CTX_new(); + /* Set cipher type and mode */ + EVP_EncryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL); + /* Set nonce length if default 96 bits is not appropriate */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce), + NULL); + /* Set tag length */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(ccm_tag), NULL); + /* Initialise key and IV */ + EVP_EncryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce); + /* Set plaintext length: only needed if AAD is used */ + EVP_EncryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_pt)); + /* Zero or one call to specify any AAD */ + EVP_EncryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata)); + /* Encrypt plaintext: can only be called once */ + EVP_EncryptUpdate(ctx, outbuf, &outlen, ccm_pt, sizeof(ccm_pt)); + /* Output encrypted block */ + printf("Ciphertext:\n"); + BIO_dump_fp(stdout, outbuf, outlen); + /* Finalise: note get no output for CCM */ + EVP_EncryptFinal_ex(ctx, outbuf, &outlen); + /* Get tag */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf); + /* Output tag */ + printf("Tag:\n"); + BIO_dump_fp(stdout, outbuf, 16); + EVP_CIPHER_CTX_free(ctx); +} + +void aes_ccm_decrypt(void) +{ + EVP_CIPHER_CTX *ctx; + int outlen, tmplen, rv; + unsigned char outbuf[1024]; + printf("AES CCM Derypt:\n"); + printf("Ciphertext:\n"); + BIO_dump_fp(stdout, ccm_ct, sizeof(ccm_ct)); + ctx = EVP_CIPHER_CTX_new(); + /* Select cipher */ + EVP_DecryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL); + /* Set nonce length, omit for 96 bits */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce), + NULL); + /* Set expected tag value */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + sizeof(ccm_tag), (void *)ccm_tag); + /* Specify key and IV */ + EVP_DecryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce); + /* Set ciphertext length: only needed if we have AAD */ + EVP_DecryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_ct)); + /* Zero or one call to specify any AAD */ + EVP_DecryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata)); + /* Decrypt plaintext, verify tag: can only be called once */ + rv = EVP_DecryptUpdate(ctx, outbuf, &outlen, ccm_ct, sizeof(ccm_ct)); + /* Output decrypted block: if tag verify failed we get nothing */ + if (rv > 0) { + printf("Plaintext:\n"); + BIO_dump_fp(stdout, outbuf, outlen); + } else + printf("Plaintext not available: tag verify failed.\n"); + EVP_CIPHER_CTX_free(ctx); +} + +int main(int argc, char **argv) +{ + aes_ccm_encrypt(); + aes_ccm_decrypt(); +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/evp/aesgcm.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/evp/aesgcm.c new file mode 100644 index 000000000..3cef27f99 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/evp/aesgcm.c @@ -0,0 +1,121 @@ +/* + * Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Simple AES GCM test program, uses the same NIST data used for the FIPS + * self test but uses the application level EVP APIs. + */ +#include <stdio.h> +#include <openssl/bio.h> +#include <openssl/evp.h> + +/* AES-GCM test data from NIST public test vectors */ + +static const unsigned char gcm_key[] = { + 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66, + 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, + 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f +}; + +static const unsigned char gcm_iv[] = { + 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84 +}; + +static const unsigned char gcm_pt[] = { + 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea, + 0xcc, 0x2b, 0xf2, 0xa5 +}; + +static const unsigned char gcm_aad[] = { + 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43, + 0x7f, 0xec, 0x78, 0xde +}; + +static const unsigned char gcm_ct[] = { + 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e, + 0xb9, 0xf2, 0x17, 0x36 +}; + +static const unsigned char gcm_tag[] = { + 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62, + 0x98, 0xf7, 0x7e, 0x0c +}; + +void aes_gcm_encrypt(void) +{ + EVP_CIPHER_CTX *ctx; + int outlen, tmplen; + unsigned char outbuf[1024]; + printf("AES GCM Encrypt:\n"); + printf("Plaintext:\n"); + BIO_dump_fp(stdout, gcm_pt, sizeof(gcm_pt)); + ctx = EVP_CIPHER_CTX_new(); + /* Set cipher type and mode */ + EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL); + /* Set IV length if default 96 bits is not appropriate */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL); + /* Initialise key and IV */ + EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv); + /* Zero or more calls to specify any AAD */ + EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad)); + /* Encrypt plaintext */ + EVP_EncryptUpdate(ctx, outbuf, &outlen, gcm_pt, sizeof(gcm_pt)); + /* Output encrypted block */ + printf("Ciphertext:\n"); + BIO_dump_fp(stdout, outbuf, outlen); + /* Finalise: note get no output for GCM */ + EVP_EncryptFinal_ex(ctx, outbuf, &outlen); + /* Get tag */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf); + /* Output tag */ + printf("Tag:\n"); + BIO_dump_fp(stdout, outbuf, 16); + EVP_CIPHER_CTX_free(ctx); +} + +void aes_gcm_decrypt(void) +{ + EVP_CIPHER_CTX *ctx; + int outlen, tmplen, rv; + unsigned char outbuf[1024]; + printf("AES GCM Decrypt:\n"); + printf("Ciphertext:\n"); + BIO_dump_fp(stdout, gcm_ct, sizeof(gcm_ct)); + ctx = EVP_CIPHER_CTX_new(); + /* Select cipher */ + EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL); + /* Set IV length, omit for 96 bits */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL); + /* Specify key and IV */ + EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv); + /* Zero or more calls to specify any AAD */ + EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad)); + /* Decrypt plaintext */ + EVP_DecryptUpdate(ctx, outbuf, &outlen, gcm_ct, sizeof(gcm_ct)); + /* Output decrypted block */ + printf("Plaintext:\n"); + BIO_dump_fp(stdout, outbuf, outlen); + /* Set expected tag value. */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), + (void *)gcm_tag); + /* Finalise: note get no output for GCM */ + rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen); + /* + * Print out return value. If this is not successful authentication + * failed and plaintext is not trustworthy. + */ + printf("Tag Verify %s\n", rv > 0 ? "Successful!" : "Failed!"); + EVP_CIPHER_CTX_free(ctx); +} + +int main(int argc, char **argv) +{ + aes_gcm_encrypt(); + aes_gcm_decrypt(); +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/pkcs12/pkread.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/pkcs12/pkread.c new file mode 100644 index 000000000..e5f78f1b3 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/pkcs12/pkread.c @@ -0,0 +1,111 @@ +/* + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include <stdlib.h> +#include <openssl/pem.h> +#include <openssl/err.h> +#include <openssl/pkcs12.h> + +/* Simple PKCS#12 file reader */ + +static char *find_friendly_name(PKCS12 *p12) +{ + STACK_OF(PKCS7) *safes; + int n, m; + char *name = NULL; + PKCS7 *safe; + STACK_OF(PKCS12_SAFEBAG) *bags; + PKCS12_SAFEBAG *bag; + + if ((safes = PKCS12_unpack_authsafes(p12)) == NULL) + return NULL; + + for (n = 0; n < sk_PKCS7_num(safes) && name == NULL; n++) { + safe = sk_PKCS7_value(safes, n); + if (OBJ_obj2nid(safe->type) != NID_pkcs7_data + || (bags = PKCS12_unpack_p7data(safe)) == NULL) + continue; + + for (m = 0; m < sk_PKCS12_SAFEBAG_num(bags) && name == NULL; m++) { + bag = sk_PKCS12_SAFEBAG_value(bags, m); + name = PKCS12_get_friendlyname(bag); + } + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + } + + sk_PKCS7_pop_free(safes, PKCS7_free); + + return name; +} + +int main(int argc, char **argv) +{ + FILE *fp; + EVP_PKEY *pkey = NULL; + X509 *cert = NULL; + STACK_OF(X509) *ca = NULL; + PKCS12 *p12 = NULL; + char *name = NULL; + int i, ret = EXIT_FAILURE; + + if (argc != 4) { + fprintf(stderr, "Usage: pkread p12file password opfile\n"); + exit(EXIT_FAILURE); + } + + if ((fp = fopen(argv[1], "rb")) == NULL) { + fprintf(stderr, "Error opening file %s\n", argv[1]); + exit(EXIT_FAILURE); + } + p12 = d2i_PKCS12_fp(fp, NULL); + fclose(fp); + if (p12 == NULL) { + fprintf(stderr, "Error reading PKCS#12 file\n"); + ERR_print_errors_fp(stderr); + goto err; + } + if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) { + fprintf(stderr, "Error parsing PKCS#12 file\n"); + ERR_print_errors_fp(stderr); + goto err; + } + name = find_friendly_name(p12); + PKCS12_free(p12); + if ((fp = fopen(argv[3], "w")) == NULL) { + fprintf(stderr, "Error opening file %s\n", argv[1]); + goto err; + } + if (name != NULL) + fprintf(fp, "***Friendly Name***\n%s\n", name); + if (pkey != NULL) { + fprintf(fp, "***Private Key***\n"); + PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL); + } + if (cert != NULL) { + fprintf(fp, "***User Certificate***\n"); + PEM_write_X509_AUX(fp, cert); + } + if (ca != NULL && sk_X509_num(ca) > 0) { + fprintf(fp, "***Other Certificates***\n"); + for (i = 0; i < sk_X509_num(ca); i++) + PEM_write_X509_AUX(fp, sk_X509_value(ca, i)); + } + fclose(fp); + + ret = EXIT_SUCCESS; + + err: + OPENSSL_free(name); + X509_free(cert); + EVP_PKEY_free(pkey); + sk_X509_pop_free(ca, X509_free); + + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/pkcs12/pkwrite.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/pkcs12/pkwrite.c new file mode 100644 index 000000000..e14cf8327 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/pkcs12/pkwrite.c @@ -0,0 +1,53 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include <stdlib.h> +#include <openssl/pem.h> +#include <openssl/err.h> +#include <openssl/pkcs12.h> + +/* Simple PKCS#12 file creator */ + +int main(int argc, char **argv) +{ + FILE *fp; + EVP_PKEY *pkey; + X509 *cert; + PKCS12 *p12; + if (argc != 5) { + fprintf(stderr, "Usage: pkwrite infile password name p12file\n"); + exit(1); + } + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + if ((fp = fopen(argv[1], "r")) == NULL) { + fprintf(stderr, "Error opening file %s\n", argv[1]); + exit(1); + } + cert = PEM_read_X509(fp, NULL, NULL, NULL); + rewind(fp); + pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0, 0, 0, 0, 0); + if (!p12) { + fprintf(stderr, "Error creating PKCS#12 structure\n"); + ERR_print_errors_fp(stderr); + exit(1); + } + if ((fp = fopen(argv[4], "wb")) == NULL) { + fprintf(stderr, "Error opening file %s\n", argv[1]); + ERR_print_errors_fp(stderr); + exit(1); + } + i2d_PKCS12_fp(fp, p12); + PKCS12_free(p12); + fclose(fp); + return 0; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/cacert.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/cacert.pem new file mode 100644 index 000000000..1949fc33a --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/cacert.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA26gAwIBAgIUM/WihZJZUTZvqoyNaUlp59DOaWYwDQYJKoZIhvcNAQEL +BQAwVzELMAkGA1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwN +T3BlblNTTCBHcm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0x +ODA2MTQxMjQ2MjhaGA8yMTE4MDYxNDEyNDYyOFowVzELMAkGA1UEBhMCVUsxEjAQ +BgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEcMBoGA1UE +AwwTVGVzdCBTL01JTUUgUm9vdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC +AYoCggGBAMzxOVHZFVxN9XQIVW3y1bK5ir3jKpKkU6zKrw8MdRvm233eqWSOYJvs +3rgdT59iv+CaPcBT5offbP0eH43H96CubJji/vQLMUzc/cLrJuCbLHREbSCsFNpf +lYw5mkT98dCFV66HuN6Nwqi5kW8TxGSXkD4OZqklbbicrXoXh5qhREID5hgbrijy +BiIHyp6bDq5zUCcmHP/Gdw2aTMEQZNsdw4MavtB65vI7dYxo2zEzdmJ3NnjlG7qZ +6Od6V4IW8yRAK9GLj0TUCZl28pq6rNio+F5Lst3clX9PDxh7LphNrXXYiHjXp2Kn +LZbOnz1SJSmCeisy/EFN6fRtwdwqcM1AcKNBU+UqFq0Mv0sgNdRwghYWGQht0mT9 ++Pg5HxTzDlOOmBT1kAduxJNLiRQlgysPDN94Os0EpzJyA87Z6yJRGvYGZ5mrdfx2 +8p6bHptf46h1WzCX4wDy2J86y+odgWMnSkmF9h8ySj66rgmLrz40n+mDm8bhUblK +AV8IqN8WmQIDAQABo4HHMIHEMB0GA1UdDgQWBBSkmMaBYQPTEGcqe1maU2IDOMLQ +ezCBlAYDVR0jBIGMMIGJgBSkmMaBYQPTEGcqe1maU2IDOMLQe6FbpFkwVzELMAkG +A1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBH +cm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQYIUM/WihZJZUTZvqoyN +aUlp59DOaWYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAqP1CQRGM +roHvk6dhI4ElNae5seRdSQNTtwAhlP1RoSoFz8xybMgDksKE07t77gDsKvU2SuXV +fdICqVpjpN9cRYKM6VmiREdU6OGsPQ74u4sOg4cT/tuou0RsD/uQaznb5NOvo2T0 +8rmX0Ai3+lbEuMBCaGNU0KYJifYy4QrSqEapq4W3NbqH85msOiKHEDh1vz9IWz6z +WKjdv9lst56XuLTZrJ/O0T0qD6aMXyqK6ZART/FELjDXc+9Ey4TH+msOEKq0uQWt +y7Grfmz52dTnAjBw+6/ggE9sA8Wo6DhwbEUaOA9BB5YP+XWsIkUUbiVHU7D8TyiE +KHt2DkaWvjl1/RdtzQUO/vGI4yuFTZfLf23KcwgtHJI3JxLNAMLM3I2jmoWhKm/d +GkVYsGH1GWonv0UTv/TKlOXaTYWK9fQVoYkFc+FrwUd2lev5FizJNigL9qatGyRZ +giJmWWlf0bMMIxwWZzQswxLyKdkNlvkKf9T6BjEmGLeOHZCn0x2sOyUi +-----END CERTIFICATE----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/cakey.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/cakey.pem new file mode 100644 index 000000000..486c975b7 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/cakey.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5QIBAAKCAYEAzPE5UdkVXE31dAhVbfLVsrmKveMqkqRTrMqvDwx1G+bbfd6p +ZI5gm+zeuB1Pn2K/4Jo9wFPmh99s/R4fjcf3oK5smOL+9AsxTNz9wusm4JssdERt +IKwU2l+VjDmaRP3x0IVXroe43o3CqLmRbxPEZJeQPg5mqSVtuJyteheHmqFEQgPm +GBuuKPIGIgfKnpsOrnNQJyYc/8Z3DZpMwRBk2x3Dgxq+0Hrm8jt1jGjbMTN2Ync2 +eOUbupno53pXghbzJEAr0YuPRNQJmXbymrqs2Kj4Xkuy3dyVf08PGHsumE2tddiI +eNenYqctls6fPVIlKYJ6KzL8QU3p9G3B3CpwzUBwo0FT5SoWrQy/SyA11HCCFhYZ +CG3SZP34+DkfFPMOU46YFPWQB27Ek0uJFCWDKw8M33g6zQSnMnIDztnrIlEa9gZn +mat1/Hbynpsem1/jqHVbMJfjAPLYnzrL6h2BYydKSYX2HzJKPrquCYuvPjSf6YOb +xuFRuUoBXwio3xaZAgMBAAECggGBAJrqILzozke2ujpablEtBTITJHgC9lRgmMt9 +bjR+4ysTJ4kOvZbANPDIbVZY+a3uVEIv9UujYBgG4Hi4w3tF074G+xnaRIQuzbZf +OgaUABA527GLY74VtbGYHRAhHqbWGmrX0H6iIzE/kQw/MVr4YzTyiFsQQbPMEhNB +g7RNgvh0vIb2MYC5s71JrS8eGqAnb0KY8daV7ce9upJyt2Acx1AGQJqipegrbtVd +8q4PONkJIIyvtmJONNaprq8DAJDaTNdcZu7f7mymF5UFpp4Lh6raAvOZAZjgkPYW +PsX2uMAsYchXTmSDGOHNafqeyTS0UEaw6FRhpxzMoSxRXX4/RhjeShadYwHxbh7s +UwFU7S9EWlj8CjgGs00KFM1eMV0sEYsL8sRf7ZiWM5XJsmXKbRZjA5V+7OoSGElB +zJcERK6NFCISijApZlVveEVZS0qESivKd9bspOzbMdoJyjBW1LZdMH85YIwM8Dox +VqGR0QD3UP8RpZBRwTiFenqOpwARnQKBwQD1NBGcTxLLUUluEBG/TD9KM5sCnkm8 +cn5RomwTeBrUr9SXOJuUPa8RNLrAeosuWCrx9JkF25IBExQbbs1NRHuziOIOyI0+ +hvqP85zJln7kUDtiDMFfUdS8Q6PF3b3wJl6cbipowWwsahvUSkx3W8UWrzZHsvrO +LBtvEZdwetNWN50FK040uM6y/x71xfvUhlKBsuZBgDFU9aXJZAGpkCklZnByURN6 +LZudDQETdYo7/X8qqPlcHwHStGj9YXg/e38CgcEA1fdVA6s+KlRUGRTUDaUFPDji +MciTcvA3teXJWNAsFWd71oLT5eQNI50afF242ikTT6JuXFH0mMYKoVe/LFo7m2mf +uLcW4yM/FiKTkhnBQGm7KNqyvXB0T0DWTDSeS7hTzD6KjuJPf7JVH5I4In8jSKJd +3mzTA9keIosnxjX7EOsZNQd0+MKaJYHnvJsxYaoT9FXoONuyzQu96TQ8Q+fkVHXh +I/ENAw0qfoJ5mw5dQnU2UtjP6cSNVQ9Rsr48GNnnAoHBAJcI65AMZNc3yrMw0r2y +iYl7IBAMz/5zx7shANE9OcmoRJqhE7PMCvneMOo+kVyKkmlW8KrbBKQEzG3ZYjwl +4sxDlHrmrZnGKrBgrkK9oIuhn/JVSQcdsJwGTeqjG0vBVqWkdhrwiWESOvIYkeEz +dcLzScwAQtyb7ooLm+x8u5Bv0RhOBG4VJ7y5yKg6u1O9KTUarRnLjJd4eBYEs8Fu +Oun+n2TK6+RmE2Q5jmAeFne9PYdZbb+Ame7fkYwBbcAsoQKBwQC1KHQSZyp7LGsH +0Vq5Mr77/i2FeQ1eg4SnvaZ8S8UHWla/iIVgX3XAcYO7SJ76F00CX8SQ5dLyhrr5 +YBG8u6k8LHHPMzVtmqoPU7cePDAjGWIddQ1g15WihILsgqCD+8z3YPxvfa1RsOvh +jyt4Ca0WEmLnr7v5xhp9pNRIPewUpvjwrR+cfyeEGjjat4tX5Wh/tzym51y7vvVM +Pa3I0M3BtQyqIa2ip8MS2eWcIs1TN2qHOorOolwHaLEDZY38fIECgcAKns98A2G3 +tLvZaDZlVsJWZsdSDUrFCKvx9QbTZHbyOL5JU/8TgLBgfOgV2yxLXn9Pq+0Quvb2 +EjaFuA3GKOFi50WtfwR6Yo1DaFcx5n0bDShnaHOF+dUi0BVQd2V1DsqAwF5/Eh3A +lX+XuWeSam4/91WhmNMCZpfYv0GErs4ZBHHsl54jmvrrjbhg/efUvpWKi/9vlKm+ ++ITH+nG1xCnyEEVZ+vm9Qq57lCLBZGyGT4PetllpsRrGcdO4/gfK8lY= +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/encr.txt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/encr.txt new file mode 100644 index 000000000..f163a326e --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/encr.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Sample OpenSSL Data for PKCS#7 encryption diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/sign.txt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/sign.txt new file mode 100644 index 000000000..af1341d0a --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/sign.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Test OpenSSL Signed Content diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/signer.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/signer.pem new file mode 100644 index 000000000..4bbf7a69f --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/signer.pem @@ -0,0 +1,52 @@ +-----BEGIN CERTIFICATE----- +MIIELDCCApSgAwIBAgIIcsOElVeHzfQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDExIDAeBgkqhkiG9w0BCQEWEXRlc3QxQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vvSgaL1 +byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhhNo6SK1Mp8daQ0MZoMzbT1aKp +JTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6rirB390fuL4qt5PiAb571QFtu +L8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk5K37QYKaAB6ItWR5KhjiAuDt +zsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WWh+idKErtmYSinmhE0H7+yoJB +s1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+RjCgK8cRSCpg6VQr+ZTii6k7C +m9CP81QhUoV3QwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUg1DE7OaNqMQQ +8Z1bvjhnlisxfsMwHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAGxAivCwPsAYmMZfVJTELWNNMBzKzmeRvrp6k/6S74Pw +LDEhTnslCV4U1gTSd3nQ+LRm1fkzxLA12A/rlqN51P8B+hyVSMN9dj54YUcFd+KO +XhkSDrSpph6hRqGy8zqELzlb1Q8yoIBclEmyv+CkXMrpnm+4JL4kzyj/iBRkZTDz +ns15jJD9KHgrOnclaoDRkOT6lGbsd3j+aviKEj8ZILufSMw+W2YORy3nSAencjbO +ezivVujqm+pjkfqdCS1HcFB7LhQEILfFqkssw8YmtJVrM9LF8VIcqueXbVZmeS/1 +QV5B7OEmtsM+NkoLF5ldWdPQvmftbShh+AAlpcsmqiRefQgA3aQn6YOnOHnnQwgB +oQRNjQXsjgxV4t2HFYpwkK41kx4HToVGciPNMkndzfY/GJmgXsXfB6/AfUfhLTDv +tbws1MZhaCNOffw3/SVS2nLREMFCGn5uAgNkqssWqeWJu3910XF640tqPBj5YGFc +fykwWNhG5xS04EHpztgKdQ== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1vvSgaL1byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhh +No6SK1Mp8daQ0MZoMzbT1aKpJTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6r +irB390fuL4qt5PiAb571QFtuL8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk +5K37QYKaAB6ItWR5KhjiAuDtzsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WW +h+idKErtmYSinmhE0H7+yoJBs1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+R +jCgK8cRSCpg6VQr+ZTii6k7Cm9CP81QhUoV3QwIDAQABAoIBAQC6LCWmIisNcmgK +RmOvbszKc0sYYj7eOGl8EgbHR2xUA2hNNk4pYtnuLvzZ84hBZDCEeWyFS3HTRuql +z/QhDl6mc1k0pXtsXkNHQlIamksbVvHPnzIKzrt1J5N7FEt3SERhZXTZoNQRB6di +k7qdK+YmhdZtucnt0GrPisaJaf0yU/EjLuX+MU/0Xrc23lVhR3yqYhaOhWvrxTHM +evykI0kOL+gU58eN2eWE4ELjS2z+njKDqcEyeIy00FdBAtCoKjMsWpRytKNmcFm9 +LdtMmizskF8VS3+XsDbkseIODx1xJ65IFmHHMV2xLG5/+bQppkB8JuE3EDrtFiUJ +lGdfmBlxAoGBAP3Asg0drdunv7imeEOGpyj5JwF1hCVQ71IBGdqTr3aPqOlDH/io +up7t+VBuSLqj1P20HygNjow+ALw/Ko+a0icodg7QA2Co0/RiBwa+u2SgpYDqC9Kt +KIdRcv+NXkhXF/DLIn0jJvI53OtKsbgTv/C+aCipblofnO9sF4AhShq1AoGBANjj +Ou0czloNORbk3qAxLi4b5P/YOyZBJDa0zijFdD1jImfOeyNFXeg2ID+8ZjDkP/eP +pLy/Gt/8bVb+O+9wMOho3kWKZBN3O2VsLJYakAehDsC5ax7i2HtEqg1L1krW2duS +POiKg3qNjETM30zTA4pHwkNAETIktResze7SRm0XAoGABH7KaLMS5mZFXjcMwF19 +TpuDVmJHkgWqB7DfTWD6ZcZLvr4irdwHWlNq7ELX5P6MAmaTerkqwk9C4hLYZSzf +9jOgS8jhlm/HOXgXGcZ9OV4jMHJ0/Sl2I1eNCvvtJKjuUqS2mrLpuLbPtBdhqJoo +91HYNIgz3ULcG921WN6+GlUCgYEA066T6LDgxgt52NpwXrEhfWdETmDg+ilCCxLU +0/5DwVZsUhy5Gmeti+Kn/w0GQFnGBP1xr7ZlqI9auDlSjhNV6L/RkNXNbyJEGm1F +5wrt4ERVfcx6vJ5y43zU7D1EXa7s2t0UDXKDeK2GZe//UZ/yKJh5BeIV5nblOMI0 +DA+3JOkCgYEA80QGLjGlCvxKceVbuohbIZ1+/EoXPq993ER9S8D2MTGATsEcygtF +rM8JcHTv75sjycqu68BAQr1Z5qwwrMyY0vWVEorKzvAXEWolC67asR4cDutOd+qy +WlEIyojX45GwHCHpcbVRiGRWuj3kwkc+WzdgusBoAJrPCigES/Cr8uA= +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/signer2.pem b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/signer2.pem new file mode 100644 index 000000000..52827297e --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/signer2.pem @@ -0,0 +1,52 @@ +-----BEGIN CERTIFICATE----- +MIIELDCCApSgAwIBAgIIcsOElVeHzfUwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDIxIDAeBgkqhkiG9w0BCQEWEXRlc3QyQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ledrM9R +3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjDAY5KswavKKa3vZxoUz2omNSg +4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr2DCdCdbRhCWoiS/ba5tKIhlb +gFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjDKhUi0ukVDYHDd9+FtNM3H1t3 +AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsEyzKesft3NFd1AcVY9W5MRCK4 +lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzALyT0LXNx6w3kSfx0TLdNjXLD +O9a2dzwhHhPtCQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYJEUXnMb/ux0 +WrzSh+bnhpi6GS0wHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAFbrwfsSciDFI97c7oqS8jtxOSa3c4B7xhmcgUkYCiaD +7mbZuqTUf4ltJJZXP/TJ44fhL0zVAvRXSXw1LE3YvLGOlBc6dM3D7DyL5pfUTUBY +ICt+NLfG5iHtkiZPPSfK2t5f4UGFwU/ERT62sLu4keLI5igi9J2jKSykN3u5SQ3s +Zsennow5zUsFkcz9hkB4RczlHRogA0SgVhELQbN1nYIqJJDRFZL+CmarDRTFMilk +7dXCacw6xt9vIc3ZXO+pu2g1ezgSPwOoUykQcL3UhAEIIyt+TRe3fafh5TXwd8tr +FAecAuz5Mqsmek5nEW9ZeYmxNz5VFwc4F61y4xFj7lI0frLCCAu3gVoqiQrW+WwR +e27z1Nm4uUcduFqj45Pu2eTyV3LZtLUbFvL5ZSPUCSk1wVmC2otX8ksFDDTO1rIy +l5Qd1g1P8bLuj8NG98J2zVOabtaxYCAIBPZ3dUh2eNrPKoLAvrgKh1MH+K2Eh5Oy +z1T4Eu+e5Kq/uQkZpI5QzA== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA1ledrM9R3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjD +AY5KswavKKa3vZxoUz2omNSg4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr +2DCdCdbRhCWoiS/ba5tKIhlbgFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjD +KhUi0ukVDYHDd9+FtNM3H1t3AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsE +yzKesft3NFd1AcVY9W5MRCK4lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzA +LyT0LXNx6w3kSfx0TLdNjXLDO9a2dzwhHhPtCQIDAQABAoIBAGMEGJfTMiwS+979 +ph3GeJjRGO0JQAk1TYiDvcpbZiItJg9YSOV4GTP4u4PY+HqEPYFus2relu/mx2Iy +4kb9zCqNLmvSQ67M8pdrSJ093pEPJlvAPbmiQ3lfHmyghOnTDNb55tY3xphVZQmI +I7HxM9ydO4skva6NXNgGwLDvYBFc6z6d95ai/WEFWHOt5Mt7OVOWAHQ0lAOofWLA +2BwKmrQnCwMvm1TMoKaAU/ngTToUGBMIN1HwRcY6qDraZte5o3EDRABHB78OHrSu +I/Eoi//5C8A7iZ5Y189lMbahIN6xVMwHwwIqLptTV2GNZOKSiIXnM06vIf4CPZKl +3VlwBgECgYEA/BKnn23KtefA906QNkrIOXASLEE1T77NlTYIRDTsUoz6XTVSvOCI +ARxdsoLwFko5ICMhti9S/1G/MYH0BoJN8rbzvjmZDfwF612p0AYALyBlRgW+ID9L +41CJQcLWxeiQd/GcrUZmudVNUGXa8nsNHmFleGLchXeqU7M6fljJOkECgYEA2a56 +yvYQgMF/SIPkxU1+WcQC6+JGc+ax220/lysBsDb4SkXomfGtFWbenxwamuQu+n67 +DJWi9oJIi9Vj4eKOXS6vjCAkYeLgCpK6S26frPtxJuZwl/lF7mFl8Z4ZnJeiFJ4h +AXt5r9vqnOZtCnLqRRAlqF5OswWgv/mhJ6jpMMkCgYBMPaAxWlXLexMkOcDoiunQ +ZZM5i2eCfSVVEgiiCJfJyBYZhv1FX2wDWf8E9RGEzGJG1BloLxwdWS5I3RNfvJ2y +4Z8LVAR09Fsd+zBXWNlJZ7T53tbIjhx33m4FU9b9+P9pJ8zJo9eCMX+253e3i3xG +ShMUvGIShEUiF72DZXtHgQKBgDi867CfNmn5BW4nQqfSrQ5EsuY80lQ/WzhwX1TN +luERUuI5GomVnqGncHtUXfLlawFLqwF6t0E9cB9SfXhRDv5mvsbtUc5Zzj+zQu+K +ZAA4gaO8CLjz9jBOHr49kTtpootxM/Uo8+zMi3hd7yn8Def2b3pVKnorC10+eazW +sAFRAoGAet6fQbQD+4vZ1oukZcZhmVlIWTSZJ1vAGCcT/3E40pqpPY+Ho56Lcwh0 +9f4TAykuGwFgqvZvR8yD2gpuISYGYplWqa1N6qxMaiVzmY5q1XW+O74xRH5Kz5fr +D+3j2x4EiyG7AYyZMOphDtBd/TSQQMYmGW6PiyM9ceIVnDK1Dd4= +-----END RSA PRIVATE KEY----- diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smdec.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smdec.c new file mode 100644 index 000000000..c4d1b090d --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smdec.c @@ -0,0 +1,78 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Simple S/MIME signing example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!rcert || !rkey) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("smencr.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + p7 = SMIME_read_PKCS7(in, NULL); + + if (!p7) + goto err; + + out = BIO_new_file("encrout.txt", "w"); + if (!out) + goto err; + + /* Decrypt S/MIME message */ + if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) + goto err; + + ret = 0; + + err: + if (ret) { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + PKCS7_free(p7); + X509_free(rcert); + EVP_PKEY_free(rkey); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + + return ret; + +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smenc.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smenc.c new file mode 100644 index 000000000..5d36e9a49 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smenc.c @@ -0,0 +1,91 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Simple S/MIME encrypt example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + STACK_OF(X509) *recips = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + /* + * On OpenSSL 0.9.9 only: + * for streaming set PKCS7_STREAM + */ + int flags = PKCS7_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!rcert) + goto err; + + /* Create recipient STACK and add recipient cert to it */ + recips = sk_X509_new_null(); + + if (!recips || !sk_X509_push(recips, rcert)) + goto err; + + /* + * sk_X509_pop_free will free up recipient STACK and its contents so set + * rcert to NULL so it isn't freed up twice. + */ + rcert = NULL; + + /* Open content being encrypted */ + + in = BIO_new_file("encr.txt", "r"); + + if (!in) + goto err; + + /* encrypt content */ + p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); + + if (!p7) + goto err; + + out = BIO_new_file("smencr.txt", "w"); + if (!out) + goto err; + + /* Write out S/MIME message */ + if (!SMIME_write_PKCS7(out, p7, in, flags)) + goto err; + + ret = 0; + + err: + if (ret) { + fprintf(stderr, "Error Encrypting Data\n"); + ERR_print_errors_fp(stderr); + } + PKCS7_free(p7); + X509_free(rcert); + sk_X509_pop_free(recips, X509_free); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + return ret; + +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign.c new file mode 100644 index 000000000..ba0adb397 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign.c @@ -0,0 +1,88 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Simple S/MIME signing example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL; + EVP_PKEY *skey = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + /* + * For simple S/MIME signing use PKCS7_DETACHED. On OpenSSL 0.9.9 only: + * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM for streaming + * non-detached set PKCS7_STREAM + */ + int flags = PKCS7_DETACHED | PKCS7_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in signer certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert || !skey) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + p7 = PKCS7_sign(scert, skey, NULL, in, flags); + + if (!p7) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + if (!(flags & PKCS7_STREAM)) + BIO_reset(in); + + /* Write out S/MIME message */ + if (!SMIME_write_PKCS7(out, p7, in, flags)) + goto err; + + ret = 0; + + err: + if (ret) { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + PKCS7_free(p7); + X509_free(scert); + EVP_PKEY_free(skey); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + + return ret; + +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign2.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign2.c new file mode 100644 index 000000000..2b7f45b29 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smsign2.c @@ -0,0 +1,96 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL, *scert2 = NULL; + EVP_PKEY *skey = NULL, *skey2 = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + BIO_free(tbio); + + tbio = BIO_new_file("signer2.pem", "r"); + + if (!tbio) + goto err; + + scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert2 || !skey2) + goto err; + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM | PKCS7_PARTIAL); + + if (!p7) + goto err; + + /* Add each signer in turn */ + + if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0)) + goto err; + + if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0)) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + /* NB: content included and finalized by SMIME_write_PKCS7 */ + + if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM)) + goto err; + + ret = 0; + + err: + if (ret) { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + PKCS7_free(p7); + X509_free(scert); + EVP_PKEY_free(skey); + X509_free(scert2); + EVP_PKEY_free(skey2); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smver.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smver.c new file mode 100644 index 000000000..75411c40d --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/demos/smime/smver.c @@ -0,0 +1,83 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Simple S/MIME verification example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) +{ + BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL; + X509_STORE *st = NULL; + X509 *cacert = NULL; + PKCS7 *p7 = NULL; + + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Set up trusted CA certificate store */ + + st = X509_STORE_new(); + + /* Read in signer certificate and private key */ + tbio = BIO_new_file("cacert.pem", "r"); + + if (!tbio) + goto err; + + cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!cacert) + goto err; + + if (!X509_STORE_add_cert(st, cacert)) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("smout.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + p7 = SMIME_read_PKCS7(in, &cont); + + if (!p7) + goto err; + + /* File to output verified content to */ + out = BIO_new_file("smver.txt", "w"); + if (!out) + goto err; + + if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) { + fprintf(stderr, "Verification Failure\n"); + goto err; + } + + fprintf(stderr, "Verification Successful\n"); + + ret = 0; + + err: + if (ret) { + fprintf(stderr, "Error Verifying Data\n"); + ERR_print_errors_fp(stderr); + } + PKCS7_free(p7); + X509_free(cacert); + BIO_free(in); + BIO_free(out); + BIO_free(tbio); + return ret; +} |