1/* 2 * Portions Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") 3 * Portions Copyright (C) 1999-2002 Internet Software Consortium. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS 10 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE 12 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR 15 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 * 17 * Portions Copyright (C) 1995-2000 by Network Associates, Inc. 18 * 19 * Permission to use, copy, modify, and/or distribute this software for any 20 * purpose with or without fee is hereby granted, provided that the above 21 * copyright notice and this permission notice appear in all copies. 22 * 23 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS 24 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 25 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE 26 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 27 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 28 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR 29 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 30 */ 31 32/* $Id$ */ 33 34#ifdef OPENSSL 35#ifndef USE_EVP 36#define USE_EVP 1 37#endif 38 39#include <config.h> 40 41#include <string.h> 42 43#include <isc/entropy.h> 44#include <isc/mem.h> 45#include <isc/sha1.h> 46#include <isc/util.h> 47 48#include <dst/result.h> 49 50#include "dst_internal.h" 51#include "dst_openssl.h" 52#include "dst_parse.h" 53 54#include <openssl/dsa.h> 55 56static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data); 57 58static isc_result_t 59openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) { 60#if USE_EVP 61 EVP_MD_CTX *evp_md_ctx; 62 63 UNUSED(key); 64 65 evp_md_ctx = EVP_MD_CTX_create(); 66 if (evp_md_ctx == NULL) 67 return (ISC_R_NOMEMORY); 68 69 if (!EVP_DigestInit_ex(evp_md_ctx, EVP_dss1(), NULL)) { 70 EVP_MD_CTX_destroy(evp_md_ctx); 71 return (ISC_R_FAILURE); 72 } 73 74 dctx->ctxdata.evp_md_ctx = evp_md_ctx; 75 76 return (ISC_R_SUCCESS); 77#else 78 isc_sha1_t *sha1ctx; 79 80 UNUSED(key); 81 82 sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t)); 83 isc_sha1_init(sha1ctx); 84 dctx->ctxdata.sha1ctx = sha1ctx; 85 return (ISC_R_SUCCESS); 86#endif 87} 88 89static void 90openssldsa_destroyctx(dst_context_t *dctx) { 91#if USE_EVP 92 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; 93 94 if (evp_md_ctx != NULL) { 95 EVP_MD_CTX_destroy(evp_md_ctx); 96 dctx->ctxdata.evp_md_ctx = NULL; 97 } 98#else 99 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; 100 101 if (sha1ctx != NULL) { 102 isc_sha1_invalidate(sha1ctx); 103 isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t)); 104 dctx->ctxdata.sha1ctx = NULL; 105 } 106#endif 107} 108 109static isc_result_t 110openssldsa_adddata(dst_context_t *dctx, const isc_region_t *data) { 111#if USE_EVP 112 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; 113 114 if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) { 115 return (ISC_R_FAILURE); 116 } 117#else 118 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; 119 120 isc_sha1_update(sha1ctx, data->base, data->length); 121#endif 122 return (ISC_R_SUCCESS); 123} 124 125static int 126BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) { 127 int bytes = size - BN_num_bytes(bn); 128 while (bytes-- > 0) 129 *buf++ = 0; 130 BN_bn2bin(bn, buf); 131 return (size); 132} 133 134static isc_result_t 135openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { 136 dst_key_t *key = dctx->key; 137 DSA *dsa = key->keydata.dsa; 138 isc_region_t r; 139 DSA_SIG *dsasig; 140#if USE_EVP 141 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; 142 EVP_PKEY *pkey; 143 unsigned char *sigbuf; 144 const unsigned char *sb; 145 unsigned int siglen; 146#else 147 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; 148 unsigned char digest[ISC_SHA1_DIGESTLENGTH]; 149#endif 150 151 isc_buffer_availableregion(sig, &r); 152 if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1) 153 return (ISC_R_NOSPACE); 154 155#if USE_EVP 156 pkey = EVP_PKEY_new(); 157 if (pkey == NULL) 158 return (ISC_R_NOMEMORY); 159 if (!EVP_PKEY_set1_DSA(pkey, dsa)) { 160 EVP_PKEY_free(pkey); 161 return (ISC_R_FAILURE); 162 } 163 sigbuf = malloc(EVP_PKEY_size(pkey)); 164 if (sigbuf == NULL) { 165 EVP_PKEY_free(pkey); 166 return (ISC_R_NOMEMORY); 167 } 168 if (!EVP_SignFinal(evp_md_ctx, sigbuf, &siglen, pkey)) { 169 EVP_PKEY_free(pkey); 170 free(sigbuf); 171 return (ISC_R_FAILURE); 172 } 173 INSIST(EVP_PKEY_size(pkey) >= (int) siglen); 174 EVP_PKEY_free(pkey); 175 /* Convert from Dss-Sig-Value (RFC2459). */ 176 dsasig = DSA_SIG_new(); 177 if (dsasig == NULL) { 178 free(sigbuf); 179 return (ISC_R_NOMEMORY); 180 } 181 sb = sigbuf; 182 if (d2i_DSA_SIG(&dsasig, &sb, (long) siglen) == NULL) { 183 free(sigbuf); 184 return (ISC_R_FAILURE); 185 } 186 free(sigbuf); 187#elif 0 188 /* Only use EVP for the Digest */ 189 if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) { 190 return (ISC_R_FAILURE); 191 } 192 dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa); 193 if (dsasig == NULL) 194 return (dst__openssl_toresult(DST_R_SIGNFAILURE)); 195#else 196 isc_sha1_final(sha1ctx, digest); 197 198 dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa); 199 if (dsasig == NULL) 200 return (dst__openssl_toresult(DST_R_SIGNFAILURE)); 201#endif 202 *r.base++ = (key->key_size - 512)/64; 203 BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH); 204 r.base += ISC_SHA1_DIGESTLENGTH; 205 BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH); 206 r.base += ISC_SHA1_DIGESTLENGTH; 207 DSA_SIG_free(dsasig); 208 isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); 209 210 return (ISC_R_SUCCESS); 211} 212 213static isc_result_t 214openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) { 215 dst_key_t *key = dctx->key; 216 DSA *dsa = key->keydata.dsa; 217 int status = 0; 218 unsigned char *cp = sig->base; 219 DSA_SIG *dsasig; 220#if USE_EVP 221 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; 222#if 0 223 EVP_PKEY *pkey; 224 unsigned char *sigbuf; 225#endif 226 unsigned int siglen; 227#else 228 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; 229#endif 230 unsigned char digest[ISC_SHA1_DIGESTLENGTH]; 231 232 233#if USE_EVP 234#if 1 235 /* Only use EVP for the digest */ 236 if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) { 237 return (ISC_R_FAILURE); 238 } 239#endif 240#else 241 isc_sha1_final(sha1ctx, digest); 242#endif 243 244 if (sig->length != 2 * ISC_SHA1_DIGESTLENGTH + 1) { 245 return (DST_R_VERIFYFAILURE); 246 } 247 248 cp++; /*%< Skip T */ 249 dsasig = DSA_SIG_new(); 250 if (dsasig == NULL) 251 return (ISC_R_NOMEMORY); 252 dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); 253 cp += ISC_SHA1_DIGESTLENGTH; 254 dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); 255 256#if 0 257 pkey = EVP_PKEY_new(); 258 if (pkey == NULL) 259 return (ISC_R_NOMEMORY); 260 if (!EVP_PKEY_set1_DSA(pkey, dsa)) { 261 EVP_PKEY_free(pkey); 262 return (ISC_R_FAILURE); 263 } 264 /* Convert to Dss-Sig-Value (RFC2459). */ 265 sigbuf = malloc(EVP_PKEY_size(pkey) + 50); 266 if (sigbuf == NULL) { 267 EVP_PKEY_free(pkey); 268 return (ISC_R_NOMEMORY); 269 } 270 siglen = (unsigned) i2d_DSA_SIG(dsasig, &sigbuf); 271 INSIST(EVP_PKEY_size(pkey) >= (int) siglen); 272 status = EVP_VerifyFinal(evp_md_ctx, sigbuf, siglen, pkey); 273 EVP_PKEY_free(pkey); 274 free(sigbuf); 275#else 276 status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa); 277#endif 278 DSA_SIG_free(dsasig); 279 if (status != 1) 280 return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); 281 282 return (ISC_R_SUCCESS); 283} 284 285static isc_boolean_t 286openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) { 287 int status; 288 DSA *dsa1, *dsa2; 289 290 dsa1 = key1->keydata.dsa; 291 dsa2 = key2->keydata.dsa; 292 293 if (dsa1 == NULL && dsa2 == NULL) 294 return (ISC_TRUE); 295 else if (dsa1 == NULL || dsa2 == NULL) 296 return (ISC_FALSE); 297 298 status = BN_cmp(dsa1->p, dsa2->p) || 299 BN_cmp(dsa1->q, dsa2->q) || 300 BN_cmp(dsa1->g, dsa2->g) || 301 BN_cmp(dsa1->pub_key, dsa2->pub_key); 302 303 if (status != 0) 304 return (ISC_FALSE); 305 306 if (dsa1->priv_key != NULL || dsa2->priv_key != NULL) { 307 if (dsa1->priv_key == NULL || dsa2->priv_key == NULL) 308 return (ISC_FALSE); 309 if (BN_cmp(dsa1->priv_key, dsa2->priv_key)) 310 return (ISC_FALSE); 311 } 312 return (ISC_TRUE); 313} 314 315#if OPENSSL_VERSION_NUMBER > 0x00908000L 316static int 317progress_cb(int p, int n, BN_GENCB *cb) 318{ 319 union { 320 void *dptr; 321 void (*fptr)(int); 322 } u; 323 324 UNUSED(n); 325 326 u.dptr = cb->arg; 327 if (u.fptr != NULL) 328 u.fptr(p); 329 return (1); 330} 331#endif 332 333static isc_result_t 334openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) { 335 DSA *dsa; 336 unsigned char rand_array[ISC_SHA1_DIGESTLENGTH]; 337 isc_result_t result; 338#if OPENSSL_VERSION_NUMBER > 0x00908000L 339 BN_GENCB cb; 340 union { 341 void *dptr; 342 void (*fptr)(int); 343 } u; 344 345#else 346 347 UNUSED(callback); 348#endif 349 UNUSED(unused); 350 351 result = dst__entropy_getdata(rand_array, sizeof(rand_array), 352 ISC_FALSE); 353 if (result != ISC_R_SUCCESS) 354 return (result); 355 356#if OPENSSL_VERSION_NUMBER > 0x00908000L 357 dsa = DSA_new(); 358 if (dsa == NULL) 359 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 360 361 if (callback == NULL) { 362 BN_GENCB_set_old(&cb, NULL, NULL); 363 } else { 364 u.fptr = callback; 365 BN_GENCB_set(&cb, &progress_cb, u.dptr); 366 } 367 368 if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array, 369 ISC_SHA1_DIGESTLENGTH, NULL, NULL, 370 &cb)) 371 { 372 DSA_free(dsa); 373 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 374 } 375#else 376 dsa = DSA_generate_parameters(key->key_size, rand_array, 377 ISC_SHA1_DIGESTLENGTH, NULL, NULL, 378 NULL, NULL); 379 if (dsa == NULL) 380 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 381#endif 382 383 if (DSA_generate_key(dsa) == 0) { 384 DSA_free(dsa); 385 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 386 } 387 dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; 388 389 key->keydata.dsa = dsa; 390 391 return (ISC_R_SUCCESS); 392} 393 394static isc_boolean_t 395openssldsa_isprivate(const dst_key_t *key) { 396 DSA *dsa = key->keydata.dsa; 397 return (ISC_TF(dsa != NULL && dsa->priv_key != NULL)); 398} 399 400static void 401openssldsa_destroy(dst_key_t *key) { 402 DSA *dsa = key->keydata.dsa; 403 DSA_free(dsa); 404 key->keydata.dsa = NULL; 405} 406 407 408static isc_result_t 409openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) { 410 DSA *dsa; 411 isc_region_t r; 412 int dnslen; 413 unsigned int t, p_bytes; 414 415 REQUIRE(key->keydata.dsa != NULL); 416 417 dsa = key->keydata.dsa; 418 419 isc_buffer_availableregion(data, &r); 420 421 t = (BN_num_bytes(dsa->p) - 64) / 8; 422 if (t > 8) 423 return (DST_R_INVALIDPUBLICKEY); 424 p_bytes = 64 + 8 * t; 425 426 dnslen = 1 + (key->key_size * 3)/8 + ISC_SHA1_DIGESTLENGTH; 427 if (r.length < (unsigned int) dnslen) 428 return (ISC_R_NOSPACE); 429 430 *r.base++ = t; 431 BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH); 432 r.base += ISC_SHA1_DIGESTLENGTH; 433 BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8); 434 r.base += p_bytes; 435 BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8); 436 r.base += p_bytes; 437 BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8); 438 r.base += p_bytes; 439 440 isc_buffer_add(data, dnslen); 441 442 return (ISC_R_SUCCESS); 443} 444 445static isc_result_t 446openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) { 447 DSA *dsa; 448 isc_region_t r; 449 unsigned int t, p_bytes; 450 isc_mem_t *mctx = key->mctx; 451 452 UNUSED(mctx); 453 454 isc_buffer_remainingregion(data, &r); 455 if (r.length == 0) 456 return (ISC_R_SUCCESS); 457 458 dsa = DSA_new(); 459 if (dsa == NULL) 460 return (ISC_R_NOMEMORY); 461 dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; 462 463 t = (unsigned int) *r.base++; 464 if (t > 8) { 465 DSA_free(dsa); 466 return (DST_R_INVALIDPUBLICKEY); 467 } 468 p_bytes = 64 + 8 * t; 469 470 if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { 471 DSA_free(dsa); 472 return (DST_R_INVALIDPUBLICKEY); 473 } 474 475 dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL); 476 r.base += ISC_SHA1_DIGESTLENGTH; 477 478 dsa->p = BN_bin2bn(r.base, p_bytes, NULL); 479 r.base += p_bytes; 480 481 dsa->g = BN_bin2bn(r.base, p_bytes, NULL); 482 r.base += p_bytes; 483 484 dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL); 485 r.base += p_bytes; 486 487 key->key_size = p_bytes * 8; 488 489 isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes); 490 491 key->keydata.dsa = dsa; 492 493 return (ISC_R_SUCCESS); 494} 495 496 497static isc_result_t 498openssldsa_tofile(const dst_key_t *key, const char *directory) { 499 int cnt = 0; 500 DSA *dsa; 501 dst_private_t priv; 502 unsigned char bufs[5][128]; 503 504 if (key->keydata.dsa == NULL) 505 return (DST_R_NULLKEY); 506 507 dsa = key->keydata.dsa; 508 509 priv.elements[cnt].tag = TAG_DSA_PRIME; 510 priv.elements[cnt].length = BN_num_bytes(dsa->p); 511 BN_bn2bin(dsa->p, bufs[cnt]); 512 priv.elements[cnt].data = bufs[cnt]; 513 cnt++; 514 515 priv.elements[cnt].tag = TAG_DSA_SUBPRIME; 516 priv.elements[cnt].length = BN_num_bytes(dsa->q); 517 BN_bn2bin(dsa->q, bufs[cnt]); 518 priv.elements[cnt].data = bufs[cnt]; 519 cnt++; 520 521 priv.elements[cnt].tag = TAG_DSA_BASE; 522 priv.elements[cnt].length = BN_num_bytes(dsa->g); 523 BN_bn2bin(dsa->g, bufs[cnt]); 524 priv.elements[cnt].data = bufs[cnt]; 525 cnt++; 526 527 priv.elements[cnt].tag = TAG_DSA_PRIVATE; 528 priv.elements[cnt].length = BN_num_bytes(dsa->priv_key); 529 BN_bn2bin(dsa->priv_key, bufs[cnt]); 530 priv.elements[cnt].data = bufs[cnt]; 531 cnt++; 532 533 priv.elements[cnt].tag = TAG_DSA_PUBLIC; 534 priv.elements[cnt].length = BN_num_bytes(dsa->pub_key); 535 BN_bn2bin(dsa->pub_key, bufs[cnt]); 536 priv.elements[cnt].data = bufs[cnt]; 537 cnt++; 538 539 priv.nelements = cnt; 540 return (dst__privstruct_writefile(key, &priv, directory)); 541} 542 543static isc_result_t 544openssldsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { 545 dst_private_t priv; 546 isc_result_t ret; 547 int i; 548 DSA *dsa = NULL; 549 isc_mem_t *mctx = key->mctx; 550#define DST_RET(a) {ret = a; goto err;} 551 552 UNUSED(pub); 553 /* read private key file */ 554 ret = dst__privstruct_parse(key, DST_ALG_DSA, lexer, mctx, &priv); 555 if (ret != ISC_R_SUCCESS) 556 return (ret); 557 558 dsa = DSA_new(); 559 if (dsa == NULL) 560 DST_RET(ISC_R_NOMEMORY); 561 dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; 562 key->keydata.dsa = dsa; 563 564 for (i=0; i < priv.nelements; i++) { 565 BIGNUM *bn; 566 bn = BN_bin2bn(priv.elements[i].data, 567 priv.elements[i].length, NULL); 568 if (bn == NULL) 569 DST_RET(ISC_R_NOMEMORY); 570 571 switch (priv.elements[i].tag) { 572 case TAG_DSA_PRIME: 573 dsa->p = bn; 574 break; 575 case TAG_DSA_SUBPRIME: 576 dsa->q = bn; 577 break; 578 case TAG_DSA_BASE: 579 dsa->g = bn; 580 break; 581 case TAG_DSA_PRIVATE: 582 dsa->priv_key = bn; 583 break; 584 case TAG_DSA_PUBLIC: 585 dsa->pub_key = bn; 586 break; 587 } 588 } 589 dst__privstruct_free(&priv, mctx); 590 591 key->key_size = BN_num_bits(dsa->p); 592 593 return (ISC_R_SUCCESS); 594 595 err: 596 openssldsa_destroy(key); 597 dst__privstruct_free(&priv, mctx); 598 memset(&priv, 0, sizeof(priv)); 599 return (ret); 600} 601 602static dst_func_t openssldsa_functions = { 603 openssldsa_createctx, 604 openssldsa_destroyctx, 605 openssldsa_adddata, 606 openssldsa_sign, 607 openssldsa_verify, 608 NULL, /*%< computesecret */ 609 openssldsa_compare, 610 NULL, /*%< paramcompare */ 611 openssldsa_generate, 612 openssldsa_isprivate, 613 openssldsa_destroy, 614 openssldsa_todns, 615 openssldsa_fromdns, 616 openssldsa_tofile, 617 openssldsa_parse, 618 NULL, /*%< cleanup */ 619 NULL, /*%< fromlabel */ 620 NULL, /*%< dump */ 621 NULL, /*%< restore */ 622}; 623 624isc_result_t 625dst__openssldsa_init(dst_func_t **funcp) { 626 REQUIRE(funcp != NULL); 627 if (*funcp == NULL) 628 *funcp = &openssldsa_functions; 629 return (ISC_R_SUCCESS); 630} 631 632#else /* OPENSSL */ 633 634#include <isc/util.h> 635 636EMPTY_TRANSLATION_UNIT 637 638#endif /* OPENSSL */ 639/*! \file */ 640