summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarkus <>2002-09-12 20:53:48 +0000
committermarkus <>2002-09-12 20:53:48 +0000
commitf8f1d7fabf136ce9810602509c477d2c42bf6d1c (patch)
tree79ba8d2f1eb402a8b47ada9aeb8f5572d97d1b65
parent2a6851ef8adb0e84ff2515493d3704a13c6256b0 (diff)
downloadopenbsd-f8f1d7fabf136ce9810602509c477d2c42bf6d1c.tar.gz
openbsd-f8f1d7fabf136ce9810602509c477d2c42bf6d1c.tar.bz2
openbsd-f8f1d7fabf136ce9810602509c477d2c42bf6d1c.zip
import openssl-0.9.7-stable-SNAP-20020911 (without idea)
Diffstat
-rw-r--r--src/lib/libcrypto/crypto-lib.com10
-rw-r--r--src/lib/libcrypto/des/des_ver.h8
-rw-r--r--src/lib/libcrypto/engine/hw_4758_cca.c2
-rw-r--r--src/lib/libcrypto/engine/hw_ubsec.c8
-rw-r--r--src/lib/libcrypto/mem.c3
-rw-r--r--src/lib/libcrypto/ripemd/rmdtest.c2
-rw-r--r--src/lib/libcrypto/util/libeay.num1
-rw-r--r--src/lib/libcrypto/util/pod2mantest22
-rw-r--r--src/lib/libssl/src/CHANGES39
-rw-r--r--src/lib/libssl/src/Configure16
-rw-r--r--src/lib/libssl/src/FAQ14
-rw-r--r--src/lib/libssl/src/Makefile.org24
-rw-r--r--src/lib/libssl/src/NEWS8
-rw-r--r--src/lib/libssl/src/PROBLEMS8
-rw-r--r--src/lib/libssl/src/README2
-rw-r--r--src/lib/libssl/src/apps/apps.c39
-rw-r--r--src/lib/libssl/src/apps/apps.h4
-rw-r--r--src/lib/libssl/src/apps/ca.c9
-rw-r--r--src/lib/libssl/src/apps/dgst.c4
-rw-r--r--src/lib/libssl/src/apps/makeapps.com2
-rw-r--r--src/lib/libssl/src/apps/ocsp.c8
-rw-r--r--src/lib/libssl/src/apps/pkcs12.c12
-rw-r--r--src/lib/libssl/src/apps/pkcs8.c3
-rw-r--r--src/lib/libssl/src/apps/req.c16
-rw-r--r--src/lib/libssl/src/apps/rsa.c4
-rw-r--r--src/lib/libssl/src/apps/rsautl.c4
-rw-r--r--src/lib/libssl/src/apps/s_server.c14
-rw-r--r--src/lib/libssl/src/apps/smime.c2
-rw-r--r--src/lib/libssl/src/apps/spkac.c2
-rw-r--r--src/lib/libssl/src/apps/x509.c13
-rw-r--r--src/lib/libssl/src/config3
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_bitstr.c6
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_strex.c4
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_lib.c9
-rw-r--r--src/lib/libssl/src/crypto/asn1/t_req.c260
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_dec.c6
-rw-r--r--src/lib/libssl/src/crypto/bio/b_print.c2
-rw-r--r--src/lib/libssl/src/crypto/bn/bn.h2
-rw-r--r--src/lib/libssl/src/crypto/cryptlib.c8
-rw-r--r--src/lib/libssl/src/crypto/cryptlib.h4
-rw-r--r--src/lib/libssl/src/crypto/crypto-lib.com10
-rw-r--r--src/lib/libssl/src/crypto/des/des_ver.h8
-rw-r--r--src/lib/libssl/src/crypto/des/ecb_enc.c1
-rw-r--r--src/lib/libssl/src/crypto/des/set_key.c2
-rw-r--r--src/lib/libssl/src/crypto/engine/hw_4758_cca.c2
-rw-r--r--src/lib/libssl/src/crypto/engine/hw_ubsec.c8
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_locl.h12
-rw-r--r--src/lib/libssl/src/crypto/mem.c3
-rw-r--r--src/lib/libssl/src/crypto/objects/obj_dat.c2
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_lib.c7
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_asn.c6
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_lib.c7
-rw-r--r--src/lib/libssl/src/crypto/ripemd/rmdtest.c2
-rw-r--r--src/lib/libssl/src/crypto/x509/x509.h2
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/Makefile114
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h35
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c718
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec8
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c151
-rw-r--r--src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h95
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/Makefile114
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c917
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec8
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c154
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h98
-rw-r--r--src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h189
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/Makefile2
-rw-r--r--src/lib/libssl/src/demos/engines/rsaref/rsaref.c6
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/Makefile114
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod.c1736
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec8
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod.h160
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c151
-rw-r--r--src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h95
-rw-r--r--src/lib/libssl/src/doc/crypto/DH_set_method.pod102
-rw-r--r--src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/DSA_new.pod3
-rw-r--r--src/lib/libssl/src/doc/crypto/DSA_set_method.pod91
-rw-r--r--src/lib/libssl/src/doc/crypto/DSA_size.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/EVP_SealInit.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod44
-rw-r--r--src/lib/libssl/src/doc/crypto/RSA_new.pod6
-rw-r--r--src/lib/libssl/src/doc/crypto/RSA_set_method.pod127
-rw-r--r--src/lib/libssl/src/doc/crypto/RSA_size.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/dh.pod31
-rw-r--r--src/lib/libssl/src/doc/crypto/dsa.pod41
-rw-r--r--src/lib/libssl/src/doc/crypto/engine.pod621
-rw-r--r--src/lib/libssl/src/doc/crypto/evp.pod10
-rw-r--r--src/lib/libssl/src/doc/crypto/rand.pod24
-rw-r--r--src/lib/libssl/src/doc/crypto/rsa.pod31
-rw-r--r--src/lib/libssl/src/doc/openssl.txt2
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod2
-rw-r--r--src/lib/libssl/src/ssl/s2_clnt.c41
-rw-r--r--src/lib/libssl/src/ssl/s2_enc.c3
-rw-r--r--src/lib/libssl/src/ssl/s2_lib.c39
-rw-r--r--src/lib/libssl/src/ssl/s2_srvr.c60
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c12
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c8
-rw-r--r--src/lib/libssl/src/ssl/ssl-lib.com2
-rw-r--r--src/lib/libssl/src/ssl/ssl.h6
-rw-r--r--src/lib/libssl/src/ssl/ssl_asn1.c5
-rw-r--r--src/lib/libssl/src/ssl/ssl_err.c6
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c17
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h2
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c7
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c12
-rw-r--r--src/lib/libssl/src/test/dummytest.c5
-rw-r--r--src/lib/libssl/src/test/maketests.com2
-rw-r--r--src/lib/libssl/src/test/tcrl.com4
-rw-r--r--src/lib/libssl/src/test/testenc.com4
-rw-r--r--src/lib/libssl/src/test/tpkcs7.com4
-rw-r--r--src/lib/libssl/src/test/tpkcs7d.com4
-rw-r--r--src/lib/libssl/src/test/treq.com4
-rw-r--r--src/lib/libssl/src/test/trsa.com4
-rw-r--r--src/lib/libssl/src/test/tsid.com4
-rw-r--r--src/lib/libssl/src/test/tx509.com4
-rw-r--r--src/lib/libssl/src/util/libeay.num1
-rw-r--r--src/lib/libssl/src/util/pod2mantest22
-rw-r--r--src/lib/libssl/test/dummytest.c5
-rw-r--r--src/lib/libssl/test/maketests.com2
-rw-r--r--src/lib/libssl/test/tcrl.com4
-rw-r--r--src/lib/libssl/test/testenc.com4
-rw-r--r--src/lib/libssl/test/tpkcs7.com4
-rw-r--r--src/lib/libssl/test/tpkcs7d.com4
-rw-r--r--src/lib/libssl/test/treq.com4
-rw-r--r--src/lib/libssl/test/trsa.com4
-rw-r--r--src/lib/libssl/test/tsid.com4
-rw-r--r--src/lib/libssl/test/tx509.com4
128 files changed, 6497 insertions, 519 deletions
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
index 4847a69a71..dfcff11860 100644
--- a/src/lib/libcrypto/crypto-lib.com
+++ b/src/lib/libcrypto/crypto-lib.com
@@ -231,7 +231,7 @@ $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
231 "rand_vms" 231 "rand_vms"
232$ LIB_ERR = "err,err_all,err_prn" 232$ LIB_ERR = "err,err_all,err_prn"
233$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" 233$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
234$ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ - 234$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
235 "e_des,e_bf,e_idea,e_des3,"+ - 235 "e_des,e_bf,e_idea,e_des3,"+ -
236 "e_rc4,e_aes,names,"+ - 236 "e_rc4,e_aes,names,"+ -
237 "e_xcbc_d,e_rc2,e_cast,e_rc5" 237 "e_xcbc_d,e_rc2,e_cast,e_rc5"
@@ -265,14 +265,14 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
265 "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - 265 "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
266 "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - 266 "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
267 "v3_ocsp,v3_akeya" 267 "v3_ocsp,v3_akeya"
268$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall" 268$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
269$ LIB_TXT_DB = "txt_db" 269$ LIB_TXT_DB = "txt_db"
270$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - 270$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
271 "pk7_mime" 271 "pk7_mime"
272$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - 272$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
273 "p12_init,p12_key,p12_kiss,p12_mutl,"+ - 273 "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
274 "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" 274 "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
275$ LIB_COMP = "comp_lib,"+ - 275$ LIB_COMP = "comp_lib,comp_err,"+ -
276 "c_rle,c_zlib" 276 "c_rle,c_zlib"
277$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - 277$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
278 "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" 278 "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
@@ -1325,7 +1325,7 @@ $ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
1325$! 1325$!
1326$! Show user the result 1326$! Show user the result
1327$! 1327$!
1328$ WRITE SYS$OUTPUT "Main C Compiling Command: ",CC 1328$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
1329$! 1329$!
1330$! Else The User Entered An Invalid Arguement. 1330$! Else The User Entered An Invalid Arguement.
1331$! 1331$!
@@ -1356,7 +1356,7 @@ $ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE
1356$! 1356$!
1357$! Show user the result 1357$! Show user the result
1358$! 1358$!
1359$ WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO 1359$ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
1360$! 1360$!
1361$! Time to check the contents, and to make sure we get the correct library. 1361$! Time to check the contents, and to make sure we get the correct library.
1362$! 1362$!
diff --git a/src/lib/libcrypto/des/des_ver.h b/src/lib/libcrypto/des/des_ver.h
index 0fa94d5368..379bbadda2 100644
--- a/src/lib/libcrypto/des/des_ver.h
+++ b/src/lib/libcrypto/des/des_ver.h
@@ -63,5 +63,9 @@
63# define OPENSSL_EXTERN OPENSSL_EXPORT 63# define OPENSSL_EXTERN OPENSSL_EXPORT
64#endif 64#endif
65 65
66OPENSSL_EXTERN char *DES_version; /* SSLeay version string */ 66/* The following macros make sure the names are different from libdes names */
67OPENSSL_EXTERN char *libdes_version; /* old libdes version string */ 67#define DES_version OSSL_DES_version
68#define libdes_version OSSL_libdes_version
69
70OPENSSL_EXTERN const char *OSSL_DES_version; /* SSLeay version string */
71OPENSSL_EXTERN const char *OSSL_libdes_version; /* old libdes version string */
diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c
index 1053c52082..bfb80968e2 100644
--- a/src/lib/libcrypto/engine/hw_4758_cca.c
+++ b/src/lib/libcrypto/engine/hw_4758_cca.c
@@ -953,7 +953,7 @@ static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
953#ifdef ENGINE_DYNAMIC_SUPPORT 953#ifdef ENGINE_DYNAMIC_SUPPORT
954static int bind_fn(ENGINE *e, const char *id) 954static int bind_fn(ENGINE *e, const char *id)
955 { 955 {
956 if(id && (strcmp(id, engine_cswift_id) != 0)) 956 if(id && (strcmp(id, engine_4758_cca_id) != 0))
957 return 0; 957 return 0;
958 if(!bind_helper(e)) 958 if(!bind_helper(e))
959 return 0; 959 return 0;
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
index 63397f868c..ed8401ec16 100644
--- a/src/lib/libcrypto/engine/hw_ubsec.c
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -93,7 +93,7 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
93static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 93static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
94 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 94 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
95#ifndef OPENSSL_NO_DSA 95#ifndef OPENSSL_NO_DSA
96#if NOT_USED 96#ifdef NOT_USED
97static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, 97static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
98 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, 98 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
99 BN_CTX *ctx, BN_MONT_CTX *in_mont); 99 BN_CTX *ctx, BN_MONT_CTX *in_mont);
@@ -113,7 +113,7 @@ static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
113static int ubsec_dh_generate_key(DH *dh); 113static int ubsec_dh_generate_key(DH *dh);
114#endif 114#endif
115 115
116#if NOT_USED 116#ifdef NOT_USED
117static int ubsec_rand_bytes(unsigned char *buf, int num); 117static int ubsec_rand_bytes(unsigned char *buf, int num);
118static int ubsec_rand_status(void); 118static int ubsec_rand_status(void);
119#endif 119#endif
@@ -663,7 +663,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
663} 663}
664 664
665#ifndef OPENSSL_NO_DSA 665#ifndef OPENSSL_NO_DSA
666#if NOT_USED 666#ifdef NOT_USED
667static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, 667static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
668 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, 668 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
669 BN_CTX *ctx, BN_MONT_CTX *in_mont) 669 BN_CTX *ctx, BN_MONT_CTX *in_mont)
@@ -987,7 +987,7 @@ err:
987 } 987 }
988#endif 988#endif
989 989
990#if NOT_USED 990#ifdef NOT_USED
991static int ubsec_rand_bytes(unsigned char * buf, 991static int ubsec_rand_bytes(unsigned char * buf,
992 int num) 992 int num)
993 { 993 {
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c
index effec714e8..a7826908e6 100644
--- a/src/lib/libcrypto/mem.c
+++ b/src/lib/libcrypto/mem.c
@@ -303,6 +303,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
303 { 303 {
304 void *ret = NULL; 304 void *ret = NULL;
305 305
306 if (str == NULL)
307 return CRYPTO_malloc(num, file, line);
308
306 if (realloc_debug_func != NULL) 309 if (realloc_debug_func != NULL)
307 realloc_debug_func(str, NULL, num, file, line, 0); 310 realloc_debug_func(str, NULL, num, file, line, 0);
308 ret = realloc_ex_func(str,num,file,line); 311 ret = realloc_ex_func(str,num,file,line);
diff --git a/src/lib/libcrypto/ripemd/rmdtest.c b/src/lib/libcrypto/ripemd/rmdtest.c
index 19e9741db2..be1fb8b1f6 100644
--- a/src/lib/libcrypto/ripemd/rmdtest.c
+++ b/src/lib/libcrypto/ripemd/rmdtest.c
@@ -59,7 +59,6 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <string.h> 60#include <string.h>
61#include <stdlib.h> 61#include <stdlib.h>
62#include <openssl/ripemd.h>
63 62
64#ifdef OPENSSL_NO_RIPEMD 63#ifdef OPENSSL_NO_RIPEMD
65int main(int argc, char *argv[]) 64int main(int argc, char *argv[])
@@ -68,6 +67,7 @@ int main(int argc, char *argv[])
68 return(0); 67 return(0);
69} 68}
70#else 69#else
70#include <openssl/ripemd.h>
71#include <openssl/evp.h> 71#include <openssl/evp.h>
72 72
73#ifdef CHARSET_EBCDIC 73#ifdef CHARSET_EBCDIC
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index 512185e257..7e5728495f 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -2792,3 +2792,4 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
2792ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: 2792ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
2793d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: 2793d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION:
2794EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES 2794EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES
2795X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO
diff --git a/src/lib/libcrypto/util/pod2mantest b/src/lib/libcrypto/util/pod2mantest
index e01c6192a7..412ca8d6d8 100644
--- a/src/lib/libcrypto/util/pod2mantest
+++ b/src/lib/libcrypto/util/pod2mantest
@@ -12,7 +12,8 @@
12 12
13IFS=: 13IFS=:
14if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi 14if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi
15try_without_dir=false 15
16try_without_dir=true
16# First we try "pod2man", then "$dir/pod2man" for each item in $PATH. 17# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
17for dir in dummy${IFS}$PATH; do 18for dir in dummy${IFS}$PATH; do
18 if [ "$try_without_dir" = true ]; then 19 if [ "$try_without_dir" = true ]; then
@@ -30,9 +31,16 @@ for dir in dummy${IFS}$PATH; do
30 if [ ! "$pod2man" = '' ]; then 31 if [ ! "$pod2man" = '' ]; then
31 failure=none 32 failure=none
32 33
34 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
35 :
36 else
37 failure=BasicTest
38 fi
33 39
34 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then 40 if [ "$failure" = none ]; then
35 failure=MultilineTest 41 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
42 failure=MultilineTest
43 fi
36 fi 44 fi
37 45
38 46
@@ -46,9 +54,5 @@ for dir in dummy${IFS}$PATH; do
46done 54done
47 55
48echo "No working pod2man found. Consider installing a new version." >&2 56echo "No working pod2man found. Consider installing a new version." >&2
49if [ "$1" = ignore ]; then 57echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
50 echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 58echo "$1 ../../util/pod2man.pl"
51 echo "../../util/pod2man.pl"
52 exit 0
53fi
54exit 1
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index 5c80970b52..03b697cd7e 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,7 +2,13 @@
2 OpenSSL CHANGES 2 OpenSSL CHANGES
3 _______________ 3 _______________
4 4
5 Changes between 0.9.6e and 0.9.7 [XX xxx 2002] 5 Changes between 0.9.6h and 0.9.7 [XX xxx 2002]
6
7 *) Make -nameopt work fully for req and add -reqopt switch.
8 [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
9
10 *) The "block size" for block ciphers in CFB and OFB mode should be 1.
11 [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
6 12
7 *) Make sure tests can be performed even if the corresponding algorithms 13 *) Make sure tests can be performed even if the corresponding algorithms
8 have been removed entirely. This was also the last step to make 14 have been removed entirely. This was also the last step to make
@@ -1667,6 +1673,37 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
1667 *) Clean old EAY MD5 hack from e_os.h. 1673 *) Clean old EAY MD5 hack from e_os.h.
1668 [Richard Levitte] 1674 [Richard Levitte]
1669 1675
1676 Changes between 0.9.6g and 0.9.6h [xx XXX xxxx]
1677
1678 *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
1679 the cached sessions are flushed, as the remove_cb() might use ex_data
1680 contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
1681 (see [openssl.org #212]).
1682 [Geoff Thorpe, Lutz Jaenicke]
1683
1684 *) Fix typo in OBJ_txt2obj which incorrectly passed the content
1685 length, instead of the encoding length to d2i_ASN1_OBJECT.
1686 [Steve Henson]
1687
1688 Changes between 0.9.6f and 0.9.6g [9 Aug 2002]
1689
1690 *) [In 0.9.6g-engine release:]
1691 Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
1692 [Lynn Gazis <lgazis@rainbow.com>]
1693
1694 Changes between 0.9.6e and 0.9.6f [8 Aug 2002]
1695
1696 *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
1697 and get fix the header length calculation.
1698 [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
1699 Alon Kantor <alonk@checkpoint.com> (and others),
1700 Steve Henson]
1701
1702 *) Use proper error handling instead of 'assertions' in buffer
1703 overflow checks added in 0.9.6e. This prevents DoS (the
1704 assertions could call abort()).
1705 [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
1706
1670 Changes between 0.9.6d and 0.9.6e [30 Jul 2002] 1707 Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
1671 1708
1672 *) Add various sanity checks to asn1_get_length() to reject 1709 *) Add various sanity checks to asn1_get_length() to reject
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index 74bd8877e5..292ca877c6 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -120,7 +120,7 @@ my $alpha_asm="::::::::";
120# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1. 120# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
121# So the md5_locl.h file has an undef B_ENDIAN if sun is defined 121# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
122 122
123#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib 123#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
124 124
125my %table=( 125my %table=(
126# File 'TABLE' (created by 'make TABLE') contains the data from this list, 126# File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -387,8 +387,8 @@ my %table=(
387"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", 387"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
388"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 388"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
389"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", 389"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
390"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", 390"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
391"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 391"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
392"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 392"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
393"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 393"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
394"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 394"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -438,6 +438,7 @@ my %table=(
438"aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::", 438"aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
439"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", 439"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
440"aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", 440"aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
441"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64",
441 442
442# 443#
443# Cray T90 and similar (SDSC) 444# Cray T90 and similar (SDSC)
@@ -586,6 +587,7 @@ my $idx_shared_cflag = $idx++;
586my $idx_shared_ldflag = $idx++; 587my $idx_shared_ldflag = $idx++;
587my $idx_shared_extension = $idx++; 588my $idx_shared_extension = $idx++;
588my $idx_ranlib = $idx++; 589my $idx_ranlib = $idx++;
590my $idx_arflags = $idx++;
589 591
590my $prefix=""; 592my $prefix="";
591my $openssldir=""; 593my $openssldir="";
@@ -940,6 +942,7 @@ my $shared_cflag = $fields[$idx_shared_cflag];
940my $shared_ldflag = $fields[$idx_shared_ldflag]; 942my $shared_ldflag = $fields[$idx_shared_ldflag];
941my $shared_extension = $fields[$idx_shared_extension]; 943my $shared_extension = $fields[$idx_shared_extension];
942my $ranlib = $fields[$idx_ranlib]; 944my $ranlib = $fields[$idx_ranlib];
945my $arflags = $fields[$idx_arflags];
943 946
944$cflags="$flags$cflags" if ($flags ne ""); 947$cflags="$flags$cflags" if ($flags ne "");
945 948
@@ -1067,7 +1070,7 @@ if ($zlib)
1067 { 1070 {
1068 $cflags = "-DZLIB $cflags"; 1071 $cflags = "-DZLIB $cflags";
1069 $cflags = "-DZLIB_SHARED $cflags" if $zlib == 2; 1072 $cflags = "-DZLIB_SHARED $cflags" if $zlib == 2;
1070 $lflags = "$lflags -lz" if $zlib == 2; 1073 $lflags = "$lflags -lz" if $zlib == 1;
1071 } 1074 }
1072 1075
1073# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org 1076# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
@@ -1208,6 +1211,7 @@ while (<IN>)
1208 s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; 1211 s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
1209 s/^PROCESSOR=.*/PROCESSOR= $processor/; 1212 s/^PROCESSOR=.*/PROCESSOR= $processor/;
1210 s/^RANLIB=.*/RANLIB= $ranlib/; 1213 s/^RANLIB=.*/RANLIB= $ranlib/;
1214 s/^ARFLAGS=.*/ARFLAGS= $arflags/;
1211 s/^PERL=.*/PERL= $perl/; 1215 s/^PERL=.*/PERL= $perl/;
1212 s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; 1216 s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
1213 s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; 1217 s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
@@ -1254,6 +1258,7 @@ print "SHA1_OBJ_ASM =$sha1_obj\n";
1254print "RMD160_OBJ_ASM=$rmd160_obj\n"; 1258print "RMD160_OBJ_ASM=$rmd160_obj\n";
1255print "PROCESSOR =$processor\n"; 1259print "PROCESSOR =$processor\n";
1256print "RANLIB =$ranlib\n"; 1260print "RANLIB =$ranlib\n";
1261print "ARFLAGS =$arflags\n";
1257print "PERL =$perl\n"; 1262print "PERL =$perl\n";
1258print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" 1263print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
1259 if $withargs{"krb5-include"} ne ""; 1264 if $withargs{"krb5-include"} ne "";
@@ -1561,7 +1566,7 @@ sub print_table_entry
1561 my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj, 1566 my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
1562 my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, 1567 my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
1563 my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, 1568 my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
1564 my $shared_ldflag,my $shared_extension,my $ranlib)= 1569 my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=
1565 split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); 1570 split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
1566 1571
1567 print <<EOF 1572 print <<EOF
@@ -1589,6 +1594,7 @@ sub print_table_entry
1589\$shared_ldflag = $shared_ldflag 1594\$shared_ldflag = $shared_ldflag
1590\$shared_extension = $shared_extension 1595\$shared_extension = $shared_extension
1591\$ranlib = $ranlib 1596\$ranlib = $ranlib
1597\$arflags = $arflags
1592EOF 1598EOF
1593 } 1599 }
1594 1600
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index ee03d97676..28027fdcac 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -36,6 +36,7 @@ OpenSSL - Frequently Asked Questions
36* Why does the linker complain about undefined symbols? 36* Why does the linker complain about undefined symbols?
37* Why does the OpenSSL test fail with "bc: command not found"? 37* Why does the OpenSSL test fail with "bc: command not found"?
38* Why does the OpenSSL test fail with "bc: 1 no implemented"? 38* Why does the OpenSSL test fail with "bc: 1 no implemented"?
39* Why does the OpenSSL test fail with "bc: stack empty"?
39* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? 40* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
40* Why does the OpenSSL compilation fail with "ar: command not found"? 41* Why does the OpenSSL compilation fail with "ar: command not found"?
41* Why does the OpenSSL compilation fail on Win32 with VC++? 42* Why does the OpenSSL compilation fail on Win32 with VC++?
@@ -64,7 +65,7 @@ OpenSSL - Frequently Asked Questions
64* Which is the current version of OpenSSL? 65* Which is the current version of OpenSSL?
65 66
66The current version is available from <URL: http://www.openssl.org>. 67The current version is available from <URL: http://www.openssl.org>.
67OpenSSL 0.9.6e was released on July 30, 2002. 68OpenSSL 0.9.6g was released on August 9, 2002.
68 69
69In addition to the current stable release, you can also access daily 70In addition to the current stable release, you can also access daily
70snapshots of the OpenSSL development version at <URL: 71snapshots of the OpenSSL development version at <URL:
@@ -402,6 +403,17 @@ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
402for download instructions) can be safely used, for example. 403for download instructions) can be safely used, for example.
403 404
404 405
406* Why does the OpenSSL test fail with "bc: stack empty"?
407
408On some DG/ux versions, bc seems to have a too small stack for calculations
409that the OpenSSL bntest throws at it. This gets triggered when you run the
410test suite (using "make test"). The message returned is "bc: stack empty".
411
412The best way to deal with this is to find another implementation of bc
413and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
414for download instructions) can be safely used, for example.
415
416
405* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? 417* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
406 418
407On some Alpha installations running Tru64 Unix and Compaq C, the compilation 419On some Alpha installations running Tru64 Unix and Compaq C, the compilation
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index 8808dd7922..d7af0815f3 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -59,7 +59,8 @@ DEPFLAG=
59PEX_LIBS= 59PEX_LIBS=
60EX_LIBS= 60EX_LIBS=
61EXE_EXT= 61EXE_EXT=
62AR=ar r 62ARFLAGS=
63AR=ar $(ARFLAGS) r
63RANLIB= ranlib 64RANLIB= ranlib
64PERL= perl 65PERL= perl
65TAR= tar 66TAR= tar
@@ -251,7 +252,8 @@ link-shared:
251 for i in $(SHLIBDIRS); do \ 252 for i in $(SHLIBDIRS); do \
252 prev=lib$$i$(SHLIB_EXT); \ 253 prev=lib$$i$(SHLIB_EXT); \
253 for j in $${tmp:-x}; do \ 254 for j in $${tmp:-x}; do \
254 ( set -x; ln -f -s $$prev lib$$i$$j ); \ 255 ( set -x; \
256 rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
255 prev=lib$$i$$j; \ 257 prev=lib$$i$$j; \
256 done; \ 258 done; \
257 done; \ 259 done; \
@@ -273,9 +275,7 @@ do_gnu-shared:
273 done 275 done
274 276
275DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ 277DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
276 collect2=`gcc -print-prog-name=collect2 2>&1` && \ 278 my_ld=`gcc -print-prog-name=ld 2>&1` && \
277 [ -n "$$collect2" ] && \
278 my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
279 [ -n "$$my_ld" ] && \ 279 [ -n "$$my_ld" ] && \
280 $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 280 $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
281 281
@@ -731,7 +731,8 @@ install: all install_docs
731 done; \ 731 done; \
732 ( here="`pwd`"; \ 732 ( here="`pwd`"; \
733 cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ 733 cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
734 make -f $$here/Makefile link-shared ); \ 734 set $(MAKE); \
735 $$1 -f $$here/Makefile link-shared ); \
735 fi 736 fi
736 737
737install_docs: 738install_docs:
@@ -740,22 +741,23 @@ install_docs:
740 $(INSTALL_PREFIX)$(MANDIR)/man3 \ 741 $(INSTALL_PREFIX)$(MANDIR)/man3 \
741 $(INSTALL_PREFIX)$(MANDIR)/man5 \ 742 $(INSTALL_PREFIX)$(MANDIR)/man5 \
742 $(INSTALL_PREFIX)$(MANDIR)/man7 743 $(INSTALL_PREFIX)$(MANDIR)/man7
743 @for i in doc/apps/*.pod; do \ 744 @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
745 for i in doc/apps/*.pod; do \
744 fn=`basename $$i .pod`; \ 746 fn=`basename $$i .pod`; \
745 if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ 747 if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
746 echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ 748 echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
747 (cd `$(PERL) util/dirname.pl $$i`; \ 749 (cd `$(PERL) util/dirname.pl $$i`; \
748 sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ 750 sh -c "$$pod2man \
749 --section=$$sec --center=OpenSSL \ 751 --section=$$sec --center=OpenSSL \
750 --release=$(VERSION) `basename $$i`") \ 752 --release=$(VERSION) `basename $$i`") \
751 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ 753 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
752 done 754 done; \
753 @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ 755 for i in doc/crypto/*.pod doc/ssl/*.pod; do \
754 fn=`basename $$i .pod`; \ 756 fn=`basename $$i .pod`; \
755 if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ 757 if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
756 echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ 758 echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
757 (cd `$(PERL) util/dirname.pl $$i`; \ 759 (cd `$(PERL) util/dirname.pl $$i`; \
758 sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ 760 sh -c "$$pod2man \
759 --section=$$sec --center=OpenSSL \ 761 --section=$$sec --center=OpenSSL \
760 --release=$(VERSION) `basename $$i`") \ 762 --release=$(VERSION) `basename $$i`") \
761 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ 763 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index 9531ba9c6e..418b3b0505 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -40,6 +40,14 @@
40 o SSL/TLS: add callback to retrieve SSL/TLS messages. 40 o SSL/TLS: add callback to retrieve SSL/TLS messages.
41 o SSL/TLS: support AES cipher suites (RFC3268). 41 o SSL/TLS: support AES cipher suites (RFC3268).
42 42
43 Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
44
45 o Important building fixes on Unix.
46
47 Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
48
49 o Various important bugfixes.
50
43 Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: 51 Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
44 52
45 o Important security related bugfixes. 53 o Important security related bugfixes.
diff --git a/src/lib/libssl/src/PROBLEMS b/src/lib/libssl/src/PROBLEMS
index 70e591a1d1..bf532d112b 100644
--- a/src/lib/libssl/src/PROBLEMS
+++ b/src/lib/libssl/src/PROBLEMS
@@ -38,3 +38,11 @@ may differ on your machine.
38As long as Apple doesn't fix the problem with ld, this problem building 38As long as Apple doesn't fix the problem with ld, this problem building
39OpenSSL will remain as is. 39OpenSSL will remain as is.
40 40
41
42* Parallell make leads to errors
43
44While running tests, running a parallell make is a bad idea. Many test
45scripts use the same name for output and input files, which means different
46will interfere with each other and lead to test failure.
47
48The solution is simple for now: don't run parallell make when testing.
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index 5394a17e3e..4228e145f9 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -154,7 +154,7 @@
154 - Stack Traceback (if the application dumps core) 154 - Stack Traceback (if the application dumps core)
155 155
156 Report the bug to the OpenSSL project via the Request Tracker 156 Report the bug to the OpenSSL project via the Request Tracker
157 (http://www.openssl.org/rt2.html) by mail to: 157 (http://www.openssl.org/support/rt2.html) by mail to:
158 158
159 openssl-bugs@openssl.org 159 openssl-bugs@openssl.org
160 160
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index a302119d7f..1a24b1c596 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -798,7 +798,7 @@ end:
798 return(x); 798 return(x);
799 } 799 }
800 800
801EVP_PKEY *load_key(BIO *err, const char *file, int format, 801EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
802 const char *pass, ENGINE *e, const char *key_descrip) 802 const char *pass, ENGINE *e, const char *key_descrip)
803 { 803 {
804 BIO *key=NULL; 804 BIO *key=NULL;
@@ -808,7 +808,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format,
808 cb_data.password = pass; 808 cb_data.password = pass;
809 cb_data.prompt_info = file; 809 cb_data.prompt_info = file;
810 810
811 if (file == NULL) 811 if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
812 { 812 {
813 BIO_printf(err,"no keyfile specified\n"); 813 BIO_printf(err,"no keyfile specified\n");
814 goto end; 814 goto end;
@@ -828,12 +828,19 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format,
828 ERR_print_errors(err); 828 ERR_print_errors(err);
829 goto end; 829 goto end;
830 } 830 }
831 if (BIO_read_filename(key,file) <= 0) 831 if (file == NULL && maybe_stdin)
832 { 832 {
833 BIO_printf(err, "Error opening %s %s\n", key_descrip, file); 833 setvbuf(stdin, NULL, _IONBF, 0);
834 ERR_print_errors(err); 834 BIO_set_fp(key,stdin,BIO_NOCLOSE);
835 goto end;
836 } 835 }
836 else
837 if (BIO_read_filename(key,file) <= 0)
838 {
839 BIO_printf(err, "Error opening %s %s\n",
840 key_descrip, file);
841 ERR_print_errors(err);
842 goto end;
843 }
837 if (format == FORMAT_ASN1) 844 if (format == FORMAT_ASN1)
838 { 845 {
839 pkey=d2i_PrivateKey_bio(key, NULL); 846 pkey=d2i_PrivateKey_bio(key, NULL);
@@ -867,7 +874,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format,
867 return(pkey); 874 return(pkey);
868 } 875 }
869 876
870EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, 877EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
871 const char *pass, ENGINE *e, const char *key_descrip) 878 const char *pass, ENGINE *e, const char *key_descrip)
872 { 879 {
873 BIO *key=NULL; 880 BIO *key=NULL;
@@ -877,7 +884,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
877 cb_data.password = pass; 884 cb_data.password = pass;
878 cb_data.prompt_info = file; 885 cb_data.prompt_info = file;
879 886
880 if (file == NULL) 887 if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
881 { 888 {
882 BIO_printf(err,"no keyfile specified\n"); 889 BIO_printf(err,"no keyfile specified\n");
883 goto end; 890 goto end;
@@ -897,11 +904,18 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
897 ERR_print_errors(err); 904 ERR_print_errors(err);
898 goto end; 905 goto end;
899 } 906 }
900 if (BIO_read_filename(key,file) <= 0) 907 if (file == NULL && maybe_stdin)
901 { 908 {
902 BIO_printf(err, "Error opening %s %s\n", key_descrip, file); 909 setvbuf(stdin, NULL, _IONBF, 0);
903 ERR_print_errors(err); 910 BIO_set_fp(key,stdin,BIO_NOCLOSE);
904 goto end; 911 }
912 else
913 if (BIO_read_filename(key,file) <= 0)
914 {
915 BIO_printf(err, "Error opening %s %s\n",
916 key_descrip, file);
917 ERR_print_errors(err);
918 goto end;
905 } 919 }
906 if (format == FORMAT_ASN1) 920 if (format == FORMAT_ASN1)
907 { 921 {
@@ -1074,6 +1088,7 @@ int set_cert_ex(unsigned long *flags, const char *arg)
1074 { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, 1088 { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
1075 { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, 1089 { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
1076 { "no_aux", X509_FLAG_NO_AUX, 0}, 1090 { "no_aux", X509_FLAG_NO_AUX, 0},
1091 { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
1077 { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, 1092 { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
1078 { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, 1093 { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
1079 { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, 1094 { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h
index a88902ac13..32a79605ee 100644
--- a/src/lib/libssl/src/apps/apps.h
+++ b/src/lib/libssl/src/apps/apps.h
@@ -233,9 +233,9 @@ int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
233int add_oid_section(BIO *err, CONF *conf); 233int add_oid_section(BIO *err, CONF *conf);
234X509 *load_cert(BIO *err, const char *file, int format, 234X509 *load_cert(BIO *err, const char *file, int format,
235 const char *pass, ENGINE *e, const char *cert_descrip); 235 const char *pass, ENGINE *e, const char *cert_descrip);
236EVP_PKEY *load_key(BIO *err, const char *file, int format, 236EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
237 const char *pass, ENGINE *e, const char *key_descrip); 237 const char *pass, ENGINE *e, const char *key_descrip);
238EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, 238EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
239 const char *pass, ENGINE *e, const char *key_descrip); 239 const char *pass, ENGINE *e, const char *key_descrip);
240STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, 240STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
241 const char *pass, ENGINE *e, const char *cert_descrip); 241 const char *pass, ENGINE *e, const char *cert_descrip);
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 322956de57..492b64f04f 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -699,7 +699,7 @@ bad:
699 goto err; 699 goto err;
700 } 700 }
701 } 701 }
702 pkey = load_key(bio_err, keyfile, keyform, key, e, 702 pkey = load_key(bio_err, keyfile, keyform, 0, key, e,
703 "CA private key"); 703 "CA private key");
704 if (key) memset(key,0,strlen(key)); 704 if (key) memset(key,0,strlen(key));
705 if (pkey == NULL) 705 if (pkey == NULL)
@@ -2089,9 +2089,8 @@ again2:
2089 } 2089 }
2090 } 2090 }
2091 2091
2092 row[DB_name]=X509_NAME_oneline(dn_subject,NULL,0);
2093 row[DB_serial]=BN_bn2hex(serial); 2092 row[DB_serial]=BN_bn2hex(serial);
2094 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) 2093 if (row[DB_serial] == NULL)
2095 { 2094 {
2096 BIO_printf(bio_err,"Memory allocation failure\n"); 2095 BIO_printf(bio_err,"Memory allocation failure\n");
2097 goto err; 2096 goto err;
@@ -2304,10 +2303,10 @@ again2:
2304 2303
2305 /* row[DB_serial] done already */ 2304 /* row[DB_serial] done already */
2306 row[DB_file]=(char *)OPENSSL_malloc(8); 2305 row[DB_file]=(char *)OPENSSL_malloc(8);
2307 /* row[DB_name] done already */ 2306 row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
2308 2307
2309 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || 2308 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
2310 (row[DB_file] == NULL)) 2309 (row[DB_file] == NULL) || (row[DB_name] == NULL))
2311 { 2310 {
2312 BIO_printf(bio_err,"Memory allocation failure\n"); 2311 BIO_printf(bio_err,"Memory allocation failure\n");
2313 goto err; 2312 goto err;
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index e21c3d83ac..32e40c1f53 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -277,10 +277,10 @@ int MAIN(int argc, char **argv)
277 if(keyfile) 277 if(keyfile)
278 { 278 {
279 if (want_pub) 279 if (want_pub)
280 sigkey = load_pubkey(bio_err, keyfile, keyform, NULL, 280 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
281 e, "key file"); 281 e, "key file");
282 else 282 else
283 sigkey = load_key(bio_err, keyfile, keyform, NULL, 283 sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
284 e, "key file"); 284 e, "key file");
285 if (!sigkey) 285 if (!sigkey)
286 { 286 {
diff --git a/src/lib/libssl/src/apps/makeapps.com b/src/lib/libssl/src/apps/makeapps.com
index 2e666368b7..148246facc 100644
--- a/src/lib/libssl/src/apps/makeapps.com
+++ b/src/lib/libssl/src/apps/makeapps.com
@@ -1086,7 +1086,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
1086$! 1086$!
1087$! Show user the result 1087$! Show user the result
1088$! 1088$!
1089$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC 1089$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
1090$! 1090$!
1091$! Special Threads For OpenVMS v7.1 Or Later 1091$! Special Threads For OpenVMS v7.1 Or Later
1092$! 1092$!
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c
index 49a156a1cf..59b97a634b 100644
--- a/src/lib/libssl/src/apps/ocsp.c
+++ b/src/lib/libssl/src/apps/ocsp.c
@@ -613,11 +613,11 @@ int MAIN(int argc, char **argv)
613 NULL, e, "CA certificate"); 613 NULL, e, "CA certificate");
614 if (rcertfile) 614 if (rcertfile)
615 { 615 {
616 rother = load_certs(bio_err, sign_certfile, FORMAT_PEM, 616 rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
617 NULL, e, "responder other certificates"); 617 NULL, e, "responder other certificates");
618 if (!sign_other) goto end; 618 if (!rother) goto end;
619 } 619 }
620 rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL, 620 rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
621 "responder private key"); 621 "responder private key");
622 if (!rkey) 622 if (!rkey)
623 goto end; 623 goto end;
@@ -663,7 +663,7 @@ int MAIN(int argc, char **argv)
663 NULL, e, "signer certificates"); 663 NULL, e, "signer certificates");
664 if (!sign_other) goto end; 664 if (!sign_other) goto end;
665 } 665 }
666 key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL, 666 key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
667 "signer private key"); 667 "signer private key");
668 if (!key) 668 if (!key)
669 goto end; 669 goto end;
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index e345cf1489..1697f6157f 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -427,7 +427,7 @@ int MAIN(int argc, char **argv)
427 CRYPTO_push_info("process -export_cert"); 427 CRYPTO_push_info("process -export_cert");
428 CRYPTO_push_info("reading private key"); 428 CRYPTO_push_info("reading private key");
429#endif 429#endif
430 key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 430 key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1,
431 passin, e, "private key"); 431 passin, e, "private key");
432 if (!key) { 432 if (!key) {
433 goto export_end; 433 goto export_end;
@@ -508,9 +508,10 @@ int MAIN(int argc, char **argv)
508 /* Exclude verified certificate */ 508 /* Exclude verified certificate */
509 for (i = 1; i < sk_X509_num (chain2) ; i++) 509 for (i = 1; i < sk_X509_num (chain2) ; i++)
510 sk_X509_push(certs, sk_X509_value (chain2, i)); 510 sk_X509_push(certs, sk_X509_value (chain2, i));
511 } 511 /* Free first certificate */
512 sk_X509_free(chain2); 512 X509_free(sk_X509_value(chain2, 0));
513 if (vret) { 513 sk_X509_free(chain2);
514 } else {
514 BIO_printf (bio_err, "Error %s getting chain.\n", 515 BIO_printf (bio_err, "Error %s getting chain.\n",
515 X509_verify_cert_error_string(vret)); 516 X509_verify_cert_error_string(vret));
516 goto export_end; 517 goto export_end;
@@ -537,8 +538,6 @@ int MAIN(int argc, char **argv)
537 } 538 }
538 sk_X509_pop_free(certs, X509_free); 539 sk_X509_pop_free(certs, X509_free);
539 certs = NULL; 540 certs = NULL;
540 /* ucert is part of certs so it is already freed */
541 ucert = NULL;
542 541
543#ifdef CRYPTO_MDEBUG 542#ifdef CRYPTO_MDEBUG
544 CRYPTO_pop_info(); 543 CRYPTO_pop_info();
@@ -627,7 +626,6 @@ int MAIN(int argc, char **argv)
627 if (certs) sk_X509_pop_free(certs, X509_free); 626 if (certs) sk_X509_pop_free(certs, X509_free);
628 if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); 627 if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
629 if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); 628 if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
630 if (ucert) X509_free(ucert);
631 629
632#ifdef CRYPTO_MDEBUG 630#ifdef CRYPTO_MDEBUG
633 CRYPTO_pop_info(); 631 CRYPTO_pop_info();
diff --git a/src/lib/libssl/src/apps/pkcs8.c b/src/lib/libssl/src/apps/pkcs8.c
index ba91caee6b..912e32006b 100644
--- a/src/lib/libssl/src/apps/pkcs8.c
+++ b/src/lib/libssl/src/apps/pkcs8.c
@@ -222,7 +222,8 @@ int MAIN(int argc, char **argv)
222 if (topk8) 222 if (topk8)
223 { 223 {
224 BIO_free(in); /* Not needed in this section */ 224 BIO_free(in); /* Not needed in this section */
225 pkey = load_key(bio_err, infile, informat, passin, e, "key"); 225 pkey = load_key(bio_err, infile, informat, 1,
226 passin, e, "key");
226 if (!pkey) { 227 if (!pkey) {
227 return (1); 228 return (1);
228 } 229 }
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index 5631a3839b..a3c1e0b4c4 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -151,7 +151,7 @@ int MAIN(int argc, char **argv)
151#ifndef OPENSSL_NO_DSA 151#ifndef OPENSSL_NO_DSA
152 DSA *dsa_params=NULL; 152 DSA *dsa_params=NULL;
153#endif 153#endif
154 unsigned long nmflag = 0; 154 unsigned long nmflag = 0, reqflag = 0;
155 int ex=1,x509=0,days=30; 155 int ex=1,x509=0,days=30;
156 X509 *x509ss=NULL; 156 X509 *x509ss=NULL;
157 X509_REQ *req=NULL; 157 X509_REQ *req=NULL;
@@ -356,6 +356,11 @@ int MAIN(int argc, char **argv)
356 if (--argc < 1) goto bad; 356 if (--argc < 1) goto bad;
357 if (!set_name_ex(&nmflag, *(++argv))) goto bad; 357 if (!set_name_ex(&nmflag, *(++argv))) goto bad;
358 } 358 }
359 else if (strcmp(*argv,"-reqopt") == 0)
360 {
361 if (--argc < 1) goto bad;
362 if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
363 }
359 else if (strcmp(*argv,"-subject") == 0) 364 else if (strcmp(*argv,"-subject") == 0)
360 subject=1; 365 subject=1;
361 else if (strcmp(*argv,"-text") == 0) 366 else if (strcmp(*argv,"-text") == 0)
@@ -448,7 +453,8 @@ bad:
448 BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); 453 BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
449 BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); 454 BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
450 BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); 455 BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n");
451 BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); 456 BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
457 BIO_printf(bio_err," -reqopt arg - various request text options\n\n");
452 goto end; 458 goto end;
453 } 459 }
454 460
@@ -622,7 +628,7 @@ bad:
622 628
623 if (keyfile != NULL) 629 if (keyfile != NULL)
624 { 630 {
625 pkey = load_key(bio_err, keyfile, keyform, passin, e, 631 pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
626 "Private Key"); 632 "Private Key");
627 if (!pkey) 633 if (!pkey)
628 { 634 {
@@ -981,9 +987,9 @@ loop:
981 if (text) 987 if (text)
982 { 988 {
983 if (x509) 989 if (x509)
984 X509_print(out,x509ss); 990 X509_print_ex(out, x509ss, nmflag, reqflag);
985 else 991 else
986 X509_REQ_print(out,req); 992 X509_REQ_print_ex(out, req, nmflag, reqflag);
987 } 993 }
988 994
989 if(subject) 995 if(subject)
diff --git a/src/lib/libssl/src/apps/rsa.c b/src/lib/libssl/src/apps/rsa.c
index 60a3381527..4e19bc16fb 100644
--- a/src/lib/libssl/src/apps/rsa.c
+++ b/src/lib/libssl/src/apps/rsa.c
@@ -238,12 +238,12 @@ bad:
238 if (pubin) 238 if (pubin)
239 pkey = load_pubkey(bio_err, infile, 239 pkey = load_pubkey(bio_err, infile,
240 (informat == FORMAT_NETSCAPE && sgckey ? 240 (informat == FORMAT_NETSCAPE && sgckey ?
241 FORMAT_IISSGC : informat), 241 FORMAT_IISSGC : informat), 1,
242 passin, e, "Public Key"); 242 passin, e, "Public Key");
243 else 243 else
244 pkey = load_key(bio_err, infile, 244 pkey = load_key(bio_err, infile,
245 (informat == FORMAT_NETSCAPE && sgckey ? 245 (informat == FORMAT_NETSCAPE && sgckey ?
246 FORMAT_IISSGC : informat), 246 FORMAT_IISSGC : informat), 1,
247 passin, e, "Private Key"); 247 passin, e, "Private Key");
248 248
249 if (pkey != NULL) 249 if (pkey != NULL)
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
index 9b02e6782e..36957e5b84 100644
--- a/src/lib/libssl/src/apps/rsautl.c
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -169,12 +169,12 @@ int MAIN(int argc, char **argv)
169 169
170 switch(key_type) { 170 switch(key_type) {
171 case KEY_PRIVKEY: 171 case KEY_PRIVKEY:
172 pkey = load_key(bio_err, keyfile, keyform, 172 pkey = load_key(bio_err, keyfile, keyform, 0,
173 NULL, e, "Private Key"); 173 NULL, e, "Private Key");
174 break; 174 break;
175 175
176 case KEY_PUBKEY: 176 case KEY_PUBKEY:
177 pkey = load_pubkey(bio_err, keyfile, keyform, 177 pkey = load_pubkey(bio_err, keyfile, keyform, 0,
178 NULL, e, "Public Key"); 178 NULL, e, "Public Key");
179 break; 179 break;
180 180
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 497abf44ef..b03231f3ba 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -320,10 +320,10 @@ static char **local_argv;
320static int ebcdic_new(BIO *bi); 320static int ebcdic_new(BIO *bi);
321static int ebcdic_free(BIO *a); 321static int ebcdic_free(BIO *a);
322static int ebcdic_read(BIO *b, char *out, int outl); 322static int ebcdic_read(BIO *b, char *out, int outl);
323static int ebcdic_write(BIO *b, char *in, int inl); 323static int ebcdic_write(BIO *b, const char *in, int inl);
324static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr); 324static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
325static int ebcdic_gets(BIO *bp, char *buf, int size); 325static int ebcdic_gets(BIO *bp, char *buf, int size);
326static int ebcdic_puts(BIO *bp, char *str); 326static int ebcdic_puts(BIO *bp, const char *str);
327 327
328#define BIO_TYPE_EBCDIC_FILTER (18|0x0200) 328#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
329static BIO_METHOD methods_ebcdic= 329static BIO_METHOD methods_ebcdic=
@@ -388,7 +388,7 @@ static int ebcdic_read(BIO *b, char *out, int outl)
388 return(ret); 388 return(ret);
389} 389}
390 390
391static int ebcdic_write(BIO *b, char *in, int inl) 391static int ebcdic_write(BIO *b, const char *in, int inl)
392{ 392{
393 EBCDIC_OUTBUFF *wbuf; 393 EBCDIC_OUTBUFF *wbuf;
394 int ret=0; 394 int ret=0;
@@ -421,7 +421,7 @@ static int ebcdic_write(BIO *b, char *in, int inl)
421 return(ret); 421 return(ret);
422} 422}
423 423
424static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) 424static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
425{ 425{
426 long ret; 426 long ret;
427 427
@@ -440,7 +440,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
440 440
441static int ebcdic_gets(BIO *bp, char *buf, int size) 441static int ebcdic_gets(BIO *bp, char *buf, int size)
442{ 442{
443 int i, ret; 443 int i, ret=0;
444 if (bp->next_bio == NULL) return(0); 444 if (bp->next_bio == NULL) return(0);
445/* return(BIO_gets(bp->next_bio,buf,size));*/ 445/* return(BIO_gets(bp->next_bio,buf,size));*/
446 for (i=0; i<size-1; ++i) 446 for (i=0; i<size-1; ++i)
@@ -459,7 +459,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size)
459 return (ret < 0 && i == 0) ? ret : i; 459 return (ret < 0 && i == 0) ? ret : i;
460} 460}
461 461
462static int ebcdic_puts(BIO *bp, char *str) 462static int ebcdic_puts(BIO *bp, const char *str)
463{ 463{
464 if (bp->next_bio == NULL) return(0); 464 if (bp->next_bio == NULL) return(0);
465 return ebcdic_write(bp, str, strlen(str)); 465 return ebcdic_write(bp, str, strlen(str));
diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c
index 90fe026f56..ef0e477464 100644
--- a/src/lib/libssl/src/apps/smime.c
+++ b/src/lib/libssl/src/apps/smime.c
@@ -428,7 +428,7 @@ int MAIN(int argc, char **argv)
428 } else keyfile = NULL; 428 } else keyfile = NULL;
429 429
430 if(keyfile) { 430 if(keyfile) {
431 key = load_key(bio_err, keyfile, keyform, passin, e, 431 key = load_key(bio_err, keyfile, keyform, 0, passin, e,
432 "signing key file"); 432 "signing key file");
433 if (!key) { 433 if (!key) {
434 goto end; 434 goto end;
diff --git a/src/lib/libssl/src/apps/spkac.c b/src/lib/libssl/src/apps/spkac.c
index 049a37963c..4ce53e36c9 100644
--- a/src/lib/libssl/src/apps/spkac.c
+++ b/src/lib/libssl/src/apps/spkac.c
@@ -186,7 +186,7 @@ bad:
186 if(keyfile) { 186 if(keyfile) {
187 pkey = load_key(bio_err, 187 pkey = load_key(bio_err,
188 strcmp(keyfile, "-") ? keyfile : NULL, 188 strcmp(keyfile, "-") ? keyfile : NULL,
189 FORMAT_PEM, passin, e, "private key"); 189 FORMAT_PEM, 1, passin, e, "private key");
190 if(!pkey) { 190 if(!pkey) {
191 goto end; 191 goto end;
192 } 192 }
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index a797da0ffa..5a41c389ee 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -861,8 +861,8 @@ bad:
861 if (Upkey == NULL) 861 if (Upkey == NULL)
862 { 862 {
863 Upkey=load_key(bio_err, 863 Upkey=load_key(bio_err,
864 keyfile,keyformat, passin, e, 864 keyfile, keyformat, 0,
865 "Private key"); 865 passin, e, "Private key");
866 if (Upkey == NULL) goto end; 866 if (Upkey == NULL) goto end;
867 } 867 }
868#ifndef OPENSSL_NO_DSA 868#ifndef OPENSSL_NO_DSA
@@ -880,8 +880,9 @@ bad:
880 if (CAkeyfile != NULL) 880 if (CAkeyfile != NULL)
881 { 881 {
882 CApkey=load_key(bio_err, 882 CApkey=load_key(bio_err,
883 CAkeyfile,CAkeyformat, passin, 883 CAkeyfile, CAkeyformat,
884 e, "CA Private Key"); 884 0, passin, e,
885 "CA Private Key");
885 if (CApkey == NULL) goto end; 886 if (CApkey == NULL) goto end;
886 } 887 }
887#ifndef OPENSSL_NO_DSA 888#ifndef OPENSSL_NO_DSA
@@ -908,8 +909,8 @@ bad:
908 else 909 else
909 { 910 {
910 pk=load_key(bio_err, 911 pk=load_key(bio_err,
911 keyfile,FORMAT_PEM, passin, e, 912 keyfile, FORMAT_PEM, 0,
912 "request key"); 913 passin, e, "request key");
913 if (pk == NULL) goto end; 914 if (pk == NULL) goto end;
914 } 915 }
915 916
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config
index 972cdb70a3..3e9af7680a 100644
--- a/src/lib/libssl/src/config
+++ b/src/lib/libssl/src/config
@@ -393,6 +393,9 @@ exit 0
393GCCVER=`(gcc -dumpversion) 2>/dev/null` 393GCCVER=`(gcc -dumpversion) 2>/dev/null`
394if [ "$GCCVER" != "" ]; then 394if [ "$GCCVER" != "" ]; then
395 CC=gcc 395 CC=gcc
396 # then strip off whatever prefix egcs prepends the number with...
397 # Hopefully, this will work for any future prefixes as well.
398 GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
396 # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion 399 # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion
397 # does give us what we want though, so we use that. We just just the 400 # does give us what we want though, so we use that. We just just the
398 # major and minor version numbers. 401 # major and minor version numbers.
diff --git a/src/lib/libssl/src/crypto/asn1/a_bitstr.c b/src/lib/libssl/src/crypto/asn1/a_bitstr.c
index ed0bdfbde1..e0265f69d2 100644
--- a/src/lib/libssl/src/crypto/asn1/a_bitstr.c
+++ b/src/lib/libssl/src/crypto/asn1/a_bitstr.c
@@ -120,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
120 unsigned char *p,*s; 120 unsigned char *p,*s;
121 int i; 121 int i;
122 122
123 if (len < 1)
124 {
125 i=ASN1_R_STRING_TOO_SHORT;
126 goto err;
127 }
128
123 if ((a == NULL) || ((*a) == NULL)) 129 if ((a == NULL) || ((*a) == NULL))
124 { 130 {
125 if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); 131 if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
diff --git a/src/lib/libssl/src/crypto/asn1/a_strex.c b/src/lib/libssl/src/crypto/asn1/a_strex.c
index 8dab29dca1..7ddb7662f1 100644
--- a/src/lib/libssl/src/crypto/asn1/a_strex.c
+++ b/src/lib/libssl/src/crypto/asn1/a_strex.c
@@ -544,7 +544,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
544{ 544{
545 ASN1_STRING stmp, *str = &stmp; 545 ASN1_STRING stmp, *str = &stmp;
546 int mbflag, type, ret; 546 int mbflag, type, ret;
547 if(!*out || !in) return -1; 547 if(!in) return -1;
548 type = in->type; 548 type = in->type;
549 if((type < 0) || (type > 30)) return -1; 549 if((type < 0) || (type > 30)) return -1;
550 mbflag = tag2nbyte[type]; 550 mbflag = tag2nbyte[type];
@@ -553,6 +553,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
553 stmp.data = NULL; 553 stmp.data = NULL;
554 ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); 554 ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
555 if(ret < 0) return ret; 555 if(ret < 0) return ret;
556 if(out) *out = stmp.data; 556 *out = stmp.data;
557 return stmp.length; 557 return stmp.length;
558} 558}
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
index 422685a3b4..0638870ab7 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -57,6 +57,7 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <limits.h>
60#include "cryptlib.h" 61#include "cryptlib.h"
61#include <openssl/asn1.h> 62#include <openssl/asn1.h>
62#include <openssl/asn1_mac.h> 63#include <openssl/asn1_mac.h>
@@ -124,7 +125,7 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
124 (int)(omax+ *pp)); 125 (int)(omax+ *pp));
125 126
126#endif 127#endif
127 if (*plength > (omax - (*pp - p))) 128 if (*plength > (omax - (p - *pp)))
128 { 129 {
129 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); 130 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
130 /* Set this so that even if things are not long enough 131 /* Set this so that even if things are not long enough
@@ -141,7 +142,7 @@ err:
141static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) 142static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
142 { 143 {
143 unsigned char *p= *pp; 144 unsigned char *p= *pp;
144 long ret=0; 145 unsigned long ret=0;
145 int i; 146 int i;
146 147
147 if (max-- < 1) return(0); 148 if (max-- < 1) return(0);
@@ -170,10 +171,10 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
170 else 171 else
171 ret=i; 172 ret=i;
172 } 173 }
173 if (ret < 0) 174 if (ret > LONG_MAX)
174 return 0; 175 return 0;
175 *pp=p; 176 *pp=p;
176 *rl=ret; 177 *rl=(long)ret;
177 return(1); 178 return(1);
178 } 179 }
179 180
diff --git a/src/lib/libssl/src/crypto/asn1/t_req.c b/src/lib/libssl/src/crypto/asn1/t_req.c
index 848c29a2dd..739f272ecf 100644
--- a/src/lib/libssl/src/crypto/asn1/t_req.c
+++ b/src/lib/libssl/src/crypto/asn1/t_req.c
@@ -82,7 +82,7 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
82 } 82 }
83#endif 83#endif
84 84
85int X509_REQ_print(BIO *bp, X509_REQ *x) 85int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
86 { 86 {
87 unsigned long l; 87 unsigned long l;
88 int i; 88 int i;
@@ -92,143 +92,185 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
92 STACK_OF(X509_ATTRIBUTE) *sk; 92 STACK_OF(X509_ATTRIBUTE) *sk;
93 STACK_OF(X509_EXTENSION) *exts; 93 STACK_OF(X509_EXTENSION) *exts;
94 char str[128]; 94 char str[128];
95 char mlch = ' ';
96 int nmindent = 0;
97
98 if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
99 mlch = '\n';
100 nmindent = 12;
101 }
102
103 if(nmflags == X509_FLAG_COMPAT)
104 nmindent = 16;
105
95 106
96 ri=x->req_info; 107 ri=x->req_info;
97 sprintf(str,"Certificate Request:\n"); 108 if(!(cflag & X509_FLAG_NO_HEADER))
98 if (BIO_puts(bp,str) <= 0) goto err;
99 sprintf(str,"%4sData:\n","");
100 if (BIO_puts(bp,str) <= 0) goto err;
101
102 neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
103 l=0;
104 for (i=0; i<ri->version->length; i++)
105 { l<<=8; l+=ri->version->data[i]; }
106 sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
107 if (BIO_puts(bp,str) <= 0) goto err;
108 sprintf(str,"%8sSubject: ","");
109 if (BIO_puts(bp,str) <= 0) goto err;
110
111 X509_NAME_print(bp,ri->subject,16);
112 sprintf(str,"\n%8sSubject Public Key Info:\n","");
113 if (BIO_puts(bp,str) <= 0) goto err;
114 i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
115 sprintf(str,"%12sPublic Key Algorithm: %s\n","",
116 (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
117 if (BIO_puts(bp,str) <= 0) goto err;
118
119 pkey=X509_REQ_get_pubkey(x);
120#ifndef OPENSSL_NO_RSA
121 if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
122 { 109 {
123 BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", 110 if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
124 BN_num_bits(pkey->pkey.rsa->n)); 111 if (BIO_write(bp," Data:\n",10) <= 0) goto err;
125 RSA_print(bp,pkey->pkey.rsa,16);
126 } 112 }
127 else 113 if(!(cflag & X509_FLAG_NO_VERSION))
128#endif
129#ifndef OPENSSL_NO_DSA
130 if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
131 { 114 {
132 BIO_printf(bp,"%12sDSA Public Key:\n",""); 115 neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
133 DSA_print(bp,pkey->pkey.dsa,16); 116 l=0;
117 for (i=0; i<ri->version->length; i++)
118 { l<<=8; l+=ri->version->data[i]; }
119 sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
120 if (BIO_puts(bp,str) <= 0) goto err;
134 } 121 }
135 else 122 if(!(cflag & X509_FLAG_NO_SUBJECT))
136#endif 123 {
137 BIO_printf(bp,"%12sUnknown Public Key:\n",""); 124 if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
125 if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
126 if (BIO_write(bp,"\n",1) <= 0) goto err;
127 }
128 if(!(cflag & X509_FLAG_NO_PUBKEY))
129 {
130 if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
131 goto err;
132 if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
133 goto err;
134 if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
135 goto err;
136 if (BIO_puts(bp, "\n") <= 0)
137 goto err;
138 138
139 if (pkey != NULL) 139 pkey=X509_REQ_get_pubkey(x);
140 EVP_PKEY_free(pkey); 140 if (pkey == NULL)
141 {
142 BIO_printf(bp,"%12sUnable to load Public Key\n","");
143 ERR_print_errors(bp);
144 }
145 else
146#ifndef OPENSSL_NO_RSA
147 if (pkey->type == EVP_PKEY_RSA)
148 {
149 BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
150 BN_num_bits(pkey->pkey.rsa->n));
151 RSA_print(bp,pkey->pkey.rsa,16);
152 }
153 else
154#endif
155#ifndef OPENSSL_NO_DSA
156 if (pkey->type == EVP_PKEY_DSA)
157 {
158 BIO_printf(bp,"%12sDSA Public Key:\n","");
159 DSA_print(bp,pkey->pkey.dsa,16);
160 }
161 else
162#endif
163 BIO_printf(bp,"%12sUnknown Public Key:\n","");
141 164
142 /* may not be */ 165 EVP_PKEY_free(pkey);
143 sprintf(str,"%8sAttributes:\n",""); 166 }
144 if (BIO_puts(bp,str) <= 0) goto err;
145 167
146 sk=x->req_info->attributes; 168 if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
147 if (sk_X509_ATTRIBUTE_num(sk) == 0)
148 { 169 {
149 sprintf(str,"%12sa0:00\n",""); 170 /* may not be */
171 sprintf(str,"%8sAttributes:\n","");
150 if (BIO_puts(bp,str) <= 0) goto err; 172 if (BIO_puts(bp,str) <= 0) goto err;
151 } 173
152 else 174 sk=x->req_info->attributes;
153 { 175 if (sk_X509_ATTRIBUTE_num(sk) == 0)
154 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
155 { 176 {
156 ASN1_TYPE *at; 177 sprintf(str,"%12sa0:00\n","");
157 X509_ATTRIBUTE *a;
158 ASN1_BIT_STRING *bs=NULL;
159 ASN1_TYPE *t;
160 int j,type=0,count=1,ii=0;
161
162 a=sk_X509_ATTRIBUTE_value(sk,i);
163 if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
164 continue;
165 sprintf(str,"%12s","");
166 if (BIO_puts(bp,str) <= 0) goto err; 178 if (BIO_puts(bp,str) <= 0) goto err;
167 if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) 179 }
180 else
168 { 181 {
169 if (a->single) 182 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
170 { 183 {
171 t=a->value.single; 184 ASN1_TYPE *at;
172 type=t->type; 185 X509_ATTRIBUTE *a;
173 bs=t->value.bit_string; 186 ASN1_BIT_STRING *bs=NULL;
174 } 187 ASN1_TYPE *t;
175 else 188 int j,type=0,count=1,ii=0;
189
190 a=sk_X509_ATTRIBUTE_value(sk,i);
191 if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
192 continue;
193 sprintf(str,"%12s","");
194 if (BIO_puts(bp,str) <= 0) goto err;
195 if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
176 { 196 {
177 ii=0; 197 if (a->single)
178 count=sk_ASN1_TYPE_num(a->value.set); 198 {
199 t=a->value.single;
200 type=t->type;
201 bs=t->value.bit_string;
202 }
203 else
204 {
205 ii=0;
206 count=sk_ASN1_TYPE_num(a->value.set);
179get_next: 207get_next:
180 at=sk_ASN1_TYPE_value(a->value.set,ii); 208 at=sk_ASN1_TYPE_value(a->value.set,ii);
181 type=at->type; 209 type=at->type;
182 bs=at->value.asn1_string; 210 bs=at->value.asn1_string;
211 }
212 }
213 for (j=25-j; j>0; j--)
214 if (BIO_write(bp," ",1) != 1) goto err;
215 if (BIO_puts(bp,":") <= 0) goto err;
216 if ( (type == V_ASN1_PRINTABLESTRING) ||
217 (type == V_ASN1_T61STRING) ||
218 (type == V_ASN1_IA5STRING))
219 {
220 if (BIO_write(bp,(char *)bs->data,bs->length)
221 != bs->length)
222 goto err;
223 BIO_puts(bp,"\n");
224 }
225 else
226 {
227 BIO_puts(bp,"unable to print attribute\n");
228 }
229 if (++ii < count) goto get_next;
183 } 230 }
184 } 231 }
185 for (j=25-j; j>0; j--) 232 }
186 if (BIO_write(bp," ",1) != 1) goto err; 233 if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
187 if (BIO_puts(bp,":") <= 0) goto err; 234 {
188 if ( (type == V_ASN1_PRINTABLESTRING) || 235 exts = X509_REQ_get_extensions(x);
189 (type == V_ASN1_T61STRING) || 236 if(exts)
190 (type == V_ASN1_IA5STRING)) 237 {
238 BIO_printf(bp,"%8sRequested Extensions:\n","");
239 for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
191 { 240 {
192 if (BIO_write(bp,(char *)bs->data,bs->length) 241 ASN1_OBJECT *obj;
193 != bs->length) 242 X509_EXTENSION *ex;
243 int j;
244 ex=sk_X509_EXTENSION_value(exts, i);
245 if (BIO_printf(bp,"%12s","") <= 0) goto err;
246 obj=X509_EXTENSION_get_object(ex);
247 i2a_ASN1_OBJECT(bp,obj);
248 j=X509_EXTENSION_get_critical(ex);
249 if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
194 goto err; 250 goto err;
195 BIO_puts(bp,"\n"); 251 if(!X509V3_EXT_print(bp, ex, 0, 16))
196 } 252 {
197 else 253 BIO_printf(bp, "%16s", "");
198 { 254 M_ASN1_OCTET_STRING_print(bp,ex->value);
199 BIO_puts(bp,"unable to print attribute\n"); 255 }
256 if (BIO_write(bp,"\n",1) <= 0) goto err;
200 } 257 }
201 if (++ii < count) goto get_next; 258 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
202 } 259 }
203 } 260 }
204 261
205 exts = X509_REQ_get_extensions(x); 262 if(!(cflag & X509_FLAG_NO_SIGDUMP))
206 if(exts) { 263 {
207 BIO_printf(bp,"%8sRequested Extensions:\n",""); 264 if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
208 for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
209 ASN1_OBJECT *obj;
210 X509_EXTENSION *ex;
211 int j;
212 ex=sk_X509_EXTENSION_value(exts, i);
213 if (BIO_printf(bp,"%12s","") <= 0) goto err;
214 obj=X509_EXTENSION_get_object(ex);
215 i2a_ASN1_OBJECT(bp,obj);
216 j=X509_EXTENSION_get_critical(ex);
217 if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
218 goto err;
219 if(!X509V3_EXT_print(bp, ex, 0, 16)) {
220 BIO_printf(bp, "%16s", "");
221 M_ASN1_OCTET_STRING_print(bp,ex->value);
222 }
223 if (BIO_write(bp,"\n",1) <= 0) goto err;
224 } 265 }
225 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
226 }
227
228 if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
229 266
230 return(1); 267 return(1);
231err: 268err:
232 X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB); 269 X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
233 return(0); 270 return(0);
234 } 271 }
272
273int X509_REQ_print(BIO *bp, X509_REQ *x)
274 {
275 return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
276 }
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index 0fc1f421e2..f87c08793a 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -913,10 +913,10 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i
913 ctx->ptag = ptag; 913 ctx->ptag = ptag;
914 ctx->hdrlen = p - q; 914 ctx->hdrlen = p - q;
915 ctx->valid = 1; 915 ctx->valid = 1;
916 /* If definite length, length + header can't exceed total 916 /* If definite length, and no error, length +
917 * amount of data available. 917 * header can't exceed total amount of data available.
918 */ 918 */
919 if(!(i & 1) && ((plen + ctx->hdrlen) > len)) { 919 if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
920 ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); 920 ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
921 asn1_tlc_clear(ctx); 921 asn1_tlc_clear(ctx);
922 return 0; 922 return 0;
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
index 3ce1290772..80c9cb69db 100644
--- a/src/lib/libssl/src/crypto/bio/b_print.c
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -109,7 +109,7 @@
109 * o ... (for OpenSSL) 109 * o ... (for OpenSSL)
110 */ 110 */
111 111
112#if HAVE_LONG_DOUBLE 112#ifdef HAVE_LONG_DOUBLE
113#define LDOUBLE long double 113#define LDOUBLE long double
114#else 114#else
115#define LDOUBLE double 115#define LDOUBLE double
diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h
index 1eaf879553..b40682f831 100644
--- a/src/lib/libssl/src/crypto/bn/bn.h
+++ b/src/lib/libssl/src/crypto/bn/bn.h
@@ -430,7 +430,7 @@ int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
430int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, 430int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
431 BN_MONT_CTX *mont, BN_CTX *ctx); 431 BN_MONT_CTX *mont, BN_CTX *ctx);
432void BN_MONT_CTX_free(BN_MONT_CTX *mont); 432void BN_MONT_CTX_free(BN_MONT_CTX *mont);
433int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx); 433int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
434BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); 434BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
435 435
436BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); 436BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c
index d301b376f7..612b3b93b4 100644
--- a/src/lib/libssl/src/crypto/cryptlib.c
+++ b/src/lib/libssl/src/crypto/cryptlib.c
@@ -492,11 +492,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
492#endif 492#endif
493 493
494#endif 494#endif
495
496void OpenSSLDie(const char *file,int line,const char *assertion)
497 {
498 fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
499 file,line,assertion);
500 abort();
501 }
502
diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h
index 985a6d377c..88e4ae509f 100644
--- a/src/lib/libssl/src/crypto/cryptlib.h
+++ b/src/lib/libssl/src/crypto/cryptlib.h
@@ -93,10 +93,6 @@ extern "C" {
93#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) 93#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
94#define HEX_SIZE(type) ((sizeof(type)*2) 94#define HEX_SIZE(type) ((sizeof(type)*2)
95 95
96/* die if we have to */
97void OpenSSLDie(const char *file,int line,const char *assertion);
98#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
99
100#ifdef __cplusplus 96#ifdef __cplusplus
101} 97}
102#endif 98#endif
diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com
index 4847a69a71..dfcff11860 100644
--- a/src/lib/libssl/src/crypto/crypto-lib.com
+++ b/src/lib/libssl/src/crypto/crypto-lib.com
@@ -231,7 +231,7 @@ $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
231 "rand_vms" 231 "rand_vms"
232$ LIB_ERR = "err,err_all,err_prn" 232$ LIB_ERR = "err,err_all,err_prn"
233$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" 233$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
234$ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ - 234$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
235 "e_des,e_bf,e_idea,e_des3,"+ - 235 "e_des,e_bf,e_idea,e_des3,"+ -
236 "e_rc4,e_aes,names,"+ - 236 "e_rc4,e_aes,names,"+ -
237 "e_xcbc_d,e_rc2,e_cast,e_rc5" 237 "e_xcbc_d,e_rc2,e_cast,e_rc5"
@@ -265,14 +265,14 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
265 "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - 265 "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
266 "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - 266 "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
267 "v3_ocsp,v3_akeya" 267 "v3_ocsp,v3_akeya"
268$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall" 268$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
269$ LIB_TXT_DB = "txt_db" 269$ LIB_TXT_DB = "txt_db"
270$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - 270$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
271 "pk7_mime" 271 "pk7_mime"
272$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - 272$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
273 "p12_init,p12_key,p12_kiss,p12_mutl,"+ - 273 "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
274 "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" 274 "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
275$ LIB_COMP = "comp_lib,"+ - 275$ LIB_COMP = "comp_lib,comp_err,"+ -
276 "c_rle,c_zlib" 276 "c_rle,c_zlib"
277$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - 277$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
278 "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" 278 "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
@@ -1325,7 +1325,7 @@ $ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
1325$! 1325$!
1326$! Show user the result 1326$! Show user the result
1327$! 1327$!
1328$ WRITE SYS$OUTPUT "Main C Compiling Command: ",CC 1328$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
1329$! 1329$!
1330$! Else The User Entered An Invalid Arguement. 1330$! Else The User Entered An Invalid Arguement.
1331$! 1331$!
@@ -1356,7 +1356,7 @@ $ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE
1356$! 1356$!
1357$! Show user the result 1357$! Show user the result
1358$! 1358$!
1359$ WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO 1359$ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
1360$! 1360$!
1361$! Time to check the contents, and to make sure we get the correct library. 1361$! Time to check the contents, and to make sure we get the correct library.
1362$! 1362$!
diff --git a/src/lib/libssl/src/crypto/des/des_ver.h b/src/lib/libssl/src/crypto/des/des_ver.h
index 0fa94d5368..379bbadda2 100644
--- a/src/lib/libssl/src/crypto/des/des_ver.h
+++ b/src/lib/libssl/src/crypto/des/des_ver.h
@@ -63,5 +63,9 @@
63# define OPENSSL_EXTERN OPENSSL_EXPORT 63# define OPENSSL_EXTERN OPENSSL_EXPORT
64#endif 64#endif
65 65
66OPENSSL_EXTERN char *DES_version; /* SSLeay version string */ 66/* The following macros make sure the names are different from libdes names */
67OPENSSL_EXTERN char *libdes_version; /* old libdes version string */ 67#define DES_version OSSL_DES_version
68#define libdes_version OSSL_libdes_version
69
70OPENSSL_EXTERN const char *OSSL_DES_version; /* SSLeay version string */
71OPENSSL_EXTERN const char *OSSL_libdes_version; /* old libdes version string */
diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c
index 4650f2fa0f..1b70f68806 100644
--- a/src/lib/libssl/src/crypto/des/ecb_enc.c
+++ b/src/lib/libssl/src/crypto/des/ecb_enc.c
@@ -57,6 +57,7 @@
57 */ 57 */
58 58
59#include "des_locl.h" 59#include "des_locl.h"
60#include "des_ver.h"
60#include "spr.h" 61#include "spr.h"
61#include <openssl/opensslv.h> 62#include <openssl/opensslv.h>
62 63
diff --git a/src/lib/libssl/src/crypto/des/set_key.c b/src/lib/libssl/src/crypto/des/set_key.c
index 683916e71b..143008ed9c 100644
--- a/src/lib/libssl/src/crypto/des/set_key.c
+++ b/src/lib/libssl/src/crypto/des/set_key.c
@@ -342,7 +342,7 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
342 register DES_LONG *k; 342 register DES_LONG *k;
343 register int i; 343 register int i;
344 344
345#if OPENBSD_DEV_CRYPTO 345#ifdef OPENBSD_DEV_CRYPTO
346 memcpy(schedule->key,key,sizeof schedule->key); 346 memcpy(schedule->key,key,sizeof schedule->key);
347 schedule->session=NULL; 347 schedule->session=NULL;
348#endif 348#endif
diff --git a/src/lib/libssl/src/crypto/engine/hw_4758_cca.c b/src/lib/libssl/src/crypto/engine/hw_4758_cca.c
index 1053c52082..bfb80968e2 100644
--- a/src/lib/libssl/src/crypto/engine/hw_4758_cca.c
+++ b/src/lib/libssl/src/crypto/engine/hw_4758_cca.c
@@ -953,7 +953,7 @@ static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
953#ifdef ENGINE_DYNAMIC_SUPPORT 953#ifdef ENGINE_DYNAMIC_SUPPORT
954static int bind_fn(ENGINE *e, const char *id) 954static int bind_fn(ENGINE *e, const char *id)
955 { 955 {
956 if(id && (strcmp(id, engine_cswift_id) != 0)) 956 if(id && (strcmp(id, engine_4758_cca_id) != 0))
957 return 0; 957 return 0;
958 if(!bind_helper(e)) 958 if(!bind_helper(e))
959 return 0; 959 return 0;
diff --git a/src/lib/libssl/src/crypto/engine/hw_ubsec.c b/src/lib/libssl/src/crypto/engine/hw_ubsec.c
index 63397f868c..ed8401ec16 100644
--- a/src/lib/libssl/src/crypto/engine/hw_ubsec.c
+++ b/src/lib/libssl/src/crypto/engine/hw_ubsec.c
@@ -93,7 +93,7 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
93static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 93static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
94 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 94 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
95#ifndef OPENSSL_NO_DSA 95#ifndef OPENSSL_NO_DSA
96#if NOT_USED 96#ifdef NOT_USED
97static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, 97static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
98 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, 98 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
99 BN_CTX *ctx, BN_MONT_CTX *in_mont); 99 BN_CTX *ctx, BN_MONT_CTX *in_mont);
@@ -113,7 +113,7 @@ static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
113static int ubsec_dh_generate_key(DH *dh); 113static int ubsec_dh_generate_key(DH *dh);
114#endif 114#endif
115 115
116#if NOT_USED 116#ifdef NOT_USED
117static int ubsec_rand_bytes(unsigned char *buf, int num); 117static int ubsec_rand_bytes(unsigned char *buf, int num);
118static int ubsec_rand_status(void); 118static int ubsec_rand_status(void);
119#endif 119#endif
@@ -663,7 +663,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
663} 663}
664 664
665#ifndef OPENSSL_NO_DSA 665#ifndef OPENSSL_NO_DSA
666#if NOT_USED 666#ifdef NOT_USED
667static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, 667static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
668 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, 668 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
669 BN_CTX *ctx, BN_MONT_CTX *in_mont) 669 BN_CTX *ctx, BN_MONT_CTX *in_mont)
@@ -987,7 +987,7 @@ err:
987 } 987 }
988#endif 988#endif
989 989
990#if NOT_USED 990#ifdef NOT_USED
991static int ubsec_rand_bytes(unsigned char * buf, 991static int ubsec_rand_bytes(unsigned char * buf,
992 int num) 992 int num)
993 { 993 {
diff --git a/src/lib/libssl/src/crypto/evp/evp_locl.h b/src/lib/libssl/src/crypto/evp/evp_locl.h
index 7b088b4848..4d81a3bf4c 100644
--- a/src/lib/libssl/src/crypto/evp/evp_locl.h
+++ b/src/lib/libssl/src/crypto/evp/evp_locl.h
@@ -124,17 +124,17 @@ const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
124BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ 124BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
125 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) 125 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
126 126
127#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \ 127#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
128 iv_len, cbits, flags, init_key, cleanup, \ 128 iv_len, cbits, flags, init_key, cleanup, \
129 set_asn1, get_asn1, ctrl) \ 129 set_asn1, get_asn1, ctrl) \
130BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, block_size, \ 130BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \
131 key_len, iv_len, flags, init_key, cleanup, set_asn1, \ 131 key_len, iv_len, flags, init_key, cleanup, set_asn1, \
132 get_asn1, ctrl) 132 get_asn1, ctrl)
133 133
134#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \ 134#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
135 iv_len, cbits, flags, init_key, cleanup, \ 135 iv_len, cbits, flags, init_key, cleanup, \
136 set_asn1, get_asn1, ctrl) \ 136 set_asn1, get_asn1, ctrl) \
137BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, block_size, \ 137BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
138 key_len, iv_len, flags, init_key, cleanup, set_asn1, \ 138 key_len, iv_len, flags, init_key, cleanup, set_asn1, \
139 get_asn1, ctrl) 139 get_asn1, ctrl)
140 140
@@ -149,9 +149,9 @@ BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
149 init_key, cleanup, set_asn1, get_asn1, ctrl) \ 149 init_key, cleanup, set_asn1, get_asn1, ctrl) \
150BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ 150BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
151 init_key, cleanup, set_asn1, get_asn1, ctrl) \ 151 init_key, cleanup, set_asn1, get_asn1, ctrl) \
152BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \ 152BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
153 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ 153 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
154BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \ 154BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
155 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ 155 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
156BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ 156BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
157 init_key, cleanup, set_asn1, get_asn1, ctrl) 157 init_key, cleanup, set_asn1, get_asn1, ctrl)
diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c
index effec714e8..a7826908e6 100644
--- a/src/lib/libssl/src/crypto/mem.c
+++ b/src/lib/libssl/src/crypto/mem.c
@@ -303,6 +303,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
303 { 303 {
304 void *ret = NULL; 304 void *ret = NULL;
305 305
306 if (str == NULL)
307 return CRYPTO_malloc(num, file, line);
308
306 if (realloc_debug_func != NULL) 309 if (realloc_debug_func != NULL)
307 realloc_debug_func(str, NULL, num, file, line, 0); 310 realloc_debug_func(str, NULL, num, file, line, 0);
308 ret = realloc_ex_func(str,num,file,line); 311 ret = realloc_ex_func(str,num,file,line);
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c
index 02c3719f04..ce779dc1b5 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.c
@@ -425,7 +425,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
425 a2d_ASN1_OBJECT(p,i,s,-1); 425 a2d_ASN1_OBJECT(p,i,s,-1);
426 426
427 p=buf; 427 p=buf;
428 op=d2i_ASN1_OBJECT(NULL,&p,i); 428 op=d2i_ASN1_OBJECT(NULL,&p,j);
429 OPENSSL_free(buf); 429 OPENSSL_free(buf);
430 return op; 430 return op;
431 } 431 }
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
index 18b751a91a..a8db6ffbf5 100644
--- a/src/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -366,8 +366,11 @@ err:
366 memset(iv,0,sizeof(iv)); 366 memset(iv,0,sizeof(iv));
367 memset((char *)&ctx,0,sizeof(ctx)); 367 memset((char *)&ctx,0,sizeof(ctx));
368 memset(buf,0,PEM_BUFSIZE); 368 memset(buf,0,PEM_BUFSIZE);
369 memset(data,0,(unsigned int)dsize); 369 if (data != NULL)
370 OPENSSL_free(data); 370 {
371 memset(data,0,(unsigned int)dsize);
372 OPENSSL_free(data);
373 }
371 return(ret); 374 return(ret);
372 } 375 }
373 376
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_asn.c b/src/lib/libssl/src/crypto/pkcs12/p12_asn.c
index c327bdba03..a3739fee1a 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_asn.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_asn.c
@@ -83,8 +83,8 @@ ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0)
83 83
84ASN1_ADB(PKCS12_BAGS) = { 84ASN1_ADB(PKCS12_BAGS) = {
85 ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), 85 ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
86 ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), 86 ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
87 ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), 87 ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
88} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL); 88} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
89 89
90ASN1_SEQUENCE(PKCS12_BAGS) = { 90ASN1_SEQUENCE(PKCS12_BAGS) = {
@@ -98,7 +98,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_
98 98
99ASN1_ADB(PKCS12_SAFEBAG) = { 99ASN1_ADB(PKCS12_SAFEBAG) = {
100 ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), 100 ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
101 ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, X509_SIG, 0)), 101 ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
102 ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), 102 ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
103 ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), 103 ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
104 ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), 104 ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
index c00ed6833a..985b07245c 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
@@ -74,6 +74,13 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
74 if (nid == NID_pkcs7_signed) 74 if (nid == NID_pkcs7_signed)
75 { 75 {
76 ret=p7->detached=(int)larg; 76 ret=p7->detached=(int)larg;
77 if (ret && PKCS7_type_is_data(p7->d.sign->contents))
78 {
79 ASN1_OCTET_STRING *os;
80 os=p7->d.sign->contents->d.data;
81 ASN1_OCTET_STRING_free(os);
82 p7->d.sign->contents->d.data = NULL;
83 }
77 } 84 }
78 else 85 else
79 { 86 {
diff --git a/src/lib/libssl/src/crypto/ripemd/rmdtest.c b/src/lib/libssl/src/crypto/ripemd/rmdtest.c
index 19e9741db2..be1fb8b1f6 100644
--- a/src/lib/libssl/src/crypto/ripemd/rmdtest.c
+++ b/src/lib/libssl/src/crypto/ripemd/rmdtest.c
@@ -59,7 +59,6 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <string.h> 60#include <string.h>
61#include <stdlib.h> 61#include <stdlib.h>
62#include <openssl/ripemd.h>
63 62
64#ifdef OPENSSL_NO_RIPEMD 63#ifdef OPENSSL_NO_RIPEMD
65int main(int argc, char *argv[]) 64int main(int argc, char *argv[])
@@ -68,6 +67,7 @@ int main(int argc, char *argv[])
68 return(0); 67 return(0);
69} 68}
70#else 69#else
70#include <openssl/ripemd.h>
71#include <openssl/evp.h> 71#include <openssl/evp.h>
72 72
73#ifdef CHARSET_EBCDIC 73#ifdef CHARSET_EBCDIC
diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h
index c75aa0c717..7095440d36 100644
--- a/src/lib/libssl/src/crypto/x509/x509.h
+++ b/src/lib/libssl/src/crypto/x509/x509.h
@@ -331,6 +331,7 @@ DECLARE_STACK_OF(X509_TRUST)
331#define X509_FLAG_NO_EXTENSIONS (1L << 8) 331#define X509_FLAG_NO_EXTENSIONS (1L << 8)
332#define X509_FLAG_NO_SIGDUMP (1L << 9) 332#define X509_FLAG_NO_SIGDUMP (1L << 9)
333#define X509_FLAG_NO_AUX (1L << 10) 333#define X509_FLAG_NO_AUX (1L << 10)
334#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
334 335
335/* Flags specific to X509_NAME_print_ex() */ 336/* Flags specific to X509_NAME_print_ex() */
336 337
@@ -1015,6 +1016,7 @@ int X509_print(BIO *bp,X509 *x);
1015int X509_ocspid_print(BIO *bp,X509 *x); 1016int X509_ocspid_print(BIO *bp,X509 *x);
1016int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); 1017int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
1017int X509_CRL_print(BIO *bp,X509_CRL *x); 1018int X509_CRL_print(BIO *bp,X509_CRL *x);
1019int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
1018int X509_REQ_print(BIO *bp,X509_REQ *req); 1020int X509_REQ_print(BIO *bp,X509_REQ *req);
1019#endif 1021#endif
1020 1022
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/Makefile b/src/lib/libssl/src/demos/engines/cluster_labs/Makefile
new file mode 100644
index 0000000000..956193f093
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/Makefile
@@ -0,0 +1,114 @@
1LIBNAME= libclabs
2SRC= hw_cluster_labs.c
3OBJ= hw_cluster_labs.o
4HEADER= hw_cluster_labs.h
5
6CC= gcc
7PIC= -fPIC
8CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
9AR= ar r
10RANLIB= ranlib
11
12LIB= $(LIBNAME).a
13SHLIB= $(LIBNAME).so
14
15all:
16 @echo 'Please choose a system to build on:'
17 @echo ''
18 @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
19 @echo 'solaris: Solaris'
20 @echo 'irix: IRIX'
21 @echo 'hpux32: 32-bit HP/UX'
22 @echo 'hpux64: 64-bit HP/UX'
23 @echo 'aix: AIX'
24 @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
25 @echo ''
26
27FORCE.update:
28update: FORCE.update
29 perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
30 -nostatic -staticloader -write hw_cluster_labs.c
31
32gnu: $(SHLIB).gnu
33tru64: $(SHLIB).tru64
34solaris: $(SHLIB).solaris
35irix: $(SHLIB).irix
36hpux32: $(SHLIB).hpux32
37hpux64: $(SHLIB).hpux64
38aix: $(SHLIB).aix
39
40$(LIB): $(OBJ)
41 $(AR) $(LIB) $(OBJ)
42 - $(RANLIB) $(LIB)
43
44LINK_SO= \
45 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
46 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
47 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
48
49$(SHLIB).gnu: $(LIB)
50 ALLSYMSFLAGS='--whole-archive' \
51 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
52 SHAREDCMD='$(CC)'; \
53 $(LINK_SO)
54 touch $(SHLIB).gnu
55$(SHLIB).tru64: $(LIB)
56 ALLSYMSFLAGS='-all' \
57 SHAREDFLAGS='-shared' \
58 SHAREDCMD='$(CC)'; \
59 $(LINK_SO)
60 touch $(SHLIB).tru64
61$(SHLIB).solaris: $(LIB)
62 ALLSYMSFLAGS='-z allextract' \
63 SHAREDFLAGS='-G -h $(SHLIB)' \
64 SHAREDCMD='$(CC)'; \
65 $(LINK_SO)
66 touch $(SHLIB).solaris
67$(SHLIB).irix: $(LIB)
68 ALLSYMSFLAGS='-all' \
69 SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
70 SHAREDCMD='$(CC)'; \
71 $(LINK_SO)
72 touch $(SHLIB).irix
73$(SHLIB).hpux32: $(LIB)
74 ALLSYMSFLAGS='-Fl' \
75 SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
76 SHAREDCMD='/usr/ccs/bin/ld'; \
77 $(LINK_SO)
78 touch $(SHLIB).hpux32
79$(SHLIB).hpux64: $(LIB)
80 ALLSYMSFLAGS='+forceload' \
81 SHAREDFLAGS='-b -z +h $(SHLIB)' \
82 SHAREDCMD='/usr/ccs/bin/ld'; \
83 $(LINK_SO)
84 touch $(SHLIB).hpux64
85$(SHLIB).aix: $(LIB)
86 ALLSYMSFLAGS='-bnogc' \
87 SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
88 SHAREDCMD='$(CC)'; \
89 $(LINK_SO)
90 touch $(SHLIB).aix
91
92depend:
93 sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
94 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
95 gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
96 perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
97 rm -f Makefile.tmp Makefile
98 mv Makefile.new Makefile
99
100# DO NOT DELETE THIS LINE -- make depend depends on it.
101
102rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
103rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
104rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
105rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
106rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
107rsaref.o: ../../../include/openssl/opensslconf.h
108rsaref.o: ../../../include/openssl/opensslv.h
109rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
110rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
111rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
112rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
113rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
114rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h b/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h
new file mode 100644
index 0000000000..d0926796f0
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h
@@ -0,0 +1,35 @@
1typedef int cl_engine_init(void);
2typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
3 const BIGNUM *m, BN_CTX *cgx);
4typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
5 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
6 const BIGNUM *iqmp, BN_CTX *ctx);
7typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
8typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
9 unsigned char *to, RSA *rsa, int padding);
10typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
11 unsigned char *to, RSA *rsa, int padding);
12typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,
13 unsigned char *to, RSA *rsa, int padding);
14typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,
15 unsigned char *to, RSA *rsa, int padding);
16typedef int cl_rand_bytes(unsigned char *buf, int num);
17typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
18typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
19 DSA_SIG *sig, DSA *dsa);
20
21
22static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
23static const char *CLUSTER_LABS_F1 = "hw_engine_init";
24static const char *CLUSTER_LABS_F2 = "hw_mod_exp";
25static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt";
26static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp";
27static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc";
28static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec";
29static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc";
30static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec";
31static const char *CLUSTER_LABS_F20 = "hw_rand_bytes";
32static const char *CLUSTER_LABS_F30 = "hw_dsa_sign";
33static const char *CLUSTER_LABS_F31 = "hw_dsa_verify";
34
35
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c
new file mode 100644
index 0000000000..00c14f2755
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c
@@ -0,0 +1,718 @@
1/* crypto/engine/hw_cluster_labs.c */
2/* Written by Jan Tschirschwitz (jan.tschirschwitz@cluster-labs.com
3 * for the OpenSSL project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#define MSC_VER /* only used cryptic.h */
60
61#include <stdio.h>
62#include <openssl/crypto.h>
63#include <openssl/dso.h>
64#include <openssl/des.h>
65#include <openssl/engine.h>
66
67#ifndef NO_HW
68#ifndef NO_HW_CLUSTER_LABS
69
70#ifdef FLAT_INC
71#include "cluster_labs.h"
72#else
73#include "vendor_defns/cluster_labs.h"
74#endif
75
76#define CL_LIB_NAME "cluster_labs engine"
77#include "hw_cluster_labs_err.c"
78
79
80static int cluster_labs_destroy(ENGINE *e);
81static int cluster_labs_init(ENGINE *e);
82static int cluster_labs_finish(ENGINE *e);
83static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
84
85
86/* BIGNUM stuff */
87/* This function is aliased to mod_exp (with the mont stuff dropped). */
88static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
89 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
90
91/* RSA stuff */
92#ifndef OPENSSL_NO_RSA
93static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
94 unsigned char *to, RSA *rsa, int padding);
95static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
96 unsigned char *to, RSA *rsa, int padding);
97static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
98 unsigned char *to, RSA *rsa, int padding);
99static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
100 unsigned char *to, RSA *rsa, int padding);
101static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
102#endif
103
104/* DSA stuff */
105#ifndef OPENSSL_NO_DSA
106DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
107static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
108 DSA_SIG *sig, DSA *dsa);
109static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
110 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
111 BN_CTX *ctx, BN_MONT_CTX *in_mont);
112static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
113 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
114 BN_MONT_CTX *m_ctx);
115#endif
116
117/* DH stuff */
118#ifndef OPENSSL_NO_DH
119/* This function is alised to mod_exp (with the DH and mont dropped). */
120static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
121 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
122#endif
123
124/* RANDOM stuff */
125static int cluster_labs_rand_bytes(unsigned char *buf, int num);
126
127/* The definitions for control commands specific to this engine */
128#define CLUSTER_LABS_CMD_SO_PATH ENGINE_CMD_BASE
129static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] =
130 {
131 { CLUSTER_LABS_CMD_SO_PATH,
132 "SO_PATH",
133 "Specifies the path to the 'cluster labs' shared library",
134 ENGINE_CMD_FLAG_STRING
135 },
136 {0, NULL, NULL, 0}
137 };
138
139/* Our internal RSA_METHOD that we provide pointers to */
140#ifndef OPENSSL_NO_RSA
141static RSA_METHOD cluster_labs_rsa =
142 {
143 "Cluster Labs RSA method",
144 cluster_labs_rsa_pub_enc, /* rsa_pub_enc */
145 cluster_labs_rsa_pub_dec, /* rsa_pub_dec */
146 cluster_labs_rsa_priv_enc, /* rsa_priv_enc */
147 cluster_labs_rsa_priv_dec, /* rsa_priv_dec */
148 cluster_labs_rsa_mod_exp, /* rsa_mod_exp */
149 cluster_labs_mod_exp_mont, /* bn_mod_exp */
150 NULL, /* init */
151 NULL, /* finish */
152 0, /* flags */
153 NULL, /* apps_data */
154 NULL, /* rsa_sign */
155 NULL /* rsa_verify */
156 };
157#endif
158
159/* Our internal DSA_METHOD that we provide pointers to */
160#ifndef OPENSSL_NO_DSA
161static DSA_METHOD cluster_labs_dsa =
162 {
163 "Cluster Labs DSA method",
164 cluster_labs_dsa_sign, /* dsa_do_sign */
165 NULL, /* dsa_sign_setup */
166 cluster_labs_dsa_verify, /* dsa_do_verify */
167 cluster_labs_dsa_mod_exp, /* dsa_mod_exp */
168 cluster_labs_mod_exp_dsa, /* bn_mod_exp */
169 NULL, /* init */
170 NULL, /* finish */
171 0, /* flags */
172 NULL /* app_data */
173 };
174#endif
175
176/* Our internal DH_METHOD that we provide pointers to */
177#ifndef OPENSSL_NO_DH
178static DH_METHOD cluster_labs_dh =
179 {
180 "Cluster Labs DH method",
181 NULL, /* generate key */
182 NULL, /* compute key */
183 cluster_labs_mod_exp_dh, /* bn_mod_exp */
184 NULL, /* init */
185 NULL, /* finish */
186 0, /* flags */
187 NULL /* app_data */
188 };
189#endif
190
191static RAND_METHOD cluster_labs_rand =
192 {
193 /* "Cluster Labs RAND method", */
194 NULL, /* seed */
195 cluster_labs_rand_bytes, /* bytes */
196 NULL, /* cleanup */
197 NULL, /* add */
198 cluster_labs_rand_bytes, /* pseudorand */
199 NULL, /* status */
200 };
201
202static const char *engine_cluster_labs_id = "cluster_labs";
203static const char *engine_cluster_labs_name = "Cluster Labs hardware engine support";
204
205/* engine implementation */
206/*-----------------------*/
207static int bind_helper(ENGINE *e)
208 {
209
210 if(!ENGINE_set_id(e, engine_cluster_labs_id) ||
211 !ENGINE_set_name(e, engine_cluster_labs_name) ||
212#ifndef OPENSSL_NO_RSA
213 !ENGINE_set_RSA(e, &cluster_labs_rsa) ||
214#endif
215#ifndef OPENSSL_NO_DSA
216 !ENGINE_set_DSA(e, &cluster_labs_dsa) ||
217#endif
218#ifndef OPENSSL_NO_DH
219 !ENGINE_set_DH(e, &cluster_labs_dh) ||
220#endif
221 !ENGINE_set_RAND(e, &cluster_labs_rand) ||
222 !ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
223 !ENGINE_set_init_function(e, cluster_labs_init) ||
224 !ENGINE_set_finish_function(e, cluster_labs_finish) ||
225 !ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
226 !ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
227 return 0;
228 /* Ensure the error handling is set up */
229 ERR_load_CL_strings();
230 return 1;
231 }
232
233#ifndef ENGINE_DYNAMIC_SUPPORT
234static ENGINE *engine_cluster_labs(void)
235 {
236 ENGINE *ret = ENGINE_new();
237
238 if(!ret)
239 return NULL;
240 if(!bind_helper(ret))
241 {
242 ENGINE_free(ret);
243 return NULL;
244 }
245 return ret;
246 }
247
248void ENGINE_load_cluster_labs(void)
249 {
250
251 ENGINE *cluster_labs = engine_cluster_labs();
252
253 if(!cluster_labs) return;
254 ENGINE_add(cluster_labs);
255 ENGINE_free(cluster_labs);
256 ERR_clear_error();
257 }
258#endif /* !ENGINE_DYNAMIC_SUPPORT */
259
260static int cluster_labs_destroy(ENGINE *e)
261 {
262
263 ERR_unload_CL_strings();
264 return 1;
265 }
266
267
268
269/* This is a process-global DSO handle used for loading and unloading
270 * the Cluster Labs library. NB: This is only set (or unset) during an
271 * init() or finish() call (reference counts permitting) and they're
272 * operating with global locks, so this should be thread-safe
273 * implicitly. */
274static DSO *cluster_labs_dso = NULL;
275
276/* These are the function pointers that are (un)set when the library has
277 * successfully (un)loaded. */
278static cl_engine_init *p_cl_engine_init = NULL;
279static cl_mod_exp *p_cl_mod_exp = NULL;
280static cl_mod_exp_crt *p_cl_mod_exp_crt = NULL;
281static cl_rsa_mod_exp *p_cl_rsa_mod_exp = NULL;
282static cl_rsa_priv_enc *p_cl_rsa_priv_enc = NULL;
283static cl_rsa_priv_dec *p_cl_rsa_priv_dec = NULL;
284static cl_rsa_pub_enc *p_cl_rsa_pub_enc = NULL;
285static cl_rsa_pub_dec *p_cl_rsa_pub_dec = NULL;
286static cl_rand_bytes *p_cl_rand_bytes = NULL;
287static cl_dsa_sign *p_cl_dsa_sign = NULL;
288static cl_dsa_verify *p_cl_dsa_verify = NULL;
289
290
291int cluster_labs_init(ENGINE *e)
292 {
293
294 cl_engine_init *p1;
295 cl_mod_exp *p2;
296 cl_mod_exp_crt *p3;
297 cl_rsa_mod_exp *p4;
298 cl_rsa_priv_enc *p5;
299 cl_rsa_priv_dec *p6;
300 cl_rsa_pub_enc *p7;
301 cl_rsa_pub_dec *p8;
302 cl_rand_bytes *p20;
303 cl_dsa_sign *p30;
304 cl_dsa_verify *p31;
305
306 /* engine already loaded */
307 if(cluster_labs_dso != NULL)
308 {
309 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_ALREADY_LOADED);
310 goto err;
311 }
312 /* try to load engine */
313 cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL,0);
314 if(cluster_labs_dso == NULL)
315 {
316 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
317 goto err;
318 }
319 /* bind functions */
320 if( !(p1 = (cl_engine_init *)DSO_bind_func(
321 cluster_labs_dso, CLUSTER_LABS_F1)) ||
322 !(p2 = (cl_mod_exp *)DSO_bind_func(
323 cluster_labs_dso, CLUSTER_LABS_F2)) ||
324 !(p3 = (cl_mod_exp_crt *)DSO_bind_func(
325 cluster_labs_dso, CLUSTER_LABS_F3)) ||
326 !(p4 = (cl_rsa_mod_exp *)DSO_bind_func(
327 cluster_labs_dso, CLUSTER_LABS_F4)) ||
328 !(p5 = (cl_rsa_priv_enc *)DSO_bind_func(
329 cluster_labs_dso, CLUSTER_LABS_F5)) ||
330 !(p6 = (cl_rsa_priv_dec *)DSO_bind_func(
331 cluster_labs_dso, CLUSTER_LABS_F6)) ||
332 !(p7 = (cl_rsa_pub_enc *)DSO_bind_func(
333 cluster_labs_dso, CLUSTER_LABS_F7)) ||
334 !(p8 = (cl_rsa_pub_dec *)DSO_bind_func(
335 cluster_labs_dso, CLUSTER_LABS_F8)) ||
336 !(p20= (cl_rand_bytes *)DSO_bind_func(
337 cluster_labs_dso, CLUSTER_LABS_F20)) ||
338 !(p30= (cl_dsa_sign *)DSO_bind_func(
339 cluster_labs_dso, CLUSTER_LABS_F30)) ||
340 !(p31= (cl_dsa_verify *)DSO_bind_func(
341 cluster_labs_dso, CLUSTER_LABS_F31)))
342 {
343 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
344 goto err;
345 }
346
347 /* copy function pointers */
348 p_cl_engine_init = p1;
349 p_cl_mod_exp = p2;
350 p_cl_mod_exp_crt = p3;
351 p_cl_rsa_mod_exp = p4;
352 p_cl_rsa_priv_enc = p5;
353 p_cl_rsa_priv_dec = p6;
354 p_cl_rsa_pub_enc = p7;
355 p_cl_rsa_pub_dec = p8;
356 p_cl_rand_bytes = p20;
357 p_cl_dsa_sign = p30;
358 p_cl_dsa_verify = p31;
359
360
361
362 /* cluster labs engine init */
363 if(p_cl_engine_init()== 0){
364 CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_INIT_FAILED);
365 goto err;
366 }
367
368 return(1);
369
370err:
371 /* reset all pointers */
372 if(cluster_labs_dso)
373 DSO_free(cluster_labs_dso);
374
375 cluster_labs_dso = NULL;
376 p_cl_engine_init = NULL;
377 p_cl_mod_exp = NULL;
378 p_cl_mod_exp_crt = NULL;
379 p_cl_rsa_mod_exp = NULL;
380 p_cl_rsa_priv_enc = NULL;
381 p_cl_rsa_priv_dec = NULL;
382 p_cl_rsa_pub_enc = NULL;
383 p_cl_rsa_pub_dec = NULL;
384 p_cl_rand_bytes = NULL;
385 p_cl_dsa_sign = NULL;
386 p_cl_dsa_verify = NULL;
387
388 return(0);
389 }
390
391
392static int cluster_labs_finish(ENGINE *e)
393 {
394
395 if(cluster_labs_dso == NULL)
396 {
397 CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_NOT_LOADED);
398 return 0;
399 }
400 if(!DSO_free(cluster_labs_dso))
401 {
402 CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_DSO_FAILURE);
403 return 0;
404 }
405
406 cluster_labs_dso = NULL;
407 p_cl_engine_init = NULL;
408 p_cl_mod_exp = NULL;
409 p_cl_rsa_mod_exp = NULL;
410 p_cl_mod_exp_crt = NULL;
411 p_cl_rsa_priv_enc = NULL;
412 p_cl_rsa_priv_dec = NULL;
413 p_cl_rsa_pub_enc = NULL;
414 p_cl_rsa_pub_dec = NULL;
415 p_cl_rand_bytes = NULL;
416 p_cl_dsa_sign = NULL;
417 p_cl_dsa_verify = NULL;
418
419 return(1);
420
421 }
422
423static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
424 {
425 int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);
426
427 switch(cmd)
428 {
429 case CLUSTER_LABS_CMD_SO_PATH:
430 if(p == NULL)
431 {
432 CLerr(CL_F_CLUSTER_LABS_CTRL,ERR_R_PASSED_NULL_PARAMETER);
433 return 0;
434 }
435 if(initialised)
436 {
437 CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_ALREADY_LOADED);
438 return 0;
439 }
440 CLUSTER_LABS_LIB_NAME = (const char *)p;
441 return 1;
442 default:
443 break;
444 }
445 CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_COMMAND_NOT_IMPLEMENTED);
446 return 0;
447 }
448
449
450static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
451 const BIGNUM *m, BN_CTX *ctx)
452 {
453
454 if(cluster_labs_dso == NULL)
455 {
456 CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_NOT_LOADED);
457 return 0;
458 }
459 if(p_cl_mod_exp == NULL)
460 {
461 CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
462 return 0;
463 }
464
465 return p_cl_mod_exp(r, a, p, m, ctx);
466
467 }
468
469static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
470 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
471 const BIGNUM *iqmp, BN_CTX *ctx)
472 {
473
474 if(cluster_labs_dso == NULL)
475 {
476 CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_NOT_LOADED);
477 return 0;
478 }
479 if(p_cl_mod_exp_crt == NULL)
480 {
481 CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_FUNCTION_NOT_BINDED);
482 return 0;
483 }
484
485 return p_cl_mod_exp_crt(r, a, p, q,dmp1, dmq1, iqmp, ctx);
486
487 }
488
489static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
490 {
491
492 if(cluster_labs_dso == NULL)
493 {
494 CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_NOT_LOADED);
495 return 0;
496 }
497 if(p_cl_rsa_mod_exp == NULL)
498 {
499 CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
500 return 0;
501 }
502
503 return p_cl_rsa_mod_exp(r0, I, rsa);
504
505 }
506
507DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
508 {
509
510 if(cluster_labs_dso == NULL)
511 {
512 CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_NOT_LOADED);
513 return 0;
514 }
515 if(p_cl_dsa_sign == NULL)
516 {
517 CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_FUNCTION_NOT_BINDED);
518 return 0;
519 }
520
521 return p_cl_dsa_sign(dgst, dlen, dsa);
522
523 }
524
525static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
526 DSA_SIG *sig, DSA *dsa)
527 {
528
529 if(cluster_labs_dso == NULL)
530 {
531 CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_NOT_LOADED);
532 return 0;
533 }
534
535 if(p_cl_dsa_verify == NULL)
536 {
537 CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_FUNCTION_NOT_BINDED);
538 return 0;
539 }
540
541 return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);
542
543 }
544
545static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
546 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
547 BN_CTX *ctx, BN_MONT_CTX *in_mont)
548 {
549 BIGNUM t;
550 int status = 0;
551
552 BN_init(&t);
553 /* let rr = a1 ^ p1 mod m */
554 if (!cluster_labs_mod_exp(rr,a1,p1,m,ctx)) goto end;
555 /* let t = a2 ^ p2 mod m */
556 if (!cluster_labs_mod_exp(&t,a2,p2,m,ctx)) goto end;
557 /* let rr = rr * t mod m */
558 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
559 status = 1;
560end:
561 BN_free(&t);
562
563 return(1);
564
565 }
566
567static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
568 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
569 BN_MONT_CTX *m_ctx)
570 {
571 return cluster_labs_mod_exp(r, a, p, m, ctx);
572 }
573
574/* This function is aliased to mod_exp (with the mont stuff dropped). */
575static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
576 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
577 {
578 return cluster_labs_mod_exp(r, a, p, m, ctx);
579 }
580
581
582/* This function is aliased to mod_exp (with the dh and mont dropped). */
583static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
584 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
585 {
586 return cluster_labs_mod_exp(r, a, p, m, ctx);
587 }
588
589
590static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
591 unsigned char *to, RSA *rsa, int padding)
592 {
593
594 if(cluster_labs_dso == NULL)
595 {
596 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_NOT_LOADED);
597 return 0;
598 }
599 if(p_cl_rsa_priv_enc == NULL)
600 {
601 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_FUNCTION_NOT_BINDED);
602 return 0;
603 }
604
605 return p_cl_rsa_pub_enc(flen, from, to, rsa, padding);
606
607 }
608
609static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
610 unsigned char *to, RSA *rsa, int padding)
611 {
612
613 if(cluster_labs_dso == NULL)
614 {
615 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_NOT_LOADED);
616 return 0;
617 }
618 if(p_cl_rsa_priv_enc == NULL)
619 {
620 CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_FUNCTION_NOT_BINDED);
621 return 0;
622 }
623
624 return p_cl_rsa_pub_dec(flen, from, to, rsa, padding);
625
626 }
627
628
629static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
630 unsigned char *to, RSA *rsa, int padding)
631 {
632
633 if(cluster_labs_dso == NULL)
634 {
635 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_NOT_LOADED);
636 return 0;
637 }
638
639 if(p_cl_rsa_priv_enc == NULL)
640 {
641 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_FUNCTION_NOT_BINDED);
642 return 0;
643 }
644
645 return p_cl_rsa_priv_enc(flen, from, to, rsa, padding);
646
647 }
648
649static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
650 unsigned char *to, RSA *rsa, int padding)
651 {
652
653 if(cluster_labs_dso == NULL)
654 {
655 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_NOT_LOADED);
656 return 0;
657 }
658 if(p_cl_rsa_priv_dec == NULL)
659 {
660 CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_FUNCTION_NOT_BINDED);
661 return 0;
662 }
663
664 return p_cl_rsa_priv_dec(flen, from, to, rsa, padding);
665
666 }
667
668/************************************************************************************
669* Symmetric algorithms
670************************************************************************************/
671/* this will be come soon! */
672
673/************************************************************************************
674* Random generator
675************************************************************************************/
676
677static int cluster_labs_rand_bytes(unsigned char *buf, int num){
678
679 if(cluster_labs_dso == NULL)
680 {
681 CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_NOT_LOADED);
682 return 0;
683 }
684 if(p_cl_mod_exp_crt == NULL)
685 {
686 CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_FUNCTION_NOT_BINDED);
687 return 0;
688 }
689
690 return p_cl_rand_bytes(buf, num);
691
692}
693
694
695/* This stuff is needed if this ENGINE is being compiled into a self-contained
696 * shared-library. */
697#ifdef ENGINE_DYNAMIC_SUPPORT
698static int bind_fn(ENGINE *e, const char *id)
699 {
700 fprintf(stderr, "bind_fn CLUSTER_LABS\n");
701 if(id && (strcmp(id, engine_cluster_labs_id) != 0)) {
702 fprintf(stderr, "bind_fn return(0) first\n");
703 return 0;
704 }
705 if(!bind_helper(e)) {
706 fprintf(stderr, "bind_fn return(1) first\n");
707 return 0;
708 }
709 fprintf(stderr, "bind_fn return(1)\n");
710 return 1;
711 }
712IMPLEMENT_DYNAMIC_CHECK_FN()
713IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
714#endif /* ENGINE_DYNAMIC_SUPPORT */
715
716#endif /* !NO_HW_CLUSTER_LABS */
717#endif /* !NO_HW */
718
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec
new file mode 100644
index 0000000000..1f64786542
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec
@@ -0,0 +1,8 @@
1# configuration file for util/mkerr.pl
2#
3# use like this:
4#
5# perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
6# -nostatic -staticloader -write *.c
7
8L CL hw_cluster_labs_err.h hw_cluster_labs_err.c
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c
new file mode 100644
index 0000000000..a7fa4083b1
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c
@@ -0,0 +1,151 @@
1/* hw_cluster_labs_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_cluster_labs_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA CL_str_functs[]=
68 {
69{ERR_PACK(0,CL_F_CLUSTER_LABS_CTRL,0), "CLUSTER_LABS_CTRL"},
70{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_SIGN,0), "CLUSTER_LABS_DSA_SIGN"},
71{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_VERIFY,0), "CLUSTER_LABS_DSA_VERIFY"},
72{ERR_PACK(0,CL_F_CLUSTER_LABS_FINISH,0), "CLUSTER_LABS_FINISH"},
73{ERR_PACK(0,CL_F_CLUSTER_LABS_INIT,0), "CLUSTER_LABS_INIT"},
74{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP,0), "CLUSTER_LABS_MOD_EXP"},
75{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP_CRT,0), "CLUSTER_LABS_MOD_EXP_CRT"},
76{ERR_PACK(0,CL_F_CLUSTER_LABS_RAND_BYTES,0), "CLUSTER_LABS_RAND_BYTES"},
77{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_MOD_EXP,0), "CLUSTER_LABS_RSA_MOD_EXP"},
78{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_DEC,0), "CLUSTER_LABS_RSA_PRIV_DEC"},
79{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_ENC,0), "CLUSTER_LABS_RSA_PRIV_ENC"},
80{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_DEC,0), "CLUSTER_LABS_RSA_PUB_DEC"},
81{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_ENC,0), "CLUSTER_LABS_RSA_PUB_ENC"},
82{0,NULL}
83 };
84
85static ERR_STRING_DATA CL_str_reasons[]=
86 {
87{CL_R_ALREADY_LOADED ,"already loaded"},
88{CL_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"},
89{CL_R_DSO_FAILURE ,"dso failure"},
90{CL_R_FUNCTION_NOT_BINDED ,"function not binded"},
91{CL_R_INIT_FAILED ,"init failed"},
92{CL_R_NOT_LOADED ,"not loaded"},
93{0,NULL}
94 };
95
96#endif
97
98#ifdef CL_LIB_NAME
99static ERR_STRING_DATA CL_lib_name[]=
100 {
101{0 ,CL_LIB_NAME},
102{0,NULL}
103 };
104#endif
105
106
107static int CL_lib_error_code=0;
108static int CL_error_init=1;
109
110static void ERR_load_CL_strings(void)
111 {
112 if (CL_lib_error_code == 0)
113 CL_lib_error_code=ERR_get_next_error_library();
114
115 if (CL_error_init)
116 {
117 CL_error_init=0;
118#ifndef OPENSSL_NO_ERR
119 ERR_load_strings(CL_lib_error_code,CL_str_functs);
120 ERR_load_strings(CL_lib_error_code,CL_str_reasons);
121#endif
122
123#ifdef CL_LIB_NAME
124 CL_lib_name->error = ERR_PACK(CL_lib_error_code,0,0);
125 ERR_load_strings(0,CL_lib_name);
126#endif
127 }
128 }
129
130static void ERR_unload_CL_strings(void)
131 {
132 if (CL_error_init == 0)
133 {
134#ifndef OPENSSL_NO_ERR
135 ERR_unload_strings(CL_lib_error_code,CL_str_functs);
136 ERR_unload_strings(CL_lib_error_code,CL_str_reasons);
137#endif
138
139#ifdef CL_LIB_NAME
140 ERR_unload_strings(0,CL_lib_name);
141#endif
142 CL_error_init=1;
143 }
144 }
145
146static void ERR_CL_error(int function, int reason, char *file, int line)
147 {
148 if (CL_lib_error_code == 0)
149 CL_lib_error_code=ERR_get_next_error_library();
150 ERR_PUT_error(CL_lib_error_code,function,reason,file,line);
151 }
diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h
new file mode 100644
index 0000000000..afc175b133
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h
@@ -0,0 +1,95 @@
1/* ====================================================================
2 * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_CL_ERR_H
56#define HEADER_CL_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_CL_strings(void);
63static void ERR_unload_CL_strings(void);
64static void ERR_CL_error(int function, int reason, char *file, int line);
65#define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the CL functions. */
68
69/* Function codes. */
70#define CL_F_CLUSTER_LABS_CTRL 100
71#define CL_F_CLUSTER_LABS_DSA_SIGN 101
72#define CL_F_CLUSTER_LABS_DSA_VERIFY 102
73#define CL_F_CLUSTER_LABS_FINISH 103
74#define CL_F_CLUSTER_LABS_INIT 104
75#define CL_F_CLUSTER_LABS_MOD_EXP 105
76#define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106
77#define CL_F_CLUSTER_LABS_RAND_BYTES 107
78#define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108
79#define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109
80#define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110
81#define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111
82#define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112
83
84/* Reason codes. */
85#define CL_R_ALREADY_LOADED 100
86#define CL_R_COMMAND_NOT_IMPLEMENTED 101
87#define CL_R_DSO_FAILURE 102
88#define CL_R_FUNCTION_NOT_BINDED 103
89#define CL_R_INIT_FAILED 104
90#define CL_R_NOT_LOADED 105
91
92#ifdef __cplusplus
93}
94#endif
95#endif
diff --git a/src/lib/libssl/src/demos/engines/ibmca/Makefile b/src/lib/libssl/src/demos/engines/ibmca/Makefile
new file mode 100644
index 0000000000..72f3546359
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/Makefile
@@ -0,0 +1,114 @@
1LIBNAME= libibmca
2SRC= hw_ibmca.c
3OBJ= hw_ibmca.o
4HEADER= hw_ibmca.h
5
6CC= gcc
7PIC= -fPIC
8CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
9AR= ar r
10RANLIB= ranlib
11
12LIB= $(LIBNAME).a
13SHLIB= $(LIBNAME).so
14
15all:
16 @echo 'Please choose a system to build on:'
17 @echo ''
18 @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
19 @echo 'solaris: Solaris'
20 @echo 'irix: IRIX'
21 @echo 'hpux32: 32-bit HP/UX'
22 @echo 'hpux64: 64-bit HP/UX'
23 @echo 'aix: AIX'
24 @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
25 @echo ''
26
27FORCE.update:
28update: FORCE.update
29 perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
30 -nostatic -staticloader -write hw_ibmca.c
31
32gnu: $(SHLIB).gnu
33tru64: $(SHLIB).tru64
34solaris: $(SHLIB).solaris
35irix: $(SHLIB).irix
36hpux32: $(SHLIB).hpux32
37hpux64: $(SHLIB).hpux64
38aix: $(SHLIB).aix
39
40$(LIB): $(OBJ)
41 $(AR) $(LIB) $(OBJ)
42 - $(RANLIB) $(LIB)
43
44LINK_SO= \
45 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
46 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
47 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
48
49$(SHLIB).gnu: $(LIB)
50 ALLSYMSFLAGS='--whole-archive' \
51 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
52 SHAREDCMD='$(CC)'; \
53 $(LINK_SO)
54 touch $(SHLIB).gnu
55$(SHLIB).tru64: $(LIB)
56 ALLSYMSFLAGS='-all' \
57 SHAREDFLAGS='-shared' \
58 SHAREDCMD='$(CC)'; \
59 $(LINK_SO)
60 touch $(SHLIB).tru64
61$(SHLIB).solaris: $(LIB)
62 ALLSYMSFLAGS='-z allextract' \
63 SHAREDFLAGS='-G -h $(SHLIB)' \
64 SHAREDCMD='$(CC)'; \
65 $(LINK_SO)
66 touch $(SHLIB).solaris
67$(SHLIB).irix: $(LIB)
68 ALLSYMSFLAGS='-all' \
69 SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
70 SHAREDCMD='$(CC)'; \
71 $(LINK_SO)
72 touch $(SHLIB).irix
73$(SHLIB).hpux32: $(LIB)
74 ALLSYMSFLAGS='-Fl' \
75 SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
76 SHAREDCMD='/usr/ccs/bin/ld'; \
77 $(LINK_SO)
78 touch $(SHLIB).hpux32
79$(SHLIB).hpux64: $(LIB)
80 ALLSYMSFLAGS='+forceload' \
81 SHAREDFLAGS='-b -z +h $(SHLIB)' \
82 SHAREDCMD='/usr/ccs/bin/ld'; \
83 $(LINK_SO)
84 touch $(SHLIB).hpux64
85$(SHLIB).aix: $(LIB)
86 ALLSYMSFLAGS='-bnogc' \
87 SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
88 SHAREDCMD='$(CC)'; \
89 $(LINK_SO)
90 touch $(SHLIB).aix
91
92depend:
93 sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
94 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
95 gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
96 perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
97 rm -f Makefile.tmp Makefile
98 mv Makefile.new Makefile
99
100# DO NOT DELETE THIS LINE -- make depend depends on it.
101
102rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
103rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
104rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
105rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
106rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
107rsaref.o: ../../../include/openssl/opensslconf.h
108rsaref.o: ../../../include/openssl/opensslv.h
109rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
110rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
111rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
112rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
113rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
114rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c
new file mode 100644
index 0000000000..881b16a7cb
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c
@@ -0,0 +1,917 @@
1/* crypto/engine/hw_ibmca.c */
2/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59/* (C) COPYRIGHT International Business Machines Corp. 2001 */
60
61#include <stdio.h>
62#include <openssl/crypto.h>
63#include <openssl/dso.h>
64#include <openssl/engine.h>
65
66#ifndef OPENSSL_NO_HW
67#ifndef OPENSSL_NO_HW_IBMCA
68
69#ifdef FLAT_INC
70#include "ica_openssl_api.h"
71#else
72#include "vendor_defns/ica_openssl_api.h"
73#endif
74
75#define IBMCA_LIB_NAME "ibmca engine"
76#include "hw_ibmca_err.c"
77
78static int ibmca_destroy(ENGINE *e);
79static int ibmca_init(ENGINE *e);
80static int ibmca_finish(ENGINE *e);
81static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
82
83static const char *IBMCA_F1 = "icaOpenAdapter";
84static const char *IBMCA_F2 = "icaCloseAdapter";
85static const char *IBMCA_F3 = "icaRsaModExpo";
86static const char *IBMCA_F4 = "icaRandomNumberGenerate";
87static const char *IBMCA_F5 = "icaRsaCrt";
88
89ICA_ADAPTER_HANDLE handle=0;
90
91/* BIGNUM stuff */
92static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
93 const BIGNUM *m, BN_CTX *ctx);
94
95static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
96 const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
97 const BIGNUM *iqmp, BN_CTX *ctx);
98
99#ifndef OPENSSL_NO_RSA
100/* RSA stuff */
101static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
102#endif
103
104/* This function is aliased to mod_exp (with the mont stuff dropped). */
105static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
106 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
107
108#ifndef OPENSSL_NO_DSA
109/* DSA stuff */
110static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
111 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
112 BN_CTX *ctx, BN_MONT_CTX *in_mont);
113static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
114 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
115 BN_MONT_CTX *m_ctx);
116#endif
117
118#ifndef OPENSSL_NO_DH
119/* DH stuff */
120/* This function is alised to mod_exp (with the DH and mont dropped). */
121static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r,
122 const BIGNUM *a, const BIGNUM *p,
123 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
124#endif
125
126/* RAND stuff */
127static int ibmca_rand_bytes(unsigned char *buf, int num);
128static int ibmca_rand_status(void);
129
130
131/* WJH - check for more commands, like in nuron */
132
133/* The definitions for control commands specific to this engine */
134#define IBMCA_CMD_SO_PATH ENGINE_CMD_BASE
135static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {
136 {IBMCA_CMD_SO_PATH,
137 "SO_PATH",
138 "Specifies the path to the 'atasi' shared library",
139 ENGINE_CMD_FLAG_STRING},
140 {0, NULL, NULL, 0}
141 };
142
143#ifndef OPENSSL_NO_RSA
144/* Our internal RSA_METHOD that we provide pointers to */
145static RSA_METHOD ibmca_rsa =
146 {
147 "Ibmca RSA method",
148 NULL,
149 NULL,
150 NULL,
151 NULL,
152 ibmca_rsa_mod_exp,
153 ibmca_mod_exp_mont,
154 NULL,
155 NULL,
156 0,
157 NULL,
158 NULL,
159 NULL
160 };
161#endif
162
163#ifndef OPENSSL_NO_DSA
164/* Our internal DSA_METHOD that we provide pointers to */
165static DSA_METHOD ibmca_dsa =
166 {
167 "Ibmca DSA method",
168 NULL, /* dsa_do_sign */
169 NULL, /* dsa_sign_setup */
170 NULL, /* dsa_do_verify */
171 ibmca_dsa_mod_exp, /* dsa_mod_exp */
172 ibmca_mod_exp_dsa, /* bn_mod_exp */
173 NULL, /* init */
174 NULL, /* finish */
175 0, /* flags */
176 NULL /* app_data */
177 };
178#endif
179
180#ifndef OPENSSL_NO_DH
181/* Our internal DH_METHOD that we provide pointers to */
182static DH_METHOD ibmca_dh =
183 {
184 "Ibmca DH method",
185 NULL,
186 NULL,
187 ibmca_mod_exp_dh,
188 NULL,
189 NULL,
190 0,
191 NULL
192 };
193#endif
194
195static RAND_METHOD ibmca_rand =
196 {
197 /* "IBMCA RAND method", */
198 NULL,
199 ibmca_rand_bytes,
200 NULL,
201 NULL,
202 ibmca_rand_bytes,
203 ibmca_rand_status,
204 };
205
206/* Constants used when creating the ENGINE */
207static const char *engine_ibmca_id = "ibmca";
208static const char *engine_ibmca_name = "Ibmca hardware engine support";
209
210/* This internal function is used by ENGINE_ibmca() and possibly by the
211 * "dynamic" ENGINE support too */
212static int bind_helper(ENGINE *e)
213 {
214#ifndef OPENSSL_NO_RSA
215 const RSA_METHOD *meth1;
216#endif
217#ifndef OPENSSL_NO_DSA
218 const DSA_METHOD *meth2;
219#endif
220#ifndef OPENSSL_NO_DH
221 const DH_METHOD *meth3;
222#endif
223 if(!ENGINE_set_id(e, engine_ibmca_id) ||
224 !ENGINE_set_name(e, engine_ibmca_name) ||
225#ifndef OPENSSL_NO_RSA
226 !ENGINE_set_RSA(e, &ibmca_rsa) ||
227#endif
228#ifndef OPENSSL_NO_DSA
229 !ENGINE_set_DSA(e, &ibmca_dsa) ||
230#endif
231#ifndef OPENSSL_NO_DH
232 !ENGINE_set_DH(e, &ibmca_dh) ||
233#endif
234 !ENGINE_set_RAND(e, &ibmca_rand) ||
235 !ENGINE_set_destroy_function(e, ibmca_destroy) ||
236 !ENGINE_set_init_function(e, ibmca_init) ||
237 !ENGINE_set_finish_function(e, ibmca_finish) ||
238 !ENGINE_set_ctrl_function(e, ibmca_ctrl) ||
239 !ENGINE_set_cmd_defns(e, ibmca_cmd_defns))
240 return 0;
241
242#ifndef OPENSSL_NO_RSA
243 /* We know that the "PKCS1_SSLeay()" functions hook properly
244 * to the ibmca-specific mod_exp and mod_exp_crt so we use
245 * those functions. NB: We don't use ENGINE_openssl() or
246 * anything "more generic" because something like the RSAref
247 * code may not hook properly, and if you own one of these
248 * cards then you have the right to do RSA operations on it
249 * anyway! */
250 meth1 = RSA_PKCS1_SSLeay();
251 ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
252 ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
253 ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
254 ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
255#endif
256
257#ifndef OPENSSL_NO_DSA
258 /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
259 * bits. */
260 meth2 = DSA_OpenSSL();
261 ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;
262 ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
263 ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;
264#endif
265
266#ifndef OPENSSL_NO_DH
267 /* Much the same for Diffie-Hellman */
268 meth3 = DH_OpenSSL();
269 ibmca_dh.generate_key = meth3->generate_key;
270 ibmca_dh.compute_key = meth3->compute_key;
271#endif
272
273 /* Ensure the ibmca error handling is set up */
274 ERR_load_IBMCA_strings();
275 return 1;
276 }
277
278static ENGINE *engine_ibmca(void)
279 {
280 ENGINE *ret = ENGINE_new();
281 if(!ret)
282 return NULL;
283 if(!bind_helper(ret))
284 {
285 ENGINE_free(ret);
286 return NULL;
287 }
288 return ret;
289 }
290
291void ENGINE_load_ibmca(void)
292 {
293 /* Copied from eng_[openssl|dyn].c */
294 ENGINE *toadd = engine_ibmca();
295 if(!toadd) return;
296 ENGINE_add(toadd);
297 ENGINE_free(toadd);
298 ERR_clear_error();
299 }
300
301/* Destructor (complements the "ENGINE_ibmca()" constructor) */
302static int ibmca_destroy(ENGINE *e)
303 {
304 /* Unload the ibmca error strings so any error state including our
305 * functs or reasons won't lead to a segfault (they simply get displayed
306 * without corresponding string data because none will be found). */
307 ERR_unload_IBMCA_strings();
308 return 1;
309 }
310
311
312/* This is a process-global DSO handle used for loading and unloading
313 * the Ibmca library. NB: This is only set (or unset) during an
314 * init() or finish() call (reference counts permitting) and they're
315 * operating with global locks, so this should be thread-safe
316 * implicitly. */
317
318static DSO *ibmca_dso = NULL;
319
320/* These are the function pointers that are (un)set when the library has
321 * successfully (un)loaded. */
322
323static unsigned int (ICA_CALL *p_icaOpenAdapter)();
324static unsigned int (ICA_CALL *p_icaCloseAdapter)();
325static unsigned int (ICA_CALL *p_icaRsaModExpo)();
326static unsigned int (ICA_CALL *p_icaRandomNumberGenerate)();
327static unsigned int (ICA_CALL *p_icaRsaCrt)();
328
329/* utility function to obtain a context */
330static int get_context(ICA_ADAPTER_HANDLE *p_handle)
331 {
332 unsigned int status=0;
333
334 status = p_icaOpenAdapter(0, p_handle);
335 if(status != 0)
336 return 0;
337 return 1;
338 }
339
340/* similarly to release one. */
341static void release_context(ICA_ADAPTER_HANDLE handle)
342 {
343 p_icaCloseAdapter(handle);
344 }
345
346/* (de)initialisation functions. */
347static int ibmca_init(ENGINE *e)
348 {
349
350 void (*p1)();
351 void (*p2)();
352 void (*p3)();
353 void (*p4)();
354 void (*p5)();
355
356 if(ibmca_dso != NULL)
357 {
358 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_ALREADY_LOADED);
359 goto err;
360 }
361 /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
362 * changed unfortunately because the Ibmca drivers don't have
363 * standard library names that can be platform-translated well. */
364 /* TODO: Work out how to actually map to the names the Ibmca
365 * drivers really use - for now a symbollic link needs to be
366 * created on the host system from libatasi.so to atasi.so on
367 * unix variants. */
368
369 /* WJH XXX check name translation */
370
371 ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,
372 /* DSO_FLAG_NAME_TRANSLATION */ 0);
373 if(ibmca_dso == NULL)
374 {
375 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);
376 goto err;
377 }
378
379 if(!(p1 = DSO_bind_func(
380 ibmca_dso, IBMCA_F1)) ||
381 !(p2 = DSO_bind_func(
382 ibmca_dso, IBMCA_F2)) ||
383 !(p3 = DSO_bind_func(
384 ibmca_dso, IBMCA_F3)) ||
385 !(p4 = DSO_bind_func(
386 ibmca_dso, IBMCA_F4)) ||
387 !(p5 = DSO_bind_func(
388 ibmca_dso, IBMCA_F5)))
389 {
390 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);
391 goto err;
392 }
393
394 /* Copy the pointers */
395
396 p_icaOpenAdapter = (unsigned int (ICA_CALL *)())p1;
397 p_icaCloseAdapter = (unsigned int (ICA_CALL *)())p2;
398 p_icaRsaModExpo = (unsigned int (ICA_CALL *)())p3;
399 p_icaRandomNumberGenerate = (unsigned int (ICA_CALL *)())p4;
400 p_icaRsaCrt = (unsigned int (ICA_CALL *)())p5;
401
402 if(!get_context(&handle))
403 {
404 IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_UNIT_FAILURE);
405 goto err;
406 }
407
408 return 1;
409 err:
410 if(ibmca_dso)
411 DSO_free(ibmca_dso);
412
413 p_icaOpenAdapter = NULL;
414 p_icaCloseAdapter = NULL;
415 p_icaRsaModExpo = NULL;
416 p_icaRandomNumberGenerate = NULL;
417
418 return 0;
419 }
420
421static int ibmca_finish(ENGINE *e)
422 {
423 if(ibmca_dso == NULL)
424 {
425 IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_NOT_LOADED);
426 return 0;
427 }
428 release_context(handle);
429 if(!DSO_free(ibmca_dso))
430 {
431 IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_DSO_FAILURE);
432 return 0;
433 }
434 ibmca_dso = NULL;
435
436 return 1;
437 }
438
439static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
440 {
441 int initialised = ((ibmca_dso == NULL) ? 0 : 1);
442 switch(cmd)
443 {
444 case IBMCA_CMD_SO_PATH:
445 if(p == NULL)
446 {
447 IBMCAerr(IBMCA_F_IBMCA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
448 return 0;
449 }
450 if(initialised)
451 {
452 IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_ALREADY_LOADED);
453 return 0;
454 }
455 IBMCA_LIBNAME = (const char *)p;
456 return 1;
457 default:
458 break;
459 }
460 IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
461 return 0;
462 }
463
464
465static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
466 const BIGNUM *m, BN_CTX *ctx)
467 {
468 /* I need somewhere to store temporary serialised values for
469 * use with the Ibmca API calls. A neat cheat - I'll use
470 * BIGNUMs from the BN_CTX but access their arrays directly as
471 * byte arrays <grin>. This way I don't have to clean anything
472 * up. */
473
474 BIGNUM *argument=NULL;
475 BIGNUM *result=NULL;
476 BIGNUM *key=NULL;
477 int to_return;
478 int inLen, outLen, tmpLen;
479
480
481 ICA_KEY_RSA_MODEXPO *publKey=NULL;
482 unsigned int rc;
483
484 to_return = 0; /* expect failure */
485
486 if(!ibmca_dso)
487 {
488 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_NOT_LOADED);
489 goto err;
490 }
491 /* Prepare the params */
492 BN_CTX_start(ctx);
493 argument = BN_CTX_get(ctx);
494 result = BN_CTX_get(ctx);
495 key = BN_CTX_get(ctx);
496
497 if( !argument || !result || !key)
498 {
499 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_CTX_FULL);
500 goto err;
501 }
502
503
504 if(!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||
505 !bn_wexpand(key, sizeof(*publKey)/BN_BYTES))
506
507 {
508 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_EXPAND_FAIL);
509 goto err;
510 }
511
512 publKey = (ICA_KEY_RSA_MODEXPO *)key->d;
513
514 if (publKey == NULL)
515 {
516 goto err;
517 }
518 memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));
519
520 publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
521 publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
522 publKey->expOffset = (char *) publKey->keyRecord - (char *) publKey;
523
524 /* A quirk of the card: the exponent length has to be the same
525 as the modulus (key) length */
526
527 outLen = BN_num_bytes(m);
528
529/* check for modulus length SAB*/
530 if (outLen > 256 ) {
531 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_MEXP_LENGTH_TO_LARGE);
532 goto err;
533 }
534/* check for modulus length SAB*/
535
536
537 publKey->expLength = publKey->nLength = outLen;
538/* SAB Check for underflow condition
539 the size of the exponent is less than the size of the parameter
540 then we have a big problem and will underflow the keyRecord
541 buffer. Bad stuff could happen then
542*/
543if (outLen < BN_num_bytes(p)){
544 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_UNDERFLOW_KEYRECORD);
545 goto err;
546}
547/* SAB End check for underflow */
548
549
550 BN_bn2bin(p, &publKey->keyRecord[publKey->expLength -
551 BN_num_bytes(p)]);
552 BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);
553
554
555
556 publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);
557 publKey->nOffset = CORRECT_ENDIANNESS(publKey->expOffset +
558 publKey->expLength);
559
560 publKey->expOffset = CORRECT_ENDIANNESS((char *) publKey->keyRecord -
561 (char *) publKey);
562
563 tmpLen = outLen;
564 publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);
565
566 /* Prepare the argument */
567
568 memset(argument->d, 0, outLen);
569 BN_bn2bin(a, (unsigned char *)argument->d + outLen -
570 BN_num_bytes(a));
571
572 inLen = outLen;
573
574 /* Perform the operation */
575
576 if( (rc = p_icaRsaModExpo(handle, inLen,(unsigned char *)argument->d,
577 publKey, &outLen, (unsigned char *)result->d))
578 !=0 )
579
580 {
581 printf("rc = %d\n", rc);
582 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_REQUEST_FAILED);
583 goto err;
584 }
585
586
587 /* Convert the response */
588 BN_bin2bn((unsigned char *)result->d, outLen, r);
589 to_return = 1;
590 err:
591 BN_CTX_end(ctx);
592 return to_return;
593 }
594
595#ifndef OPENSSL_NO_RSA
596static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
597 {
598 BN_CTX *ctx;
599 int to_return = 0;
600
601 if((ctx = BN_CTX_new()) == NULL)
602 goto err;
603 if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
604 {
605 if(!rsa->d || !rsa->n)
606 {
607 IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,
608 IBMCA_R_MISSING_KEY_COMPONENTS);
609 goto err;
610 }
611 to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);
612 }
613 else
614 {
615 to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
616 rsa->dmq1, rsa->iqmp, ctx);
617 }
618 err:
619 if(ctx)
620 BN_CTX_free(ctx);
621 return to_return;
622 }
623#endif
624
625/* Ein kleines chinesisches "Restessen" */
626static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
627 const BIGNUM *q, const BIGNUM *dmp1,
628 const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
629 {
630
631 BIGNUM *argument = NULL;
632 BIGNUM *result = NULL;
633 BIGNUM *key = NULL;
634
635 int to_return = 0; /* expect failure */
636
637 char *pkey=NULL;
638 ICA_KEY_RSA_CRT *privKey=NULL;
639 int inLen, outLen;
640
641 int rc;
642 unsigned int offset, pSize, qSize;
643/* SAB New variables */
644 unsigned int keyRecordSize;
645 unsigned int pbytes = BN_num_bytes(p);
646 unsigned int qbytes = BN_num_bytes(q);
647 unsigned int dmp1bytes = BN_num_bytes(dmp1);
648 unsigned int dmq1bytes = BN_num_bytes(dmq1);
649 unsigned int iqmpbytes = BN_num_bytes(iqmp);
650
651 /* Prepare the params */
652
653 BN_CTX_start(ctx);
654 argument = BN_CTX_get(ctx);
655 result = BN_CTX_get(ctx);
656 key = BN_CTX_get(ctx);
657
658 if(!argument || !result || !key)
659 {
660 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_CTX_FULL);
661 goto err;
662 }
663
664 if(!bn_wexpand(argument, p->top + q->top) ||
665 !bn_wexpand(result, p->top + q->top) ||
666 !bn_wexpand(key, sizeof(*privKey)/BN_BYTES ))
667 {
668 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_EXPAND_FAIL);
669 goto err;
670 }
671
672
673 privKey = (ICA_KEY_RSA_CRT *)key->d;
674/* SAB Add check for total size in bytes of the parms does not exceed
675 the buffer space we have
676 do this first
677*/
678 keyRecordSize = pbytes+qbytes+dmp1bytes+dmq1bytes+iqmpbytes;
679 if ( keyRecordSize > sizeof(privKey->keyRecord )) {
680 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
681 goto err;
682 }
683
684 if ( (qbytes + dmq1bytes) > 256 ){
685 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
686 goto err;
687 }
688
689 if ( pbytes + dmp1bytes > 256 ) {
690 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
691 goto err;
692 }
693
694/* end SAB additions */
695
696 memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));
697 privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
698 privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
699 privKey->modulusBitLength =
700 CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);
701
702 /*
703 * p,dp & qInv are 1 QWORD Larger
704 */
705 privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p)+8);
706 privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));
707 privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1)+8);
708 privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));
709 privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp)+8);
710
711 offset = (char *) privKey->keyRecord
712 - (char *) privKey;
713
714 qSize = BN_num_bytes(q);
715 pSize = qSize + 8; /* 1 QWORD larger */
716
717
718/* SAB probably aittle redundant, but we'll verify that each of the
719 components which make up a key record sent ot the card does not exceed
720 the space that is allocated for it. this handles the case where even if
721 the total length does not exceed keyrecord zied, if the operands are funny sized
722they could cause potential side affects on either the card or the result */
723
724 if ( (pbytes > pSize) || (dmp1bytes > pSize) ||
725 (iqmpbytes > pSize) || ( qbytes >qSize) ||
726 (dmq1bytes > qSize) ) {
727 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
728 goto err;
729
730 }
731
732
733 privKey->dpOffset = CORRECT_ENDIANNESS(offset);
734
735 offset += pSize;
736 privKey->dqOffset = CORRECT_ENDIANNESS(offset);
737
738 offset += qSize;
739 privKey->pOffset = CORRECT_ENDIANNESS(offset);
740
741 offset += pSize;
742 privKey->qOffset = CORRECT_ENDIANNESS(offset);
743
744 offset += qSize;
745 privKey->qInvOffset = CORRECT_ENDIANNESS(offset);
746
747 pkey = (char *) privKey->keyRecord;
748
749
750/* SAB first check that we don;t under flow the buffer */
751 if ( pSize < pbytes ) {
752 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
753 goto err;
754 }
755
756 /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */
757 pkey += pSize - BN_num_bytes(dmp1);
758 BN_bn2bin(dmp1, pkey);
759 pkey += BN_num_bytes(dmp1); /* move the pointer */
760
761 BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */
762
763 pkey += qSize; /* move pointer */
764 pkey += pSize - BN_num_bytes(p); /* set up for zero padding of next field */
765
766 BN_bn2bin(p, pkey);
767 pkey += BN_num_bytes(p); /* increment pointer by number of bytes moved */
768
769 BN_bn2bin(q, pkey);
770 pkey += qSize ; /* move the pointer */
771 pkey += pSize - BN_num_bytes(iqmp); /* Adjust for padding */
772 BN_bn2bin(iqmp, pkey);
773
774 /* Prepare the argument and response */
775
776 outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2; /* Correct endianess is used
777 because the fields were converted above */
778
779 if (outLen > 256) {
780 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OUTLEN_TO_LARGE);
781 goto err;
782 }
783
784 /* SAB check for underflow here on the argeument */
785 if ( outLen < BN_num_bytes(a)) {
786 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_UNDERFLOW_CONDITION);
787 goto err;
788 }
789
790 BN_bn2bin(a, (unsigned char *)argument->d + outLen -
791 BN_num_bytes(a));
792 inLen = outLen;
793
794 memset(result->d, 0, outLen);
795
796 /* Perform the operation */
797
798 if ( (rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,
799 privKey, &outLen, (unsigned char *)result->d)) != 0)
800 {
801 printf("rc = %d\n", rc);
802 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_REQUEST_FAILED);
803 goto err;
804 }
805
806 /* Convert the response */
807
808 BN_bin2bn((unsigned char *)result->d, outLen, r);
809 to_return = 1;
810
811 err:
812 BN_CTX_end(ctx);
813 return to_return;
814
815 }
816
817#ifndef OPENSSL_NO_DSA
818/* This code was liberated and adapted from the commented-out code in
819 * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration
820 * (it doesn't have a CRT form for RSA), this function means that an
821 * Ibmca system running with a DSA server certificate can handshake
822 * around 5 or 6 times faster/more than an equivalent system running with
823 * RSA. Just check out the "signs" statistics from the RSA and DSA parts
824 * of "openssl speed -engine ibmca dsa1024 rsa1024". */
825static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
826 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
827 BN_CTX *ctx, BN_MONT_CTX *in_mont)
828 {
829 BIGNUM t;
830 int to_return = 0;
831
832 BN_init(&t);
833 /* let rr = a1 ^ p1 mod m */
834 if (!ibmca_mod_exp(rr,a1,p1,m,ctx)) goto end;
835 /* let t = a2 ^ p2 mod m */
836 if (!ibmca_mod_exp(&t,a2,p2,m,ctx)) goto end;
837 /* let rr = rr * t mod m */
838 if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
839 to_return = 1;
840 end:
841 BN_free(&t);
842 return to_return;
843 }
844
845
846static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
847 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
848 BN_MONT_CTX *m_ctx)
849 {
850 return ibmca_mod_exp(r, a, p, m, ctx);
851 }
852#endif
853
854/* This function is aliased to mod_exp (with the mont stuff dropped). */
855static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
856 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
857 {
858 return ibmca_mod_exp(r, a, p, m, ctx);
859 }
860
861#ifndef OPENSSL_NO_DH
862/* This function is aliased to mod_exp (with the dh and mont dropped). */
863static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r,
864 const BIGNUM *a, const BIGNUM *p,
865 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
866 {
867 return ibmca_mod_exp(r, a, p, m, ctx);
868 }
869#endif
870
871/* Random bytes are good */
872static int ibmca_rand_bytes(unsigned char *buf, int num)
873 {
874 int to_return = 0; /* assume failure */
875 unsigned int ret;
876
877
878 if(handle == 0)
879 {
880 IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_NOT_INITIALISED);
881 goto err;
882 }
883
884 ret = p_icaRandomNumberGenerate(handle, num, buf);
885 if (ret < 0)
886 {
887 IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_REQUEST_FAILED);
888 goto err;
889 }
890 to_return = 1;
891 err:
892 return to_return;
893 }
894
895static int ibmca_rand_status(void)
896 {
897 return 1;
898 }
899
900/* This stuff is needed if this ENGINE is being compiled into a self-contained
901 * shared-library. */
902#ifdef ENGINE_DYNAMIC_SUPPORT
903static int bind_fn(ENGINE *e, const char *id)
904 {
905 if(id && (strcmp(id, engine_ibmca_id) != 0)) /* WJH XXX */
906 return 0;
907 if(!bind_helper(e))
908 return 0;
909 return 1;
910 }
911IMPLEMENT_DYNAMIC_CHECK_FN()
912IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
913#endif /* ENGINE_DYNAMIC_SUPPORT */
914
915
916#endif /* !OPENSSL_NO_HW_IBMCA */
917#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec
new file mode 100644
index 0000000000..f68646d237
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec
@@ -0,0 +1,8 @@
1# configuration file for util/mkerr.pl
2#
3# use like this:
4#
5# perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
6# -nostatic -staticloader -write *.c
7
8L IBMCA hw_ibmca_err.h hw_ibmca_err.c
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c
new file mode 100644
index 0000000000..c4053f6d30
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c
@@ -0,0 +1,154 @@
1/* hw_ibmca_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_ibmca_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA IBMCA_str_functs[]=
68 {
69{ERR_PACK(0,IBMCA_F_IBMCA_CTRL,0), "IBMCA_CTRL"},
70{ERR_PACK(0,IBMCA_F_IBMCA_FINISH,0), "IBMCA_FINISH"},
71{ERR_PACK(0,IBMCA_F_IBMCA_INIT,0), "IBMCA_INIT"},
72{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP,0), "IBMCA_MOD_EXP"},
73{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP_CRT,0), "IBMCA_MOD_EXP_CRT"},
74{ERR_PACK(0,IBMCA_F_IBMCA_RAND_BYTES,0), "IBMCA_RAND_BYTES"},
75{ERR_PACK(0,IBMCA_F_IBMCA_RSA_MOD_EXP,0), "IBMCA_RSA_MOD_EXP"},
76{0,NULL}
77 };
78
79static ERR_STRING_DATA IBMCA_str_reasons[]=
80 {
81{IBMCA_R_ALREADY_LOADED ,"already loaded"},
82{IBMCA_R_BN_CTX_FULL ,"bn ctx full"},
83{IBMCA_R_BN_EXPAND_FAIL ,"bn expand fail"},
84{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
85{IBMCA_R_DSO_FAILURE ,"dso failure"},
86{IBMCA_R_MEXP_LENGTH_TO_LARGE ,"mexp length to large"},
87{IBMCA_R_MISSING_KEY_COMPONENTS ,"missing key components"},
88{IBMCA_R_NOT_INITIALISED ,"not initialised"},
89{IBMCA_R_NOT_LOADED ,"not loaded"},
90{IBMCA_R_OPERANDS_TO_LARGE ,"operands to large"},
91{IBMCA_R_OUTLEN_TO_LARGE ,"outlen to large"},
92{IBMCA_R_REQUEST_FAILED ,"request failed"},
93{IBMCA_R_UNDERFLOW_CONDITION ,"underflow condition"},
94{IBMCA_R_UNDERFLOW_KEYRECORD ,"underflow keyrecord"},
95{IBMCA_R_UNIT_FAILURE ,"unit failure"},
96{0,NULL}
97 };
98
99#endif
100
101#ifdef IBMCA_LIB_NAME
102static ERR_STRING_DATA IBMCA_lib_name[]=
103 {
104{0 ,IBMCA_LIB_NAME},
105{0,NULL}
106 };
107#endif
108
109
110static int IBMCA_lib_error_code=0;
111static int IBMCA_error_init=1;
112
113static void ERR_load_IBMCA_strings(void)
114 {
115 if (IBMCA_lib_error_code == 0)
116 IBMCA_lib_error_code=ERR_get_next_error_library();
117
118 if (IBMCA_error_init)
119 {
120 IBMCA_error_init=0;
121#ifndef OPENSSL_NO_ERR
122 ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_functs);
123 ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
124#endif
125
126#ifdef IBMCA_LIB_NAME
127 IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code,0,0);
128 ERR_load_strings(0,IBMCA_lib_name);
129#endif
130 }
131 }
132
133static void ERR_unload_IBMCA_strings(void)
134 {
135 if (IBMCA_error_init == 0)
136 {
137#ifndef OPENSSL_NO_ERR
138 ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_functs);
139 ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
140#endif
141
142#ifdef IBMCA_LIB_NAME
143 ERR_unload_strings(0,IBMCA_lib_name);
144#endif
145 IBMCA_error_init=1;
146 }
147 }
148
149static void ERR_IBMCA_error(int function, int reason, char *file, int line)
150 {
151 if (IBMCA_lib_error_code == 0)
152 IBMCA_lib_error_code=ERR_get_next_error_library();
153 ERR_PUT_error(IBMCA_lib_error_code,function,reason,file,line);
154 }
diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h
new file mode 100644
index 0000000000..da64bde5f2
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h
@@ -0,0 +1,98 @@
1/* ====================================================================
2 * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_IBMCA_ERR_H
56#define HEADER_IBMCA_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_IBMCA_strings(void);
63static void ERR_unload_IBMCA_strings(void);
64static void ERR_IBMCA_error(int function, int reason, char *file, int line);
65#define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the IBMCA functions. */
68
69/* Function codes. */
70#define IBMCA_F_IBMCA_CTRL 100
71#define IBMCA_F_IBMCA_FINISH 101
72#define IBMCA_F_IBMCA_INIT 102
73#define IBMCA_F_IBMCA_MOD_EXP 103
74#define IBMCA_F_IBMCA_MOD_EXP_CRT 104
75#define IBMCA_F_IBMCA_RAND_BYTES 105
76#define IBMCA_F_IBMCA_RSA_MOD_EXP 106
77
78/* Reason codes. */
79#define IBMCA_R_ALREADY_LOADED 100
80#define IBMCA_R_BN_CTX_FULL 101
81#define IBMCA_R_BN_EXPAND_FAIL 102
82#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
83#define IBMCA_R_DSO_FAILURE 104
84#define IBMCA_R_MEXP_LENGTH_TO_LARGE 105
85#define IBMCA_R_MISSING_KEY_COMPONENTS 106
86#define IBMCA_R_NOT_INITIALISED 107
87#define IBMCA_R_NOT_LOADED 108
88#define IBMCA_R_OPERANDS_TO_LARGE 109
89#define IBMCA_R_OUTLEN_TO_LARGE 110
90#define IBMCA_R_REQUEST_FAILED 111
91#define IBMCA_R_UNDERFLOW_CONDITION 112
92#define IBMCA_R_UNDERFLOW_KEYRECORD 113
93#define IBMCA_R_UNIT_FAILURE 114
94
95#ifdef __cplusplus
96}
97#endif
98#endif
diff --git a/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h b/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h
new file mode 100644
index 0000000000..c77e0fd5c0
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h
@@ -0,0 +1,189 @@
1
2#ifndef __ICA_OPENSSL_API_H__
3#define __ICA_OPENSSL_API_H__
4
5/**
6 ** abstract data types for API
7 **/
8
9#define ICA_ADAPTER_HANDLE int
10
11#if defined(linux) || defined (_AIX)
12#define ICA_CALL
13#endif
14
15#if defined(WIN32) || defined(_WIN32)
16#define ICA_CALL __stdcall
17#endif
18
19/*------------------------------------------------*
20 | RSA defines and typedefs |
21 *------------------------------------------------*/
22 /*
23 * All data elements of the RSA key are in big-endian format
24 * Modulus-Exponent form of key
25 *
26 */
27 #define MAX_EXP_SIZE 256
28 #define MAX_MODULUS_SIZE 256
29 #define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
30
31 #define MAX_OPERAND_SIZE MAX_EXP_SIZE
32
33 typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
34 /*
35 * All data elements of the RSA key are in big-endian format
36 * Chinese Remainder Thereom(CRT) form of key
37 * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
38 *
39 */
40 #define MAX_BP_SIZE 136
41 #define MAX_BQ_SIZE 128
42 #define MAX_NP_SIZE 136
43 #define MAX_NQ_SIZE 128
44 #define MAX_QINV_SIZE 136
45 #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
46
47#define RSA_GEN_OPERAND_MAX 256 /* bytes */
48
49typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
50/*------------------------------------------------*
51 | RSA key token types |
52 *------------------------------------------------*/
53
54#define RSA_PUBLIC_MODULUS_EXPONENT 3
55#define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
56
57#define KEYTYPE_MODEXPO 1
58#define KEYTYPE_PKCSCRT 2
59
60
61/*------------------------------------------------*
62 | RSA Key Token format |
63 *------------------------------------------------*/
64
65/*
66 * NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
67 * (lengths, offsets, exponents, modulus, etc.) are
68 * stored in big-endian format
69 */
70
71typedef struct _ICA_KEY_RSA_MODEXPO
72{ unsigned int keyType; /* RSA key type. */
73 unsigned int keyLength; /* Total length of the token. */
74 unsigned int modulusBitLength; /* Modulus n bit length. */
75 /* -- Start of the data length.*/
76 unsigned int nLength; /* Modulus n = p * q */
77 unsigned int expLength; /* exponent (public or private)*/
78 /* e = 1/d * mod(p-1)(q-1) */
79 /* -- Start of the data offsets*/
80 unsigned int nOffset; /* Modulus n . */
81 unsigned int expOffset; /* exponent (public or private)*/
82 unsigned char reserved[112]; /* reserved area */
83 /* -- Start of the variable -- */
84 /* -- length token data. -- */
85 ICA_KEY_RSA_MODEXPO_REC keyRecord;
86} ICA_KEY_RSA_MODEXPO;
87#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
88
89/*
90 * NOTE: All the fields in the ICA_KEY_RSA_CRT structure
91 * (lengths, offsets, exponents, modulus, etc.) are
92 * stored in big-endian format
93 */
94
95typedef struct _ICA_KEY_RSA_CRT
96{ unsigned int keyType; /* RSA key type. */
97 unsigned int keyLength; /* Total length of the token. */
98 unsigned int modulusBitLength; /* Modulus n bit length. */
99 /* -- Start of the data length.*/
100#if _AIX
101 unsigned int nLength; /* Modulus n = p * q */
102#endif
103 unsigned int pLength; /* Prime number p . */
104 unsigned int qLength; /* Prime number q . */
105 unsigned int dpLength; /* dp = d * mod(p-1) . */
106 unsigned int dqLength; /* dq = d * mod(q-1) . */
107 unsigned int qInvLength; /* PKCS: qInv = Ap/q */
108 /* -- Start of the data offsets*/
109#if _AIX
110 unsigned int nOffset; /* Modulus n . */
111#endif
112 unsigned int pOffset; /* Prime number p . */
113 unsigned int qOffset; /* Prime number q . */
114 unsigned int dpOffset; /* dp . */
115 unsigned int dqOffset; /* dq . */
116 unsigned int qInvOffset; /* qInv for PKCS */
117#if _AIX
118 unsigned char reserved[80]; /* reserved area */
119#else
120 unsigned char reserved[88]; /* reserved area */
121#endif
122 /* -- Start of the variable -- */
123 /* -- length token data. -- */
124 ICA_KEY_RSA_CRT_REC keyRecord;
125} ICA_KEY_RSA_CRT;
126#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
127
128unsigned int
129icaOpenAdapter( unsigned int adapterId,
130 ICA_ADAPTER_HANDLE *pAdapterHandle );
131
132unsigned int
133icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );
134
135unsigned int
136icaRsaModExpo( ICA_ADAPTER_HANDLE hAdapterHandle,
137 unsigned int inputDataLength,
138 unsigned char *pInputData,
139 ICA_KEY_RSA_MODEXPO *pKeyModExpo,
140 unsigned int *pOutputDataLength,
141 unsigned char *pOutputData );
142
143unsigned int
144icaRsaCrt( ICA_ADAPTER_HANDLE hAdapterHandle,
145 unsigned int inputDataLength,
146 unsigned char *pInputData,
147 ICA_KEY_RSA_CRT *pKeyCrt,
148 unsigned int *pOutputDataLength,
149 unsigned char *pOutputData );
150
151unsigned int
152icaRandomNumberGenerate( ICA_ADAPTER_HANDLE hAdapterHandle,
153 unsigned int outputDataLength,
154 unsigned char *pOutputData );
155
156/* Specific macros and definitions to not have IFDEF;s all over the
157 main code */
158
159#if (_AIX)
160static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
161#elif (WIN32)
162static const char *IBMCA_LIBNAME = "cryptica";
163#else
164static const char *IBMCA_LIBNAME = "ica";
165#endif
166
167#if (WIN32)
168/*
169 The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
170 offsets must be in big-endian format.
171
172*/
173#define CORRECT_ENDIANNESS(b) ( \
174 (((unsigned long) (b) & 0x000000ff) << 24) | \
175 (((unsigned long) (b) & 0x0000ff00) << 8) | \
176 (((unsigned long) (b) & 0x00ff0000) >> 8) | \
177 (((unsigned long) (b) & 0xff000000) >> 24) \
178 )
179#define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
180#define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
181#else
182#define CORRECT_ENDIANNESS(b) (b)
183#define CRT_KEY_TYPE KEYTYPE_PKCSCRT
184#define ME_KEY_TYPE KEYTYPE_MODEXPO
185#endif
186
187
188
189#endif /* __ICA_OPENSSL_API_H__ */
diff --git a/src/lib/libssl/src/demos/engines/rsaref/Makefile b/src/lib/libssl/src/demos/engines/rsaref/Makefile
index 5fbcda3576..003e35df2e 100644
--- a/src/lib/libssl/src/demos/engines/rsaref/Makefile
+++ b/src/lib/libssl/src/demos/engines/rsaref/Makefile
@@ -48,7 +48,7 @@ $(LIB): $(OBJ)
48 48
49LINK_SO= \ 49LINK_SO= \
50 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \ 50 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \
51 (nm -Pg $(LIBNAME).o | grep ' [BD] ' | cut -f1 -d' ' > $(LIBNAME).exp; \ 51 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
52 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc) 52 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
53 53
54$(SHLIB).gnu: $(LIB) install/librsaref.a 54$(SHLIB).gnu: $(LIB) install/librsaref.a
diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
index e23f64c01e..f092acbf3f 100644
--- a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
+++ b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c
@@ -116,7 +116,7 @@ static const EVP_CIPHER cipher_des_cbc =
116 { 116 {
117 NID_des_cbc, 117 NID_des_cbc,
118 8, 8, 8, 118 8, 8, 8,
119 0, 119 0 | EVP_CIPH_CBC_MODE,
120 cipher_des_cbc_init, 120 cipher_des_cbc_init,
121 cipher_des_cbc_code, 121 cipher_des_cbc_code,
122 cipher_des_cbc_clean, 122 cipher_des_cbc_clean,
@@ -131,7 +131,7 @@ static const EVP_CIPHER cipher_des_ede3_cbc =
131 { 131 {
132 NID_des_ede3_cbc, 132 NID_des_ede3_cbc,
133 8, 24, 8, 133 8, 24, 8,
134 0, 134 0 | EVP_CIPH_CBC_MODE,
135 cipher_des_ede3_cbc_init, 135 cipher_des_ede3_cbc_init,
136 cipher_des_ede3_cbc_code, 136 cipher_des_ede3_cbc_code,
137 cipher_des_ede3_cbc_clean, 137 cipher_des_ede3_cbc_clean,
@@ -146,7 +146,7 @@ static const EVP_CIPHER cipher_desx_cbc =
146 { 146 {
147 NID_desx_cbc, 147 NID_desx_cbc,
148 8, 24, 8, 148 8, 24, 8,
149 0, 149 0 | EVP_CIPH_CBC_MODE,
150 cipher_desx_cbc_init, 150 cipher_desx_cbc_init,
151 cipher_desx_cbc_code, 151 cipher_desx_cbc_code,
152 cipher_desx_cbc_clean, 152 cipher_desx_cbc_clean,
diff --git a/src/lib/libssl/src/demos/engines/zencod/Makefile b/src/lib/libssl/src/demos/engines/zencod/Makefile
new file mode 100644
index 0000000000..5b6a339ab2
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/Makefile
@@ -0,0 +1,114 @@
1LIBNAME= libzencod
2SRC= hw_zencod.c
3OBJ= hw_zencod.o
4HEADER= hw_zencod.h
5
6CC= gcc
7PIC= -fPIC
8CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
9AR= ar r
10RANLIB= ranlib
11
12LIB= $(LIBNAME).a
13SHLIB= $(LIBNAME).so
14
15all:
16 @echo 'Please choose a system to build on:'
17 @echo ''
18 @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
19 @echo 'solaris: Solaris'
20 @echo 'irix: IRIX'
21 @echo 'hpux32: 32-bit HP/UX'
22 @echo 'hpux64: 64-bit HP/UX'
23 @echo 'aix: AIX'
24 @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
25 @echo ''
26
27FORCE.update:
28update: FORCE.update
29 perl ../../../util/mkerr.pl -conf hw_zencod.ec \
30 -nostatic -staticloader -write hw_zencod.c
31
32gnu: $(SHLIB).gnu
33tru64: $(SHLIB).tru64
34solaris: $(SHLIB).solaris
35irix: $(SHLIB).irix
36hpux32: $(SHLIB).hpux32
37hpux64: $(SHLIB).hpux64
38aix: $(SHLIB).aix
39
40$(LIB): $(OBJ)
41 $(AR) $(LIB) $(OBJ)
42 - $(RANLIB) $(LIB)
43
44LINK_SO= \
45 ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
46 (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
47 $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
48
49$(SHLIB).gnu: $(LIB)
50 ALLSYMSFLAGS='--whole-archive' \
51 SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
52 SHAREDCMD='$(CC)'; \
53 $(LINK_SO)
54 touch $(SHLIB).gnu
55$(SHLIB).tru64: $(LIB)
56 ALLSYMSFLAGS='-all' \
57 SHAREDFLAGS='-shared' \
58 SHAREDCMD='$(CC)'; \
59 $(LINK_SO)
60 touch $(SHLIB).tru64
61$(SHLIB).solaris: $(LIB)
62 ALLSYMSFLAGS='-z allextract' \
63 SHAREDFLAGS='-G -h $(SHLIB)' \
64 SHAREDCMD='$(CC)'; \
65 $(LINK_SO)
66 touch $(SHLIB).solaris
67$(SHLIB).irix: $(LIB)
68 ALLSYMSFLAGS='-all' \
69 SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
70 SHAREDCMD='$(CC)'; \
71 $(LINK_SO)
72 touch $(SHLIB).irix
73$(SHLIB).hpux32: $(LIB)
74 ALLSYMSFLAGS='-Fl' \
75 SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
76 SHAREDCMD='/usr/ccs/bin/ld'; \
77 $(LINK_SO)
78 touch $(SHLIB).hpux32
79$(SHLIB).hpux64: $(LIB)
80 ALLSYMSFLAGS='+forceload' \
81 SHAREDFLAGS='-b -z +h $(SHLIB)' \
82 SHAREDCMD='/usr/ccs/bin/ld'; \
83 $(LINK_SO)
84 touch $(SHLIB).hpux64
85$(SHLIB).aix: $(LIB)
86 ALLSYMSFLAGS='-bnogc' \
87 SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
88 SHAREDCMD='$(CC)'; \
89 $(LINK_SO)
90 touch $(SHLIB).aix
91
92depend:
93 sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
94 echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
95 gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
96 perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
97 rm -f Makefile.tmp Makefile
98 mv Makefile.new Makefile
99
100# DO NOT DELETE THIS LINE -- make depend depends on it.
101
102rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
103rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
104rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
105rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
106rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
107rsaref.o: ../../../include/openssl/opensslconf.h
108rsaref.o: ../../../include/openssl/opensslv.h
109rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
110rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
111rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
112rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
113rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
114rsaref.o: source/rsaref.h
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c
new file mode 100644
index 0000000000..308e18710f
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c
@@ -0,0 +1,1736 @@
1/* crypto/engine/hw_zencod.c */
2 /* Written by Fred Donnat (frederic.donnat@zencod.com) for "zencod"
3 * engine integration in order to redirect crypto computing on a crypto
4 * hardware accelerator zenssl32 ;-)
5 *
6 * Date : 25 jun 2002
7 * Revision : 17 Ju7 2002
8 * Version : zencod_engine-0.9.7
9 */
10
11/* ====================================================================
12 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 *
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 *
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in
23 * the documentation and/or other materials provided with the
24 * distribution.
25 *
26 * 3. All advertising materials mentioning features or use of this
27 * software must display the following acknowledgment:
28 * "This product includes software developed by the OpenSSL Project
29 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
30 *
31 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
32 * endorse or promote products derived from this software without
33 * prior written permission. For written permission, please contact
34 * licensing@OpenSSL.org.
35 *
36 * 5. Products derived from this software may not be called "OpenSSL"
37 * nor may "OpenSSL" appear in their names without prior written
38 * permission of the OpenSSL Project.
39 *
40 * 6. Redistributions of any form whatsoever must retain the following
41 * acknowledgment:
42 * "This product includes software developed by the OpenSSL Project
43 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
46 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
48 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
49 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
50 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
51 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
52 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
54 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
55 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
56 * OF THE POSSIBILITY OF SUCH DAMAGE.
57 * ====================================================================
58 *
59 * This product includes cryptographic software written by Eric Young
60 * (eay@cryptsoft.com). This product includes software written by Tim
61 * Hudson (tjh@cryptsoft.com).
62 *
63 */
64
65
66/* ENGINE general include */
67#include <stdio.h>
68#include <openssl/crypto.h>
69#include <openssl/dso.h>
70#include <openssl/engine.h>
71
72#ifndef OPENSSL_NO_HW
73#ifndef OPENSSL_NO_HW_ZENCOD
74
75#ifdef FLAT_INC
76# include "hw_zencod.h"
77#else
78# include "vendor_defns/hw_zencod.h"
79#endif
80
81#define ZENCOD_LIB_NAME "zencod engine"
82#include "hw_zencod_err.c"
83
84#define FAIL_TO_SOFTWARE -15
85
86#define ZEN_LIBRARY "zenbridge"
87
88#if 0
89# define PERROR(s) perror(s)
90# define CHEESE() fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
91#else
92# define PERROR(s)
93# define CHEESE()
94#endif
95
96
97/* Sorry ;) */
98#ifndef WIN32
99static inline void esrever ( unsigned char *d, int l )
100{
101 for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
102}
103
104static inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
105{
106 for(d+=l;l--;)*--d=*s++;
107}
108#else
109static __inline void esrever ( unsigned char *d, int l )
110{
111 for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
112}
113
114static __inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
115{
116 for(d+=l;l--;)*--d=*s++;
117}
118#endif
119
120
121#define BIGNUM2ZEN(n, bn) (ptr_zencod_init_number((n), \
122 (unsigned long) ((bn)->top * BN_BITS2), \
123 (unsigned char *) ((bn)->d)))
124
125#define ZEN_BITS(n, bytes) (ptr_zencod_bytes2bits((unsigned char *) (n), (unsigned long) (bytes)))
126#define ZEN_BYTES(bits) (ptr_zencod_bits2bytes((unsigned long) (bits)))
127
128
129/* Function for ENGINE detection and control */
130static int zencod_destroy ( ENGINE *e ) ;
131static int zencod_init ( ENGINE *e ) ;
132static int zencod_finish ( ENGINE *e ) ;
133static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () ) ;
134
135/* BIGNUM stuff */
136static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx ) ;
137
138/* RSA stuff */
139#ifndef OPENSSL_NO_RSA
140static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *I, RSA *rsa ) ;
141static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
142 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx ) ;
143#endif
144
145/* DSA stuff */
146#ifndef OPENSSL_NO_DSA
147static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
148 BN_MONT_CTX *m_ctx ) ;
149
150static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa ) ;
151static int DSA_zencod_do_verify ( const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
152 DSA *dsa ) ;
153#endif
154
155/* DH stuff */
156#ifndef OPENSSL_NO_DH
157static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
158 BN_MONT_CTX *m_ctx ) ;
159static int DH_zencod_generate_key ( DH *dh ) ;
160static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh ) ;
161#endif
162
163/* Rand stuff */
164static void RAND_zencod_seed ( const void *buf, int num ) ;
165static int RAND_zencod_rand_bytes ( unsigned char *buf, int num ) ;
166static int RAND_zencod_rand_status ( void ) ;
167
168/* Digest Stuff */
169static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid ) ;
170
171/* Cipher Stuff */
172static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid ) ;
173
174
175#define ZENCOD_CMD_SO_PATH ENGINE_CMD_BASE
176static const ENGINE_CMD_DEFN zencod_cmd_defns [ ] =
177{
178 { ZENCOD_CMD_SO_PATH,
179 "SO_PATH",
180 "Specifies the path to the 'zenbridge' shared library",
181 ENGINE_CMD_FLAG_STRING},
182 { 0, NULL, NULL, 0 }
183} ;
184
185
186#ifndef OPENSSL_NO_RSA
187/* Our internal RSA_METHOD specific to zencod ENGINE providing pointers to our function */
188static RSA_METHOD zencod_rsa =
189{
190 "ZENCOD RSA method",
191 NULL,
192 NULL,
193 NULL,
194 NULL,
195 RSA_zencod_rsa_mod_exp,
196 RSA_zencod_bn_mod_exp,
197 NULL,
198 NULL,
199 0,
200 NULL,
201 NULL,
202 NULL
203} ;
204#endif
205
206#ifndef OPENSSL_NO_DSA
207/* Our internal DSA_METHOD specific to zencod ENGINE providing pointers to our function */
208static DSA_METHOD zencod_dsa =
209{
210 "ZENCOD DSA method",
211 DSA_zencod_do_sign,
212 NULL,
213 DSA_zencod_do_verify,
214 NULL,
215 DSA_zencod_bn_mod_exp,
216 NULL,
217 NULL,
218 0,
219 NULL
220} ;
221#endif
222
223#ifndef OPENSSL_NO_DH
224/* Our internal DH_METHOD specific to zencod ENGINE providing pointers to our function */
225static DH_METHOD zencod_dh =
226{
227 "ZENCOD DH method",
228 DH_zencod_generate_key,
229 DH_zencod_compute_key,
230 DH_zencod_bn_mod_exp,
231 NULL,
232 NULL,
233 0,
234 NULL
235} ;
236#endif
237
238/* Our internal RAND_meth specific to zencod ZNGINE providing pointers to our function */
239static RAND_METHOD zencod_rand =
240{
241 RAND_zencod_seed,
242 RAND_zencod_rand_bytes,
243 NULL,
244 NULL,
245 RAND_zencod_rand_bytes,
246 RAND_zencod_rand_status
247} ;
248
249
250/* Constants used when creating the ENGINE */
251static const char *engine_zencod_id = "zencod";
252static const char *engine_zencod_name = "ZENCOD hardware engine support";
253
254
255/* This internal function is used by ENGINE_zencod () and possibly by the
256 * "dynamic" ENGINE support too ;-)
257 */
258static int bind_helper ( ENGINE *e )
259{
260
261#ifndef OPENSSL_NO_RSA
262 const RSA_METHOD *meth_rsa ;
263#endif
264#ifndef OPENSSL_NO_DSA
265 const DSA_METHOD *meth_dsa ;
266#endif
267#ifndef OPENSSL_NO_DH
268 const DH_METHOD *meth_dh ;
269#endif
270
271 const RAND_METHOD *meth_rand ;
272
273
274 if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
275 !ENGINE_set_name ( e, engine_zencod_name ) ||
276#ifndef OPENSSL_NO_RSA
277 !ENGINE_set_RSA ( e, &zencod_rsa ) ||
278#endif
279#ifndef OPENSSL_NO_DSA
280 !ENGINE_set_DSA ( e, &zencod_dsa ) ||
281#endif
282#ifndef OPENSSL_NO_DH
283 !ENGINE_set_DH ( e, &zencod_dh ) ||
284#endif
285 !ENGINE_set_RAND ( e, &zencod_rand ) ||
286
287 !ENGINE_set_destroy_function ( e, zencod_destroy ) ||
288 !ENGINE_set_init_function ( e, zencod_init ) ||
289 !ENGINE_set_finish_function ( e, zencod_finish ) ||
290 !ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
291 !ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
292 !ENGINE_set_digests ( e, engine_digests ) ||
293 !ENGINE_set_ciphers ( e, engine_ciphers ) ) {
294 return 0 ;
295 }
296
297#ifndef OPENSSL_NO_RSA
298 /* We know that the "PKCS1_SSLeay()" functions hook properly
299 * to the Zencod-specific mod_exp and mod_exp_crt so we use
300 * those functions. NB: We don't use ENGINE_openssl() or
301 * anything "more generic" because something like the RSAref
302 * code may not hook properly, and if you own one of these
303 * cards then you have the right to do RSA operations on it
304 * anyway!
305 */
306 meth_rsa = RSA_PKCS1_SSLeay () ;
307
308 zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
309 zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
310 zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
311 zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
312 /* meth_rsa->rsa_mod_exp */
313 /* meth_rsa->bn_mod_exp */
314 zencod_rsa.init = meth_rsa->init ;
315 zencod_rsa.finish = meth_rsa->finish ;
316#endif
317
318#ifndef OPENSSL_NO_DSA
319 /* We use OpenSSL meth to supply what we don't provide ;-*)
320 */
321 meth_dsa = DSA_OpenSSL () ;
322
323 /* meth_dsa->dsa_do_sign */
324 zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
325 /* meth_dsa->dsa_do_verify */
326 zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
327 /* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
328 zencod_dsa.init = meth_dsa->init ;
329 zencod_dsa.finish = meth_dsa->finish ;
330#endif
331
332#ifndef OPENSSL_NO_DH
333 /* We use OpenSSL meth to supply what we don't provide ;-*)
334 */
335 meth_dh = DH_OpenSSL () ;
336
337 /* zencod_dh.generate_key = meth_dh->generate_key ; */
338 /* zencod_dh.compute_key = meth_dh->compute_key ; */
339 /* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
340 zencod_dh.init = meth_dh->init ;
341 zencod_dh.finish = meth_dh->finish ;
342
343#endif
344
345 /* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
346 */
347 meth_rand = RAND_SSLeay () ;
348
349 /* meth_rand->seed ; */
350 /* zencod_rand.seed = meth_rand->seed ; */
351 /* meth_rand->bytes ; */
352 /* zencod_rand.bytes = meth_rand->bytes ; */
353 zencod_rand.cleanup = meth_rand->cleanup ;
354 zencod_rand.add = meth_rand->add ;
355 /* meth_rand->pseudorand ; */
356 /* zencod_rand.pseudorand = meth_rand->pseudorand ; */
357 /* zencod_rand.status = meth_rand->status ; */
358 /* meth_rand->status ; */
359
360 /* Ensure the zencod error handling is set up */
361 ERR_load_ZENCOD_strings () ;
362 return 1 ;
363}
364
365
366/* As this is only ever called once, there's no need for locking
367 * (indeed - the lock will already be held by our caller!!!)
368 */
369ENGINE *ENGINE_zencod ( void )
370{
371
372 ENGINE *eng = ENGINE_new () ;
373
374 if ( !eng ) {
375 return NULL ;
376 }
377 if ( !bind_helper ( eng ) ) {
378 ENGINE_free ( eng ) ;
379 return NULL ;
380 }
381
382 return eng ;
383}
384
385
386void ENGINE_load_zencod ( void )
387{
388 /* Copied from eng_[openssl|dyn].c */
389 ENGINE *toadd = ENGINE_zencod ( ) ;
390 if ( !toadd ) return ;
391 ENGINE_add ( toadd ) ;
392 ENGINE_free ( toadd ) ;
393 ERR_clear_error ( ) ;
394}
395
396
397/* This is a process-global DSO handle used for loading and unloading
398 * the ZENBRIDGE library.
399 * NB: This is only set (or unset) during an * init () or finish () call
400 * (reference counts permitting) and they're * operating with global locks,
401 * so this should be thread-safe * implicitly.
402 */
403static DSO *zencod_dso = NULL ;
404
405static t_zencod_test *ptr_zencod_test = NULL ;
406static t_zencod_bytes2bits *ptr_zencod_bytes2bits = NULL ;
407static t_zencod_bits2bytes *ptr_zencod_bits2bytes = NULL ;
408static t_zencod_new_number *ptr_zencod_new_number = NULL ;
409static t_zencod_init_number *ptr_zencod_init_number = NULL ;
410
411static t_zencod_rsa_mod_exp *ptr_zencod_rsa_mod_exp = NULL ;
412static t_zencod_rsa_mod_exp_crt *ptr_zencod_rsa_mod_exp_crt = NULL ;
413static t_zencod_dsa_do_sign *ptr_zencod_dsa_do_sign = NULL ;
414static t_zencod_dsa_do_verify *ptr_zencod_dsa_do_verify = NULL ;
415static t_zencod_dh_generate_key *ptr_zencod_dh_generate_key = NULL ;
416static t_zencod_dh_compute_key *ptr_zencod_dh_compute_key = NULL ;
417static t_zencod_rand_bytes *ptr_zencod_rand_bytes = NULL ;
418static t_zencod_math_mod_exp *ptr_zencod_math_mod_exp = NULL ;
419
420static t_zencod_md5_init *ptr_zencod_md5_init = NULL ;
421static t_zencod_md5_update *ptr_zencod_md5_update = NULL ;
422static t_zencod_md5_do_final *ptr_zencod_md5_do_final = NULL ;
423static t_zencod_sha1_init *ptr_zencod_sha1_init = NULL ;
424static t_zencod_sha1_update *ptr_zencod_sha1_update = NULL ;
425static t_zencod_sha1_do_final *ptr_zencod_sha1_do_final = NULL ;
426
427static t_zencod_xdes_cipher *ptr_zencod_xdes_cipher = NULL ;
428static t_zencod_rc4_cipher *ptr_zencod_rc4_cipher = NULL ;
429
430/* These are the static string constants for the DSO file name and the function
431 * symbol names to bind to.
432 */
433static const char *ZENCOD_LIBNAME = ZEN_LIBRARY ;
434
435static const char *ZENCOD_Fct_0 = "test_device" ;
436static const char *ZENCOD_Fct_1 = "zenbridge_bytes2bits" ;
437static const char *ZENCOD_Fct_2 = "zenbridge_bits2bytes" ;
438static const char *ZENCOD_Fct_3 = "zenbridge_new_number" ;
439static const char *ZENCOD_Fct_4 = "zenbridge_init_number" ;
440
441static const char *ZENCOD_Fct_exp_1 = "zenbridge_rsa_mod_exp" ;
442static const char *ZENCOD_Fct_exp_2 = "zenbridge_rsa_mod_exp_crt" ;
443static const char *ZENCOD_Fct_dsa_1 = "zenbridge_dsa_do_sign" ;
444static const char *ZENCOD_Fct_dsa_2 = "zenbridge_dsa_do_verify" ;
445static const char *ZENCOD_Fct_dh_1 = "zenbridge_dh_generate_key" ;
446static const char *ZENCOD_Fct_dh_2 = "zenbridge_dh_compute_key" ;
447static const char *ZENCOD_Fct_rand_1 = "zenbridge_rand_bytes" ;
448static const char *ZENCOD_Fct_math_1 = "zenbridge_math_mod_exp" ;
449
450static const char *ZENCOD_Fct_md5_1 = "zenbridge_md5_init" ;
451static const char *ZENCOD_Fct_md5_2 = "zenbridge_md5_update" ;
452static const char *ZENCOD_Fct_md5_3 = "zenbridge_md5_do_final" ;
453static const char *ZENCOD_Fct_sha1_1 = "zenbridge_sha1_init" ;
454static const char *ZENCOD_Fct_sha1_2 = "zenbridge_sha1_update" ;
455static const char *ZENCOD_Fct_sha1_3 = "zenbridge_sha1_do_final" ;
456
457static const char *ZENCOD_Fct_xdes_1 = "zenbridge_xdes_cipher" ;
458static const char *ZENCOD_Fct_rc4_1 = "zenbridge_rc4_cipher" ;
459
460/* Destructor (complements the "ENGINE_zencod ()" constructor)
461 */
462static int zencod_destroy (ENGINE *e )
463{
464
465 ERR_unload_ZENCOD_strings () ;
466
467 return 1 ;
468}
469
470
471/* (de)initialisation functions. Control Function
472 */
473static int zencod_init ( ENGINE *e )
474{
475
476 t_zencod_test *ptr_0 ;
477 t_zencod_bytes2bits *ptr_1 ;
478 t_zencod_bits2bytes *ptr_2 ;
479 t_zencod_new_number *ptr_3 ;
480 t_zencod_init_number *ptr_4 ;
481 t_zencod_rsa_mod_exp *ptr_exp_1 ;
482 t_zencod_rsa_mod_exp_crt *ptr_exp_2 ;
483 t_zencod_dsa_do_sign *ptr_dsa_1 ;
484 t_zencod_dsa_do_verify *ptr_dsa_2 ;
485 t_zencod_dh_generate_key *ptr_dh_1 ;
486 t_zencod_dh_compute_key *ptr_dh_2 ;
487 t_zencod_rand_bytes *ptr_rand_1 ;
488 t_zencod_math_mod_exp *ptr_math_1 ;
489 t_zencod_md5_init *ptr_md5_1 ;
490 t_zencod_md5_update *ptr_md5_2 ;
491 t_zencod_md5_do_final *ptr_md5_3 ;
492 t_zencod_sha1_init *ptr_sha1_1 ;
493 t_zencod_sha1_update *ptr_sha1_2 ;
494 t_zencod_sha1_do_final *ptr_sha1_3 ;
495 t_zencod_xdes_cipher *ptr_xdes_1 ;
496 t_zencod_rc4_cipher *ptr_rc4_1 ;
497
498 CHEESE () ;
499
500 /*
501 * We Should add some tests for non NULL parameters or bad value !!
502 * Stuff to be done ...
503 */
504
505 if ( zencod_dso != NULL ) {
506 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_ALREADY_LOADED ) ;
507 goto err ;
508 }
509 /* Trying to load the Library "cryptozen"
510 */
511 zencod_dso = DSO_load ( NULL, ZENCOD_LIBNAME, NULL, 0 ) ;
512 if ( zencod_dso == NULL ) {
513 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
514 goto err ;
515 }
516
517 /* Trying to load Function from the Library
518 */
519 if ( ! ( ptr_1 = (t_zencod_bytes2bits*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_1 ) ) ||
520 ! ( ptr_2 = (t_zencod_bits2bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_2 ) ) ||
521 ! ( ptr_3 = (t_zencod_new_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_3 ) ) ||
522 ! ( ptr_4 = (t_zencod_init_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_4 ) ) ||
523 ! ( ptr_exp_1 = (t_zencod_rsa_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_1 ) ) ||
524 ! ( ptr_exp_2 = (t_zencod_rsa_mod_exp_crt*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_2 ) ) ||
525 ! ( ptr_dsa_1 = (t_zencod_dsa_do_sign*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_1 ) ) ||
526 ! ( ptr_dsa_2 = (t_zencod_dsa_do_verify*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_2 ) ) ||
527 ! ( ptr_dh_1 = (t_zencod_dh_generate_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_1 ) ) ||
528 ! ( ptr_dh_2 = (t_zencod_dh_compute_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_2 ) ) ||
529 ! ( ptr_rand_1 = (t_zencod_rand_bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rand_1 ) ) ||
530 ! ( ptr_math_1 = (t_zencod_math_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_math_1 ) ) ||
531 ! ( ptr_0 = (t_zencod_test *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_0 ) ) ||
532 ! ( ptr_md5_1 = (t_zencod_md5_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_1 ) ) ||
533 ! ( ptr_md5_2 = (t_zencod_md5_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_2 ) ) ||
534 ! ( ptr_md5_3 = (t_zencod_md5_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_3 ) ) ||
535 ! ( ptr_sha1_1 = (t_zencod_sha1_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_1 ) ) ||
536 ! ( ptr_sha1_2 = (t_zencod_sha1_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_2 ) ) ||
537 ! ( ptr_sha1_3 = (t_zencod_sha1_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_3 ) ) ||
538 ! ( ptr_xdes_1 = (t_zencod_xdes_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_xdes_1 ) ) ||
539 ! ( ptr_rc4_1 = (t_zencod_rc4_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rc4_1 ) ) ) {
540
541 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
542 goto err ;
543 }
544
545 /* The function from "cryptozen" Library have been correctly loaded so copy them
546 */
547 ptr_zencod_test = ptr_0 ;
548 ptr_zencod_bytes2bits = ptr_1 ;
549 ptr_zencod_bits2bytes = ptr_2 ;
550 ptr_zencod_new_number = ptr_3 ;
551 ptr_zencod_init_number = ptr_4 ;
552 ptr_zencod_rsa_mod_exp = ptr_exp_1 ;
553 ptr_zencod_rsa_mod_exp_crt = ptr_exp_2 ;
554 ptr_zencod_dsa_do_sign = ptr_dsa_1 ;
555 ptr_zencod_dsa_do_verify = ptr_dsa_2 ;
556 ptr_zencod_dh_generate_key = ptr_dh_1 ;
557 ptr_zencod_dh_compute_key = ptr_dh_2 ;
558 ptr_zencod_rand_bytes = ptr_rand_1 ;
559 ptr_zencod_math_mod_exp = ptr_math_1 ;
560 ptr_zencod_test = ptr_0 ;
561 ptr_zencod_md5_init = ptr_md5_1 ;
562 ptr_zencod_md5_update = ptr_md5_2 ;
563 ptr_zencod_md5_do_final = ptr_md5_3 ;
564 ptr_zencod_sha1_init = ptr_sha1_1 ;
565 ptr_zencod_sha1_update = ptr_sha1_2 ;
566 ptr_zencod_sha1_do_final = ptr_sha1_3 ;
567 ptr_zencod_xdes_cipher = ptr_xdes_1 ;
568 ptr_zencod_rc4_cipher = ptr_rc4_1 ;
569
570 /* We should peform a test to see if there is actually any unit runnig on the system ...
571 * Even if the cryptozen library is loaded the module coul not be loaded on the system ...
572 * For now we may just open and close the device !!
573 */
574
575 if ( ptr_zencod_test () != 0 ) {
576 ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_UNIT_FAILURE ) ;
577 goto err ;
578 }
579
580 return 1 ;
581err :
582 if ( zencod_dso ) {
583 DSO_free ( zencod_dso ) ;
584 }
585 zencod_dso = NULL ;
586 ptr_zencod_bytes2bits = NULL ;
587 ptr_zencod_bits2bytes = NULL ;
588 ptr_zencod_new_number = NULL ;
589 ptr_zencod_init_number = NULL ;
590 ptr_zencod_rsa_mod_exp = NULL ;
591 ptr_zencod_rsa_mod_exp_crt = NULL ;
592 ptr_zencod_dsa_do_sign = NULL ;
593 ptr_zencod_dsa_do_verify = NULL ;
594 ptr_zencod_dh_generate_key = NULL ;
595 ptr_zencod_dh_compute_key = NULL ;
596 ptr_zencod_rand_bytes = NULL ;
597 ptr_zencod_math_mod_exp = NULL ;
598 ptr_zencod_test = NULL ;
599 ptr_zencod_md5_init = NULL ;
600 ptr_zencod_md5_update = NULL ;
601 ptr_zencod_md5_do_final = NULL ;
602 ptr_zencod_sha1_init = NULL ;
603 ptr_zencod_sha1_update = NULL ;
604 ptr_zencod_sha1_do_final = NULL ;
605 ptr_zencod_xdes_cipher = NULL ;
606 ptr_zencod_rc4_cipher = NULL ;
607
608 return 0 ;
609}
610
611
612static int zencod_finish ( ENGINE *e )
613{
614
615 CHEESE () ;
616
617 /*
618 * We Should add some tests for non NULL parameters or bad value !!
619 * Stuff to be done ...
620 */
621 if ( zencod_dso == NULL ) {
622 ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_NOT_LOADED ) ;
623 return 0 ;
624 }
625 if ( !DSO_free ( zencod_dso ) ) {
626 ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_DSO_FAILURE ) ;
627 return 0 ;
628 }
629
630 zencod_dso = NULL ;
631
632 ptr_zencod_bytes2bits = NULL ;
633 ptr_zencod_bits2bytes = NULL ;
634 ptr_zencod_new_number = NULL ;
635 ptr_zencod_init_number = NULL ;
636 ptr_zencod_rsa_mod_exp = NULL ;
637 ptr_zencod_rsa_mod_exp_crt = NULL ;
638 ptr_zencod_dsa_do_sign = NULL ;
639 ptr_zencod_dsa_do_verify = NULL ;
640 ptr_zencod_dh_generate_key = NULL ;
641 ptr_zencod_dh_compute_key = NULL ;
642 ptr_zencod_rand_bytes = NULL ;
643 ptr_zencod_math_mod_exp = NULL ;
644 ptr_zencod_test = NULL ;
645 ptr_zencod_md5_init = NULL ;
646 ptr_zencod_md5_update = NULL ;
647 ptr_zencod_md5_do_final = NULL ;
648 ptr_zencod_sha1_init = NULL ;
649 ptr_zencod_sha1_update = NULL ;
650 ptr_zencod_sha1_do_final = NULL ;
651 ptr_zencod_xdes_cipher = NULL ;
652 ptr_zencod_rc4_cipher = NULL ;
653
654 return 1 ;
655}
656
657
658static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () )
659{
660
661 int initialised = ( ( zencod_dso == NULL ) ? 0 : 1 ) ;
662
663 CHEESE () ;
664
665 /*
666 * We Should add some tests for non NULL parameters or bad value !!
667 * Stuff to be done ...
668 */
669 switch ( cmd ) {
670 case ZENCOD_CMD_SO_PATH :
671 if ( p == NULL ) {
672 ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ERR_R_PASSED_NULL_PARAMETER ) ;
673 return 0 ;
674 }
675 if ( initialised ) {
676 ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_ALREADY_LOADED ) ;
677 return 0 ;
678 }
679 ZENCOD_LIBNAME = (const char *) p ;
680 return 1 ;
681 default :
682 break ;
683 }
684
685 ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ) ;
686
687 return 0 ;
688}
689
690
691/* BIGNUM stuff Functions
692 */
693static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx )
694{
695 zen_nb_t y, x, e, n;
696 int ret;
697
698 CHEESE () ;
699
700 if ( !zencod_dso ) {
701 ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_NOT_LOADED);
702 return 0;
703 }
704
705 if ( !bn_wexpand(r, m->top + 1) ) {
706 ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
707 return 0;
708 }
709
710 memset(r->d, 0, BN_num_bytes(m));
711
712 ptr_zencod_init_number ( &y, (r->dmax - 1) * sizeof (BN_ULONG) * 8, (unsigned char *) r->d ) ;
713 BIGNUM2ZEN ( &x, a ) ;
714 BIGNUM2ZEN ( &e, p ) ;
715 BIGNUM2ZEN ( &n, m ) ;
716
717 /* Must invert x and e parameter due to BN mod exp prototype ... */
718 ret = ptr_zencod_math_mod_exp ( &y, &e, &x, &n ) ;
719
720 if ( ret ) {
721 PERROR("zenbridge_math_mod_exp");
722 ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
723 return 0;
724 }
725
726 r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
727
728 return 1;
729}
730
731
732/* RSA stuff Functions
733 */
734#ifndef OPENSSL_NO_RSA
735static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *i, RSA *rsa )
736{
737
738 CHEESE () ;
739
740 if ( !zencod_dso ) {
741 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED);
742 return 0;
743 }
744
745 if ( !rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp ) {
746 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BAD_KEY_COMPONENTS);
747 return 0;
748 }
749
750 /* Do in software if argument is too large for hardware */
751 if ( RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT ) {
752 const RSA_METHOD *meth;
753
754 meth = RSA_PKCS1_SSLeay();
755 return meth->rsa_mod_exp(r0, i, rsa);
756 } else {
757 zen_nb_t y, x, p, q, dmp1, dmq1, iqmp;
758
759 if ( !bn_expand(r0, RSA_size(rsa) * 8) ) {
760 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BN_EXPAND_FAIL);
761 return 0;
762 }
763 r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2;
764
765 BIGNUM2ZEN ( &x, i ) ;
766 BIGNUM2ZEN ( &y, r0 ) ;
767 BIGNUM2ZEN ( &p, rsa->p ) ;
768 BIGNUM2ZEN ( &q, rsa->q ) ;
769 BIGNUM2ZEN ( &dmp1, rsa->dmp1 ) ;
770 BIGNUM2ZEN ( &dmq1, rsa->dmq1 ) ;
771 BIGNUM2ZEN ( &iqmp, rsa->iqmp ) ;
772
773 if ( ptr_zencod_rsa_mod_exp_crt ( &y, &x, &p, &q, &dmp1, &dmq1, &iqmp ) < 0 ) {
774 PERROR("zenbridge_rsa_mod_exp_crt");
775 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_REQUEST_FAILED);
776 return 0;
777 }
778
779 return 1;
780 }
781}
782
783
784/* This function is aliased to RSA_mod_exp (with the mont stuff dropped).
785 */
786static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
787 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx )
788{
789
790 CHEESE () ;
791
792 if ( !zencod_dso ) {
793 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED);
794 return 0;
795 }
796
797 /* Do in software if argument is too large for hardware */
798 if ( BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA ) {
799 const RSA_METHOD *meth;
800
801 meth = RSA_PKCS1_SSLeay();
802 return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx);
803 } else {
804 zen_nb_t y, x, e, n;
805
806 if ( !bn_expand(r, BN_num_bits(m)) ) {
807 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
808 return 0;
809 }
810 r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
811
812 BIGNUM2ZEN ( &x, a ) ;
813 BIGNUM2ZEN ( &y, r ) ;
814 BIGNUM2ZEN ( &e, p ) ;
815 BIGNUM2ZEN ( &n, m ) ;
816
817 if ( ptr_zencod_rsa_mod_exp ( &y, &x, &n, &e ) < 0 ) {
818 PERROR("zenbridge_rsa_mod_exp");
819 ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
820 return 0;
821 }
822
823 return 1;
824 }
825}
826#endif /* !OPENSSL_NO_RSA */
827
828
829#ifndef OPENSSL_NO_DSA
830/* DSA stuff Functions
831 */
832static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa )
833{
834 zen_nb_t p, q, g, x, y, r, s, data;
835 DSA_SIG *sig;
836 BIGNUM *bn_r = NULL;
837 BIGNUM *bn_s = NULL;
838 char msg[20];
839
840 CHEESE();
841
842 if ( !zencod_dso ) {
843 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);
844 goto FAILED;
845 }
846
847 if ( dlen > 160 ) {
848 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
849 goto FAILED;
850 }
851
852 /* Do in software if argument is too large for hardware */
853 if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
854 BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
855 const DSA_METHOD *meth;
856 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
857 meth = DSA_OpenSSL();
858 return meth->dsa_do_sign(dgst, dlen, dsa);
859 }
860
861 if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) {
862 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
863 goto FAILED;
864 }
865
866 if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) {
867 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);
868 goto FAILED;
869 }
870
871 bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
872 BIGNUM2ZEN ( &p, dsa->p ) ;
873 BIGNUM2ZEN ( &q, dsa->q ) ;
874 BIGNUM2ZEN ( &g, dsa->g ) ;
875 BIGNUM2ZEN ( &x, dsa->priv_key ) ;
876 BIGNUM2ZEN ( &y, dsa->pub_key ) ;
877 BIGNUM2ZEN ( &r, bn_r ) ;
878 BIGNUM2ZEN ( &s, bn_s ) ;
879 q.len = x.len = 160;
880
881 ypcmem(msg, dgst, 20);
882 ptr_zencod_init_number ( &data, 160, msg ) ;
883
884 if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {
885 PERROR("zenbridge_dsa_do_sign");
886 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
887 goto FAILED;
888 }
889
890 if ( !( sig = DSA_SIG_new () ) ) {
891 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
892 goto FAILED;
893 }
894 sig->r = bn_r;
895 sig->s = bn_s;
896 return sig;
897
898 FAILED:
899 if (bn_r)
900 BN_free(bn_r);
901 if (bn_s)
902 BN_free(bn_s);
903 return NULL;
904}
905
906
907static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )
908{
909 zen_nb_t data, p, q, g, y, r, s, v;
910 char msg[20];
911 char v_data[20];
912 int ret;
913
914 CHEESE();
915
916 if ( !zencod_dso ) {
917 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
918 return 0;
919 }
920
921 if ( dlen > 160 ) {
922 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
923 return 0;
924 }
925
926 /* Do in software if argument is too large for hardware */
927 if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
928 BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
929 const DSA_METHOD *meth;
930 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
931 meth = DSA_OpenSSL();
932 return meth->dsa_do_verify(dgst, dlen, sig, dsa);
933 }
934
935 BIGNUM2ZEN ( &p, dsa->p ) ;
936 BIGNUM2ZEN ( &q, dsa->q ) ;
937 BIGNUM2ZEN ( &g, dsa->g ) ;
938 BIGNUM2ZEN ( &y, dsa->pub_key ) ;
939 BIGNUM2ZEN ( &r, sig->r ) ;
940 BIGNUM2ZEN ( &s, sig->s ) ;
941 ptr_zencod_init_number ( &v, 160, v_data ) ;
942 ypcmem(msg, dgst, 20);
943 ptr_zencod_init_number ( &data, 160, msg ) ;
944
945 if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {
946 PERROR("zenbridge_dsa_do_verify");
947 ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
948 return 0;
949 }
950
951 return ( ( ret == 0 ) ? 1 : ret ) ;
952}
953
954
955static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
956 BN_CTX *ctx, BN_MONT_CTX *m_ctx )
957{
958 CHEESE () ;
959
960 return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
961}
962#endif /* !OPENSSL_NO_DSA */
963
964
965#ifndef OPENSSl_NO_DH
966/* DH stuff Functions
967 */
968static int DH_zencod_generate_key ( DH *dh )
969{
970 BIGNUM *bn_prv = NULL;
971 BIGNUM *bn_pub = NULL;
972 zen_nb_t y, x, g, p;
973 int generate_x;
974
975 CHEESE();
976
977 if ( !zencod_dso ) {
978 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED);
979 return 0;
980 }
981
982 /* Private key */
983 if ( dh->priv_key ) {
984 bn_prv = dh->priv_key;
985 generate_x = 0;
986 } else {
987 if (!(bn_prv = BN_new())) {
988 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
989 goto FAILED;
990 }
991 generate_x = 1;
992 }
993
994 /* Public key */
995 if ( dh->pub_key )
996 bn_pub = dh->pub_key;
997 else
998 if ( !( bn_pub = BN_new () ) ) {
999 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
1000 goto FAILED;
1001 }
1002
1003 /* Expand */
1004 if ( !bn_wexpand ( bn_prv, dh->p->dmax ) ||
1005 !bn_wexpand ( bn_pub, dh->p->dmax ) ) {
1006 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
1007 goto FAILED;
1008 }
1009 bn_prv->top = dh->p->top;
1010 bn_pub->top = dh->p->top;
1011
1012 /* Convert all keys */
1013 BIGNUM2ZEN ( &p, dh->p ) ;
1014 BIGNUM2ZEN ( &g, dh->g ) ;
1015 BIGNUM2ZEN ( &y, bn_pub ) ;
1016 BIGNUM2ZEN ( &x, bn_prv ) ;
1017 x.len = DH_size(dh) * 8;
1018
1019 /* Adjust the lengths of P and G */
1020 p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
1021 g.len = ptr_zencod_bytes2bits ( g.data, ZEN_BYTES ( g.len ) ) ;
1022
1023 /* Send the request to the driver */
1024 if ( ptr_zencod_dh_generate_key ( &y, &x, &g, &p, generate_x ) < 0 ) {
1025 perror("zenbridge_dh_generate_key");
1026 ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED);
1027 goto FAILED;
1028 }
1029
1030 dh->priv_key = bn_prv;
1031 dh->pub_key = bn_pub;
1032
1033 return 1;
1034
1035 FAILED:
1036 if (!dh->priv_key && bn_prv)
1037 BN_free(bn_prv);
1038 if (!dh->pub_key && bn_pub)
1039 BN_free(bn_pub);
1040
1041 return 0;
1042}
1043
1044
1045static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh )
1046{
1047 zen_nb_t y, x, p, k;
1048
1049 CHEESE();
1050
1051 if ( !zencod_dso ) {
1052 ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED);
1053 return 0;
1054 }
1055
1056 if ( !dh->priv_key ) {
1057 ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS);
1058 return 0;
1059 }
1060
1061 /* Convert all keys */
1062 BIGNUM2ZEN ( &y, pub_key ) ;
1063 BIGNUM2ZEN ( &x, dh->priv_key ) ;
1064 BIGNUM2ZEN ( &p, dh->p ) ;
1065 ptr_zencod_init_number ( &k, p.len, key ) ;
1066
1067 /* Adjust the lengths */
1068 p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
1069 y.len = ptr_zencod_bytes2bits ( y.data, ZEN_BYTES ( y.len ) ) ;
1070 x.len = ptr_zencod_bytes2bits ( x.data, ZEN_BYTES ( x.len ) ) ;
1071
1072 /* Call the hardware */
1073 if ( ptr_zencod_dh_compute_key ( &k, &y, &x, &p ) < 0 ) {
1074 ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED);
1075 return 0;
1076 }
1077
1078 /* The key must be written MSB -> LSB */
1079 k.len = ptr_zencod_bytes2bits ( k.data, ZEN_BYTES ( k.len ) ) ;
1080 esrever ( key, ZEN_BYTES ( k.len ) ) ;
1081
1082 return ZEN_BYTES ( k.len ) ;
1083}
1084
1085
1086static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
1087 BN_MONT_CTX *m_ctx )
1088{
1089 CHEESE () ;
1090
1091 return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
1092}
1093#endif /* !OPENSSL_NO_DH */
1094
1095
1096/* RAND stuff Functions
1097 */
1098static void RAND_zencod_seed ( const void *buf, int num )
1099{
1100 /* Nothing to do cause our crypto accelerator provide a true random generator */
1101}
1102
1103
1104static int RAND_zencod_rand_bytes ( unsigned char *buf, int num )
1105{
1106 zen_nb_t r;
1107
1108 CHEESE();
1109
1110 if ( !zencod_dso ) {
1111 ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED);
1112 return 0;
1113 }
1114
1115 ptr_zencod_init_number ( &r, num * 8, buf ) ;
1116
1117 if ( ptr_zencod_rand_bytes ( &r, ZENBRIDGE_RNG_DIRECT ) < 0 ) {
1118 PERROR("zenbridge_rand_bytes");
1119 ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED);
1120 return 0;
1121 }
1122
1123 return 1;
1124}
1125
1126
1127static int RAND_zencod_rand_status ( void )
1128{
1129 CHEESE () ;
1130
1131 return 1;
1132}
1133
1134
1135/* This stuff is needed if this ENGINE is being compiled into a self-contained
1136 * shared-library.
1137 */
1138#ifdef ENGINE_DYNAMIC_SUPPORT
1139static int bind_fn ( ENGINE *e, const char *id )
1140{
1141
1142 if ( id && ( strcmp ( id, engine_zencod_id ) != 0 ) ) {
1143 return 0 ;
1144 }
1145 if ( !bind_helper ( e ) ) {
1146 return 0 ;
1147 }
1148
1149 return 1 ;
1150}
1151
1152IMPLEMENT_DYNAMIC_CHECK_FN ()
1153IMPLEMENT_DYNAMIC_BIND_FN ( bind_fn )
1154#endif /* ENGINE_DYNAMIC_SUPPORT */
1155
1156
1157
1158
1159/*
1160 * Adding "Digest" and "Cipher" tools ...
1161 * This is in development ... ;-)
1162 * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth),
1163 * and evp, sha md5 definitions etc ...
1164 */
1165/* First add some include ... */
1166#include <openssl/evp.h>
1167#include <openssl/sha.h>
1168#include <openssl/md5.h>
1169#include <openssl/rc4.h>
1170#include <openssl/des.h>
1171
1172
1173/* Some variables declaration ... */
1174/* DONS:
1175 * Disable symetric computation except DES and 3DES, but let part of the code
1176 */
1177/* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */
1178static int engine_digest_nids [ ] = { } ;
1179static int engine_digest_nids_num = 0 ;
1180/* static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc, NID_des_ede3_cbc } ; */
1181static int engine_cipher_nids [ ] = { NID_des_cbc, NID_des_ede3_cbc } ;
1182static int engine_cipher_nids_num = 2 ;
1183
1184
1185/* Function prototype ... */
1186/* SHA stuff */
1187static int engine_sha1_init ( EVP_MD_CTX *ctx ) ;
1188static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
1189static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
1190
1191/* MD5 stuff */
1192static int engine_md5_init ( EVP_MD_CTX *ctx ) ;
1193static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
1194static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
1195
1196static int engine_md_cleanup ( EVP_MD_CTX *ctx ) ;
1197static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) ;
1198
1199
1200/* RC4 Stuff */
1201static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
1202static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
1203
1204/* DES Stuff */
1205static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
1206static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
1207
1208/* 3DES Stuff */
1209static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
1210static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out,const unsigned char *in, unsigned int inl ) ;
1211
1212static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) ; /* cleanup ctx */
1213
1214
1215/* The one for SHA ... */
1216static const EVP_MD engine_sha1_md =
1217{
1218 NID_sha1,
1219 NID_sha1WithRSAEncryption,
1220 SHA_DIGEST_LENGTH,
1221 EVP_MD_FLAG_ONESHOT,
1222 /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
1223 * XXX: set according to device info ... */
1224 engine_sha1_init,
1225 engine_sha1_update,
1226 engine_sha1_final,
1227 engine_md_copy, /* dev_crypto_sha_copy */
1228 engine_md_cleanup, /* dev_crypto_sha_cleanup */
1229 EVP_PKEY_RSA_method,
1230 SHA_CBLOCK,
1231 /* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */
1232 sizeof ( ZEN_MD_DATA )
1233 /* sizeof ( MD_CTX_DATA ) The message digest data stucture ... */
1234} ;
1235
1236/* The one for MD5 ... */
1237static const EVP_MD engine_md5_md =
1238{
1239 NID_md5,
1240 NID_md5WithRSAEncryption,
1241 MD5_DIGEST_LENGTH,
1242 EVP_MD_FLAG_ONESHOT,
1243 /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
1244 * XXX: set according to device info ... */
1245 engine_md5_init,
1246 engine_md5_update,
1247 engine_md5_final,
1248 engine_md_copy, /* dev_crypto_md5_copy */
1249 engine_md_cleanup, /* dev_crypto_md5_cleanup */
1250 EVP_PKEY_RSA_method,
1251 MD5_CBLOCK,
1252 /* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */
1253 sizeof ( ZEN_MD_DATA )
1254 /* sizeof ( MD_CTX_DATA ) The message digest data stucture ... */
1255} ;
1256
1257
1258/* The one for RC4 ... */
1259#define EVP_RC4_KEY_SIZE 16
1260
1261/* Try something static ... */
1262typedef struct
1263{
1264 unsigned int len ;
1265 unsigned int first ;
1266 unsigned char rc4_state [ 260 ] ;
1267} NEW_ZEN_RC4_KEY ;
1268
1269#define rc4_data(ctx) ( (EVP_RC4_KEY *) ( ctx )->cipher_data )
1270
1271static const EVP_CIPHER engine_rc4 =
1272{
1273 NID_rc4,
1274 1,
1275 16, /* EVP_RC4_KEY_SIZE should be 128 bits */
1276 0, /* FIXME: key should be up to 256 bytes */
1277 EVP_CIPH_VARIABLE_LENGTH,
1278 engine_rc4_init_key,
1279 engine_rc4_cipher,
1280 engine_cipher_cleanup,
1281 sizeof ( NEW_ZEN_RC4_KEY ),
1282 NULL,
1283 NULL,
1284 NULL
1285} ;
1286
1287/* The one for RC4_40 ... */
1288static const EVP_CIPHER engine_rc4_40 =
1289{
1290 NID_rc4_40,
1291 1,
1292 5, /* 40 bits */
1293 0,
1294 EVP_CIPH_VARIABLE_LENGTH,
1295 engine_rc4_init_key,
1296 engine_rc4_cipher,
1297 engine_cipher_cleanup,
1298 sizeof ( NEW_ZEN_RC4_KEY ),
1299 NULL,
1300 NULL,
1301 NULL
1302} ;
1303
1304/* The one for DES ... */
1305
1306/* Try something static ... */
1307typedef struct
1308{
1309 unsigned char des_key [ 24 ] ;
1310 unsigned char des_iv [ 8 ] ;
1311} ZEN_DES_KEY ;
1312
1313static const EVP_CIPHER engine_des_cbc =
1314 {
1315 NID_des_cbc,
1316 8, 8, 8,
1317 0 | EVP_CIPH_CBC_MODE,
1318 engine_des_init_key,
1319 engine_des_cbc_cipher,
1320 engine_cipher_cleanup,
1321 sizeof(ZEN_DES_KEY),
1322 EVP_CIPHER_set_asn1_iv,
1323 EVP_CIPHER_get_asn1_iv,
1324 NULL,
1325 NULL
1326 };
1327
1328/* The one for 3DES ... */
1329
1330/* Try something static ... */
1331typedef struct
1332{
1333 unsigned char des3_key [ 24 ] ;
1334 unsigned char des3_iv [ 8 ] ;
1335} ZEN_3DES_KEY ;
1336
1337#define des_data(ctx) ( (DES_EDE_KEY *) ( ctx )->cipher_data )
1338
1339static const EVP_CIPHER engine_des_ede3_cbc =
1340 {
1341 NID_des_ede3_cbc,
1342 8, 8, 8,
1343 0 | EVP_CIPH_CBC_MODE,
1344 engine_des_ede3_init_key,
1345 engine_des_ede3_cbc_cipher,
1346 engine_cipher_cleanup,
1347 sizeof(ZEN_3DES_KEY),
1348 EVP_CIPHER_set_asn1_iv,
1349 EVP_CIPHER_get_asn1_iv,
1350 NULL,
1351 NULL
1352 };
1353
1354
1355/* General function cloned on hw_openbsd_dev_crypto one ... */
1356static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid )
1357{
1358
1359#ifdef DEBUG_ZENCOD_MD
1360 fprintf ( stderr, "\t=>Function : static int engine_digests () called !\n" ) ;
1361#endif
1362
1363 if ( !digest ) {
1364 /* We are returning a list of supported nids */
1365 *nids = engine_digest_nids ;
1366 return engine_digest_nids_num ;
1367 }
1368 /* We are being asked for a specific digest */
1369 if ( nid == NID_md5 ) {
1370 *digest = &engine_md5_md ;
1371 }
1372 else if ( nid == NID_sha1 ) {
1373 *digest = &engine_sha1_md ;
1374 }
1375 else {
1376 *digest = NULL ;
1377 return 0 ;
1378 }
1379 return 1 ;
1380}
1381
1382
1383/* SHA stuff Functions
1384 */
1385static int engine_sha1_init ( EVP_MD_CTX *ctx )
1386{
1387
1388 int to_return = 0 ;
1389
1390 /* Test with zenbridge library ... */
1391 to_return = ptr_zencod_sha1_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
1392 to_return = !to_return ;
1393
1394 return to_return ;
1395}
1396
1397
1398static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
1399{
1400
1401 zen_nb_t input ;
1402 int to_return = 0 ;
1403
1404 /* Convert parameters ... */
1405 input.len = count ;
1406 input.data = (unsigned char *) data ;
1407
1408 /* Test with zenbridge library ... */
1409 to_return = ptr_zencod_sha1_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
1410 to_return = !to_return ;
1411
1412 return to_return ;
1413}
1414
1415
1416static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md )
1417{
1418
1419 zen_nb_t output ;
1420 int to_return = 0 ;
1421
1422 /* Convert parameters ... */
1423 output.len = SHA_DIGEST_LENGTH ;
1424 output.data = md ;
1425
1426 /* Test with zenbridge library ... */
1427 to_return = ptr_zencod_sha1_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
1428 to_return = !to_return ;
1429
1430 return to_return ;
1431}
1432
1433
1434
1435/* MD5 stuff Functions
1436 */
1437static int engine_md5_init ( EVP_MD_CTX *ctx )
1438{
1439
1440 int to_return = 0 ;
1441
1442 /* Test with zenbridge library ... */
1443 to_return = ptr_zencod_md5_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
1444 to_return = !to_return ;
1445
1446 return to_return ;
1447}
1448
1449
1450static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
1451{
1452
1453 zen_nb_t input ;
1454 int to_return = 0 ;
1455
1456 /* Convert parameters ... */
1457 input.len = count ;
1458 input.data = (unsigned char *) data ;
1459
1460 /* Test with zenbridge library ... */
1461 to_return = ptr_zencod_md5_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
1462 to_return = !to_return ;
1463
1464 return to_return ;
1465}
1466
1467
1468static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md )
1469{
1470
1471 zen_nb_t output ;
1472 int to_return = 0 ;
1473
1474 /* Convert parameters ... */
1475 output.len = MD5_DIGEST_LENGTH ;
1476 output.data = md ;
1477
1478 /* Test with zenbridge library ... */
1479 to_return = ptr_zencod_md5_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
1480 to_return = !to_return ;
1481
1482 return to_return ;
1483}
1484
1485
1486static int engine_md_cleanup ( EVP_MD_CTX *ctx )
1487{
1488
1489 ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *) ctx->md_data ;
1490
1491 if ( zen_md_data->HashBuffer != NULL ) {
1492 OPENSSL_free ( zen_md_data->HashBuffer ) ;
1493 zen_md_data->HashBufferSize = 0 ;
1494 ctx->md_data = NULL ;
1495 }
1496
1497 return 1 ;
1498}
1499
1500
1501static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from )
1502{
1503 const ZEN_MD_DATA *from_md = (ZEN_MD_DATA *) from->md_data ;
1504 ZEN_MD_DATA *to_md = (ZEN_MD_DATA *) to->md_data ;
1505
1506 to_md->HashBuffer = OPENSSL_malloc ( from_md->HashBufferSize ) ;
1507 memcpy ( to_md->HashBuffer, from_md->HashBuffer, from_md->HashBufferSize ) ;
1508
1509 return 1;
1510}
1511
1512
1513/* General function cloned on hw_openbsd_dev_crypto one ... */
1514static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid )
1515{
1516
1517 if ( !cipher ) {
1518 /* We are returning a list of supported nids */
1519 *nids = engine_cipher_nids ;
1520 return engine_cipher_nids_num ;
1521 }
1522 /* We are being asked for a specific cipher */
1523 if ( nid == NID_rc4 ) {
1524 *cipher = &engine_rc4 ;
1525 }
1526 else if ( nid == NID_rc4_40 ) {
1527 *cipher = &engine_rc4_40 ;
1528 }
1529 else if ( nid == NID_des_cbc ) {
1530 *cipher = &engine_des_cbc ;
1531 }
1532 else if ( nid == NID_des_ede3_cbc ) {
1533 *cipher = &engine_des_ede3_cbc ;
1534 }
1535 else {
1536 *cipher = NULL ;
1537 return 0 ;
1538 }
1539
1540 return 1 ;
1541}
1542
1543
1544static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
1545{
1546 int to_return = 0 ;
1547 int i = 0 ;
1548 int nb = 0 ;
1549 NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
1550
1551 tmp_rc4_key = (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ;
1552 tmp_rc4_key->first = 0 ;
1553 tmp_rc4_key->len = ctx->key_len ;
1554 tmp_rc4_key->rc4_state [ 0 ] = 0x00 ;
1555 tmp_rc4_key->rc4_state [ 2 ] = 0x00 ;
1556 nb = 256 / ctx->key_len ;
1557 for ( i = 0; i < nb ; i++ ) {
1558 memcpy ( &( tmp_rc4_key->rc4_state [ 4 + i*ctx->key_len ] ), key, ctx->key_len ) ;
1559 }
1560
1561 to_return = 1 ;
1562
1563 return to_return ;
1564}
1565
1566
1567static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int in_len )
1568{
1569
1570 zen_nb_t output, input ;
1571 zen_nb_t rc4key ;
1572 int to_return = 0 ;
1573 NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
1574
1575 /* Convert parameters ... */
1576 input.len = in_len ;
1577 input.data = (unsigned char *) in ;
1578 output.len = in_len ;
1579 output.data = (unsigned char *) out ;
1580
1581 tmp_rc4_key = ( (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ) ;
1582 rc4key.len = 260 ;
1583 rc4key.data = &( tmp_rc4_key->rc4_state [ 0 ] ) ;
1584
1585 /* Test with zenbridge library ... */
1586 to_return = ptr_zencod_rc4_cipher ( &output, &input, (const zen_nb_t *) &rc4key, &( tmp_rc4_key->rc4_state [0] ), &( tmp_rc4_key->rc4_state [3] ), !tmp_rc4_key->first ) ;
1587 to_return = !to_return ;
1588
1589 /* Update encryption state ... */
1590 tmp_rc4_key->first = 1 ;
1591 tmp_rc4_key = NULL ;
1592
1593 return to_return ;
1594}
1595
1596
1597static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
1598{
1599
1600 ZEN_DES_KEY *tmp_des_key = NULL ;
1601 int to_return = 0 ;
1602
1603 tmp_des_key = (ZEN_DES_KEY *) ( ctx->cipher_data ) ;
1604 memcpy ( &( tmp_des_key->des_key [ 0 ] ), key, 8 ) ;
1605 memcpy ( &( tmp_des_key->des_key [ 8 ] ), key, 8 ) ;
1606 memcpy ( &( tmp_des_key->des_key [ 16 ] ), key, 8 ) ;
1607 memcpy ( &( tmp_des_key->des_iv [ 0 ] ), iv, 8 ) ;
1608
1609 to_return = 1 ;
1610
1611 return to_return ;
1612}
1613
1614
1615static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl )
1616{
1617
1618 zen_nb_t output, input ;
1619 zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
1620 int to_return = 0 ;
1621
1622 /* Convert parameters ... */
1623 input.len = inl ;
1624 input.data = (unsigned char *) in ;
1625 output.len = inl ;
1626 output.data = out ;
1627
1628 /* Set key parameters ... */
1629 deskey_1.len = 8 ;
1630 deskey_2.len = 8 ;
1631 deskey_3.len = 8 ;
1632 deskey_1.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key ;
1633 deskey_2.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 8 ] ;
1634 deskey_3.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 16 ] ;
1635
1636 /* Key correct iv ... */
1637 memcpy ( ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv, ctx->iv, 8 ) ;
1638 iv.len = 8 ;
1639 iv.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv ;
1640
1641 if ( ctx->encrypt == 0 ) {
1642 memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
1643 }
1644
1645 /* Test with zenbridge library ... */
1646 to_return = ptr_zencod_xdes_cipher ( &output, &input,
1647 (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
1648 to_return = !to_return ;
1649
1650 /* But we need to set up the rigth iv ...
1651 * Test ENCRYPT or DECRYPT mode to set iv ... */
1652 if ( ctx->encrypt == 1 ) {
1653 memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
1654 }
1655
1656 return to_return ;
1657}
1658
1659
1660static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
1661{
1662
1663 ZEN_3DES_KEY *tmp_3des_key = NULL ;
1664 int to_return = 0 ;
1665
1666 tmp_3des_key = (ZEN_3DES_KEY *) ( ctx->cipher_data ) ;
1667 memcpy ( &( tmp_3des_key->des3_key [ 0 ] ), key, 24 ) ;
1668 memcpy ( &( tmp_3des_key->des3_iv [ 0 ] ), iv, 8 ) ;
1669
1670 to_return = 1;
1671
1672 return to_return ;
1673}
1674
1675
1676static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
1677 unsigned int in_len )
1678{
1679
1680 zen_nb_t output, input ;
1681 zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
1682 int to_return = 0 ;
1683
1684 /* Convert parameters ... */
1685 input.len = in_len ;
1686 input.data = (unsigned char *) in ;
1687 output.len = in_len ;
1688 output.data = out ;
1689
1690 /* Set key ... */
1691 deskey_1.len = 8 ;
1692 deskey_2.len = 8 ;
1693 deskey_3.len = 8 ;
1694 deskey_1.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key ;
1695 deskey_2.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 8 ] ;
1696 deskey_3.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 16 ] ;
1697
1698 /* Key correct iv ... */
1699 memcpy ( ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv, ctx->iv, 8 ) ;
1700 iv.len = 8 ;
1701 iv.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv ;
1702
1703 if ( ctx->encrypt == 0 ) {
1704 memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
1705 }
1706
1707 /* Test with zenbridge library ... */
1708 to_return = ptr_zencod_xdes_cipher ( &output, &input,
1709 (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
1710 to_return = !to_return ;
1711
1712 if ( ctx->encrypt == 1 ) {
1713 memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
1714 }
1715
1716 return to_return ;
1717}
1718
1719
1720static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx )
1721{
1722
1723 /* Set the key pointer ... */
1724 if ( ctx->cipher->nid == NID_rc4 || ctx->cipher->nid == NID_rc4_40 ) {
1725 }
1726 else if ( ctx->cipher->nid == NID_des_cbc ) {
1727 }
1728 else if ( ctx->cipher->nid == NID_des_ede3_cbc ) {
1729 }
1730
1731 return 1 ;
1732}
1733
1734
1735#endif /* !OPENSSL_NO_HW_ZENCOD */
1736#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec
new file mode 100644
index 0000000000..1552c79be6
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec
@@ -0,0 +1,8 @@
1# configuration file for util/mkerr.pl
2#
3# use like this:
4#
5# perl ../../../util/mkerr.pl -conf hw_zencod.ec \
6# -nostatic -staticloader -write *.c
7
8L ZENCOD hw_zencod_err.h hw_zencod_err.c
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h
new file mode 100644
index 0000000000..195345d8c6
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h
@@ -0,0 +1,160 @@
1/* File : /crypto/engine/vendor_defns/hw_zencod.h */
2/* ====================================================================
3 * Written by Donnat Frederic (frederic.donnat@zencod.com) from ZENCOD
4 * for "zencod" ENGINE integration in OpenSSL project.
5 */
6
7
8 #ifndef _HW_ZENCOD_H_
9#define _HW_ZENCOD_H_
10
11#include <stdio.h>
12
13#ifdef __cplusplus
14extern "C" {
15#endif /* __cplusplus */
16
17#define ZENBRIDGE_MAX_KEYSIZE_RSA 2048
18#define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024
19#define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024
20#define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024
21
22/* Library version computation */
23#define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff)
24#define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff)
25#define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff)
26#define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z))
27
28/*
29 * Memory type
30 */
31typedef struct zencod_number_s {
32 unsigned long len;
33 unsigned char *data;
34} zen_nb_t;
35
36#define KEY zen_nb_t
37
38
39/*
40 * Misc
41 */
42typedef int t_zencod_lib_version (void);
43typedef int t_zencod_hw_version (void);
44typedef int t_zencod_test (void);
45typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);
46
47
48/*
49 * Key managment tools
50 */
51typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);
52typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);
53typedef unsigned long t_zencod_bytes2bits (unsigned char *n, unsigned long bytes);
54typedef unsigned long t_zencod_bits2bytes (unsigned long bits);
55
56
57/*
58 * RSA API
59 */
60/* Compute modular exponential : y = x**e | n */
61typedef int t_zencod_rsa_mod_exp (KEY *y, KEY *x, KEY *n, KEY *e);
62/* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp | p, y = y2 + (qinv * (y1 - y2) | p) * q */
63typedef int t_zencod_rsa_mod_exp_crt (KEY *y, KEY *x, KEY *p, KEY *q,
64 KEY *edp, KEY *edq, KEY *qinv);
65
66
67/*
68 * DSA API
69 */
70typedef int t_zencod_dsa_do_sign (unsigned int hash, KEY *data, KEY *random,
71 KEY *p, KEY *q, KEY *g, KEY *x, KEY *r, KEY *s);
72typedef int t_zencod_dsa_do_verify (unsigned int hash, KEY *data,
73 KEY *p, KEY *q, KEY *g, KEY *y,
74 KEY *r, KEY *s, KEY *v);
75
76
77/*
78 * DH API
79 */
80 /* Key generation : compute public value y = g**x | n */
81typedef int t_zencod_dh_generate_key (KEY *y, KEY *x, KEY *g, KEY *n, int gen_x);
82typedef int t_zencod_dh_compute_key (KEY *k, KEY *y, KEY *x, KEY *n);
83
84
85/*
86 * RNG API
87 */
88#define ZENBRIDGE_RNG_DIRECT 0
89#define ZENBRIDGE_RNG_SHA1 1
90typedef int t_zencod_rand_bytes (KEY *rand, unsigned int flags);
91
92
93/*
94 * Math API
95 */
96typedef int t_zencod_math_mod_exp (KEY *r, KEY *a, KEY *e, KEY *n);
97
98
99
100
101/*
102 * Symetric API
103 */
104/* Define a data structure for digests operations */
105typedef struct ZEN_data_st
106{
107 unsigned int HashBufferSize ;
108 unsigned char *HashBuffer ;
109} ZEN_MD_DATA ;
110
111/*
112 * Functions for Digest (MD5, SHA1) stuff
113 */
114/* output : output data buffer */
115/* input : input data buffer */
116/* algo : hash algorithm, MD5 or SHA1 */
117/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
118 * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
119 */
120/* For now separate this stuff that mad it easier to test */
121typedef int t_zencod_md5_init ( ZEN_MD_DATA *data ) ;
122typedef int t_zencod_md5_update ( ZEN_MD_DATA *data, const KEY *input ) ;
123typedef int t_zencod_md5_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
124
125typedef int t_zencod_sha1_init ( ZEN_MD_DATA *data ) ;
126typedef int t_zencod_sha1_update ( ZEN_MD_DATA *data, const KEY *input ) ;
127typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
128
129
130/*
131 * Functions for Cipher (RC4, DES, 3DES) stuff
132 */
133/* output : output data buffer */
134/* input : input data buffer */
135/* key : rc4 key data */
136/* index_1 : value of index x from RC4 key structure */
137/* index_2 : value of index y from RC4 key structure */
138/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
139typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
140 unsigned char *index_1, unsigned char *index_2, int mode ) ;
141
142/* output : output data buffer */
143/* input : input data buffer */
144/* key_1 : des first key data */
145/* key_2 : des second key data */
146/* key_3 : des third key data */
147/* iv : initial vector */
148/* mode : xdes mode (encrypt or decrypt) */
149/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
150typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
151 const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;
152
153
154#undef KEY
155
156#ifdef __cplusplus
157}
158#endif /* __cplusplus */
159
160#endif /* !_HW_ZENCOD_H_ */
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c
new file mode 100644
index 0000000000..8ed0fffc9c
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c
@@ -0,0 +1,151 @@
1/* hw_zencod_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "hw_zencod_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA ZENCOD_str_functs[]=
68 {
69{ERR_PACK(0,ZENCOD_F_ZENCOD_BN_MOD_EXP,0), "ZENCOD_BN_MOD_EXP"},
70{ERR_PACK(0,ZENCOD_F_ZENCOD_CTRL,0), "ZENCOD_CTRL"},
71{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_COMPUTE,0), "ZENCOD_DH_COMPUTE"},
72{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_GENERATE,0), "ZENCOD_DH_GENERATE"},
73{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_SIGN,0), "ZENCOD_DSA_DO_SIGN"},
74{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_VERIFY,0), "ZENCOD_DSA_DO_VERIFY"},
75{ERR_PACK(0,ZENCOD_F_ZENCOD_FINISH,0), "ZENCOD_FINISH"},
76{ERR_PACK(0,ZENCOD_F_ZENCOD_INIT,0), "ZENCOD_INIT"},
77{ERR_PACK(0,ZENCOD_F_ZENCOD_RAND,0), "ZENCOD_RAND"},
78{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP,0), "ZENCOD_RSA_MOD_EXP"},
79{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,0), "ZENCOD_RSA_MOD_EXP_CRT"},
80{0,NULL}
81 };
82
83static ERR_STRING_DATA ZENCOD_str_reasons[]=
84 {
85{ZENCOD_R_ALREADY_LOADED ,"already loaded"},
86{ZENCOD_R_BAD_KEY_COMPONENTS ,"bad key components"},
87{ZENCOD_R_BN_EXPAND_FAIL ,"bn expand fail"},
88{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
89{ZENCOD_R_DSO_FAILURE ,"dso failure"},
90{ZENCOD_R_NOT_LOADED ,"not loaded"},
91{ZENCOD_R_REQUEST_FAILED ,"request failed"},
92{ZENCOD_R_UNIT_FAILURE ,"unit failure"},
93{0,NULL}
94 };
95
96#endif
97
98#ifdef ZENCOD_LIB_NAME
99static ERR_STRING_DATA ZENCOD_lib_name[]=
100 {
101{0 ,ZENCOD_LIB_NAME},
102{0,NULL}
103 };
104#endif
105
106
107static int ZENCOD_lib_error_code=0;
108static int ZENCOD_error_init=1;
109
110static void ERR_load_ZENCOD_strings(void)
111 {
112 if (ZENCOD_lib_error_code == 0)
113 ZENCOD_lib_error_code=ERR_get_next_error_library();
114
115 if (ZENCOD_error_init)
116 {
117 ZENCOD_error_init=0;
118#ifndef OPENSSL_NO_ERR
119 ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
120 ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
121#endif
122
123#ifdef ZENCOD_LIB_NAME
124 ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code,0,0);
125 ERR_load_strings(0,ZENCOD_lib_name);
126#endif
127 }
128 }
129
130static void ERR_unload_ZENCOD_strings(void)
131 {
132 if (ZENCOD_error_init == 0)
133 {
134#ifndef OPENSSL_NO_ERR
135 ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
136 ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
137#endif
138
139#ifdef ZENCOD_LIB_NAME
140 ERR_unload_strings(0,ZENCOD_lib_name);
141#endif
142 ZENCOD_error_init=1;
143 }
144 }
145
146static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
147 {
148 if (ZENCOD_lib_error_code == 0)
149 ZENCOD_lib_error_code=ERR_get_next_error_library();
150 ERR_PUT_error(ZENCOD_lib_error_code,function,reason,file,line);
151 }
diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h
new file mode 100644
index 0000000000..1b5dcb5685
--- /dev/null
+++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h
@@ -0,0 +1,95 @@
1/* ====================================================================
2 * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_ZENCOD_ERR_H
56#define HEADER_ZENCOD_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_ZENCOD_strings(void);
63static void ERR_unload_ZENCOD_strings(void);
64static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
65#define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the ZENCOD functions. */
68
69/* Function codes. */
70#define ZENCOD_F_ZENCOD_BN_MOD_EXP 100
71#define ZENCOD_F_ZENCOD_CTRL 101
72#define ZENCOD_F_ZENCOD_DH_COMPUTE 102
73#define ZENCOD_F_ZENCOD_DH_GENERATE 103
74#define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104
75#define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105
76#define ZENCOD_F_ZENCOD_FINISH 106
77#define ZENCOD_F_ZENCOD_INIT 107
78#define ZENCOD_F_ZENCOD_RAND 108
79#define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109
80#define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110
81
82/* Reason codes. */
83#define ZENCOD_R_ALREADY_LOADED 100
84#define ZENCOD_R_BAD_KEY_COMPONENTS 101
85#define ZENCOD_R_BN_EXPAND_FAIL 102
86#define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
87#define ZENCOD_R_DSO_FAILURE 104
88#define ZENCOD_R_NOT_LOADED 105
89#define ZENCOD_R_REQUEST_FAILED 106
90#define ZENCOD_R_UNIT_FAILURE 107
91
92#ifdef __cplusplus
93}
94#endif
95#endif
diff --git a/src/lib/libssl/src/doc/crypto/DH_set_method.pod b/src/lib/libssl/src/doc/crypto/DH_set_method.pod
index d990bf8786..73261fc467 100644
--- a/src/lib/libssl/src/doc/crypto/DH_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/DH_set_method.pod
@@ -2,7 +2,7 @@
2 2
3=head1 NAME 3=head1 NAME
4 4
5DH_set_default_openssl_method, DH_get_default_openssl_method, 5DH_set_default_method, DH_get_default_method,
6DH_set_method, DH_new_method, DH_OpenSSL - select DH method 6DH_set_method, DH_new_method, DH_OpenSSL - select DH method
7 7
8=head1 SYNOPSIS 8=head1 SYNOPSIS
@@ -10,45 +10,47 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
10 #include <openssl/dh.h> 10 #include <openssl/dh.h>
11 #include <openssl/engine.h> 11 #include <openssl/engine.h>
12 12
13 void DH_set_default_openssl_method(DH_METHOD *meth); 13 void DH_set_default_method(const DH_METHOD *meth);
14 14
15 DH_METHOD *DH_get_default_openssl_method(void); 15 const DH_METHOD *DH_get_default_method(void);
16 16
17 int DH_set_method(DH *dh, ENGINE *engine); 17 int DH_set_method(DH *dh, const DH_METHOD *meth);
18 18
19 DH *DH_new_method(ENGINE *engine); 19 DH *DH_new_method(ENGINE *engine);
20 20
21 DH_METHOD *DH_OpenSSL(void); 21 const DH_METHOD *DH_OpenSSL(void);
22 22
23=head1 DESCRIPTION 23=head1 DESCRIPTION
24 24
25A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman 25A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
26operations. By modifying the method, alternative implementations 26operations. By modifying the method, alternative implementations
27such as hardware accelerators may be used. 27such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
28 28important information about how these DH API functions are affected by the use
29Initially, the default is to use the OpenSSL internal implementation. 29of B<ENGINE> API calls.
30DH_OpenSSL() returns a pointer to that method. 30
31 31Initially, the default DH_METHOD is the OpenSSL internal implementation, as
32DH_set_default_openssl_method() makes B<meth> the default method for all DH 32returned by DH_OpenSSL().
33structures created later. B<NB:> This is true only whilst the default engine 33
34for Diffie-Hellman operations remains as "openssl". ENGINEs provide an 34DH_set_default_method() makes B<meth> the default method for all DH
35encapsulation for implementations of one or more algorithms, and all the DH 35structures created later. B<NB>: This is true only whilst no ENGINE has been set
36functions mentioned here operate within the scope of the default 36as a default for DH, so this function is no longer recommended.
37"openssl" engine. 37
38 38DH_get_default_method() returns a pointer to the current default DH_METHOD.
39DH_get_default_openssl_method() returns a pointer to the current default 39However, the meaningfulness of this result is dependant on whether the ENGINE
40method for the "openssl" engine. 40API is being used, so this function is no longer recommended.
41 41
42DH_set_method() selects B<engine> as the engine that will be responsible for 42DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
43all operations using the structure B<dh>. If this function completes successfully, 43This will replace the DH_METHOD used by the DH key and if the previous method
44then the B<dh> structure will have its own functional reference of B<engine>, so 44was supplied by an ENGINE, the handle to that ENGINE will be released during the
45the caller should remember to free their own reference to B<engine> when they are 45change. It is possible to have DH keys that only work with certain DH_METHOD
46finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by 46implementations (eg. from an ENGINE module that supports embedded
47ENGINE_get_DH() or ENGINE_set_DH(). 47hardware-protected keys), and in such cases attempting to change the DH_METHOD
48 48for the key can have unexpected results.
49DH_new_method() allocates and initializes a DH structure so that 49
50B<engine> will be used for the DH operations. If B<engine> is NULL, 50DH_new_method() allocates and initializes a DH structure so that B<engine> will
51the default engine for Diffie-Hellman opertaions is used. 51be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
52operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
53DH_set_default_method() is used.
52 54
53=head1 THE DH_METHOD STRUCTURE 55=head1 THE DH_METHOD STRUCTURE
54 56
@@ -82,17 +84,28 @@ the default engine for Diffie-Hellman opertaions is used.
82 84
83=head1 RETURN VALUES 85=head1 RETURN VALUES
84 86
85DH_OpenSSL() and DH_get_default_openssl_method() return pointers to the 87DH_OpenSSL() and DH_get_default_method() return pointers to the respective
86respective B<DH_METHOD>s. 88B<DH_METHOD>s.
89
90DH_set_default_method() returns no value.
91
92DH_set_method() returns non-zero if the provided B<meth> was successfully set as
93the method for B<dh> (including unloading the ENGINE handle if the previous
94method was supplied by an ENGINE).
87 95
88DH_set_default_openssl_method() returns no value. 96DH_new_method() returns NULL and sets an error code that can be obtained by
97L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
98returns a pointer to the newly allocated structure.
89 99
90DH_set_method() returns non-zero if the ENGINE associated with B<dh> 100=head1 NOTES
91was successfully changed to B<engine>.
92 101
93DH_new_method() returns NULL and sets an error code that can be 102As of version 0.9.7, DH_METHOD implementations are grouped together with other
94obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. 103algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
95Otherwise it returns a pointer to the newly allocated structure. 104default ENGINE is specified for DH functionality using an ENGINE API function,
105that will override any DH defaults set using the DH API (ie.
106DH_set_default_method()). For this reason, the ENGINE API is the recommended way
107to control default implementations for use in DH and other cryptographic
108algorithms.
96 109
97=head1 SEE ALSO 110=head1 SEE ALSO
98 111
@@ -103,9 +116,14 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
103DH_set_default_method(), DH_get_default_method(), DH_set_method(), 116DH_set_default_method(), DH_get_default_method(), DH_set_method(),
104DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4. 117DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
105 118
106DH_set_default_openssl_method() and DH_get_default_openssl_method() 119DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced
107replaced DH_set_default_method() and DH_get_default_method() respectively, 120DH_set_default_method() and DH_get_default_method() respectively, and
108and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s 121DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than
109rather than B<DH_METHOD>s during development of OpenSSL 0.9.6. 122B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
1230.9.7, the handling of defaults in the ENGINE API was restructured so that this
124change was reversed, and behaviour of the other functions resembled more closely
125the previous behaviour. The behaviour of defaults in the ENGINE API now
126transparently overrides the behaviour of defaults in the DH API without
127requiring changing these function prototypes.
110 128
111=cut 129=cut
diff --git a/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod b/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod
index 29cb1075d1..fdfe125ab0 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod
@@ -8,7 +8,7 @@ DSA_dup_DH - create a DH structure out of DSA structure
8 8
9 #include <openssl/dsa.h> 9 #include <openssl/dsa.h>
10 10
11 DH * DSA_dup_DH(DSA *r); 11 DH * DSA_dup_DH(const DSA *r);
12 12
13=head1 DESCRIPTION 13=head1 DESCRIPTION
14 14
diff --git a/src/lib/libssl/src/doc/crypto/DSA_new.pod b/src/lib/libssl/src/doc/crypto/DSA_new.pod
index 7dde54445b..546146d9de 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_new.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_new.pod
@@ -14,7 +14,8 @@ DSA_new, DSA_free - allocate and free DSA objects
14 14
15=head1 DESCRIPTION 15=head1 DESCRIPTION
16 16
17DSA_new() allocates and initializes a B<DSA> structure. 17DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
18calling DSA_new_method(NULL).
18 19
19DSA_free() frees the B<DSA> structure and its components. The values are 20DSA_free() frees the B<DSA> structure and its components. The values are
20erased before the memory is returned to the system. 21erased before the memory is returned to the system.
diff --git a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
index 36a1052d27..bc3cfb1f0a 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
@@ -2,7 +2,7 @@
2 2
3=head1 NAME 3=head1 NAME
4 4
5DSA_set_default_openssl_method, DSA_get_default_openssl_method, 5DSA_set_default_method, DSA_get_default_method,
6DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method 6DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
7 7
8=head1 SYNOPSIS 8=head1 SYNOPSIS
@@ -10,11 +10,11 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
10 #include <openssl/dsa.h> 10 #include <openssl/dsa.h>
11 #include <openssl/engine.h> 11 #include <openssl/engine.h>
12 12
13 void DSA_set_default_openssl_method(DSA_METHOD *meth); 13 void DSA_set_default_method(const DSA_METHOD *meth);
14 14
15 DSA_METHOD *DSA_get_default_openssl_method(void); 15 const DSA_METHOD *DSA_get_default_method(void);
16 16
17 int DSA_set_method(DSA *dsa, ENGINE *engine); 17 int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
18 18
19 DSA *DSA_new_method(ENGINE *engine); 19 DSA *DSA_new_method(ENGINE *engine);
20 20
@@ -24,26 +24,35 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
24 24
25A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA 25A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
26operations. By modifying the method, alternative implementations 26operations. By modifying the method, alternative implementations
27such as hardware accelerators may be used. 27such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
28 28important information about how these DSA API functions are affected by the use
29Initially, the default is to use the OpenSSL internal implementation. 29of B<ENGINE> API calls.
30DSA_OpenSSL() returns a pointer to that method. 30
31 31Initially, the default DSA_METHOD is the OpenSSL internal implementation,
32DSA_set_default_openssl_method() makes B<meth> the default method for 32as returned by DSA_OpenSSL().
33all DSA structures created later. B<NB:> This is true only whilst the 33
34default engine for DSA operations remains as "openssl". ENGINEs 34DSA_set_default_method() makes B<meth> the default method for all DSA
35provide an encapsulation for implementations of one or more algorithms at a 35structures created later. B<NB>: This is true only whilst no ENGINE has
36time, and all the DSA functions mentioned here operate within the scope 36been set as a default for DSA, so this function is no longer recommended.
37of the default "openssl" engine. 37
38 38DSA_get_default_method() returns a pointer to the current default
39DSA_get_default_openssl_method() returns a pointer to the current default 39DSA_METHOD. However, the meaningfulness of this result is dependant on
40method for the "openssl" engine. 40whether the ENGINE API is being used, so this function is no longer
41 41recommended.
42DSA_set_method() selects B<engine> for all operations using the structure B<dsa>. 42
43 43DSA_set_method() selects B<meth> to perform all operations using the key
44DSA_new_method() allocates and initializes a DSA structure so that 44B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
45B<engine> will be used for the DSA operations. If B<engine> is NULL, 45previous method was supplied by an ENGINE, the handle to that ENGINE will
46the default engine for DSA operations is used. 46be released during the change. It is possible to have DSA keys that only
47work with certain DSA_METHOD implementations (eg. from an ENGINE module
48that supports embedded hardware-protected keys), and in such cases
49attempting to change the DSA_METHOD for the key can have unexpected
50results.
51
52DSA_new_method() allocates and initializes a DSA structure so that B<engine>
53will be used for the DSA operations. If B<engine> is NULL, the default engine
54for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
55controlled by DSA_set_default_method() is used.
47 56
48=head1 THE DSA_METHOD STRUCTURE 57=head1 THE DSA_METHOD STRUCTURE
49 58
@@ -89,18 +98,29 @@ struct
89 98
90=head1 RETURN VALUES 99=head1 RETURN VALUES
91 100
92DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the 101DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
93respective B<DSA_METHOD>s. 102B<DSA_METHOD>s.
94 103
95DSA_set_default_openssl_method() returns no value. 104DSA_set_default_method() returns no value.
96 105
97DSA_set_method() returns non-zero if the ENGINE associated with B<dsa> 106DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
98was successfully changed to B<engine>. 107the method for B<dsa> (including unloading the ENGINE handle if the previous
108method was supplied by an ENGINE).
99 109
100DSA_new_method() returns NULL and sets an error code that can be 110DSA_new_method() returns NULL and sets an error code that can be
101obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation 111obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
102fails. Otherwise it returns a pointer to the newly allocated structure. 112fails. Otherwise it returns a pointer to the newly allocated structure.
103 113
114=head1 NOTES
115
116As of version 0.9.7, DSA_METHOD implementations are grouped together with other
117algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
118default ENGINE is specified for DSA functionality using an ENGINE API function,
119that will override any DSA defaults set using the DSA API (ie.
120DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
121to control default implementations for use in DSA and other cryptographic
122algorithms.
123
104=head1 SEE ALSO 124=head1 SEE ALSO
105 125
106L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)> 126L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
@@ -110,9 +130,14 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
110DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), 130DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
111DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4. 131DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
112 132
113DSA_set_default_openssl_method() and DSA_get_default_openssl_method() 133DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
114replaced DSA_set_default_method() and DSA_get_default_method() respectively, 134DSA_set_default_method() and DSA_get_default_method() respectively, and
115and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s 135DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
116rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6. 136B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
1370.9.7, the handling of defaults in the ENGINE API was restructured so that this
138change was reversed, and behaviour of the other functions resembled more closely
139the previous behaviour. The behaviour of defaults in the ENGINE API now
140transparently overrides the behaviour of defaults in the DSA API without
141requiring changing these function prototypes.
117 142
118=cut 143=cut
diff --git a/src/lib/libssl/src/doc/crypto/DSA_size.pod b/src/lib/libssl/src/doc/crypto/DSA_size.pod
index 23b6320a4d..ba4f650361 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_size.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_size.pod
@@ -8,7 +8,7 @@ DSA_size - get DSA signature size
8 8
9 #include <openssl/dsa.h> 9 #include <openssl/dsa.h>
10 10
11 int DSA_size(DSA *dsa); 11 int DSA_size(const DSA *dsa);
12 12
13=head1 DESCRIPTION 13=head1 DESCRIPTION
14 14
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
index 0451eb648a..25ef07f7c7 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
@@ -73,4 +73,6 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>
73 73
74=head1 HISTORY 74=head1 HISTORY
75 75
76EVP_SealFinal() did not return a value before OpenSSL 0.9.7.
77
76=cut 78=cut
diff --git a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
index 464eba416d..c9bb6d9f27 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
@@ -8,22 +8,30 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
8 8
9 #include <openssl/rand.h> 9 #include <openssl/rand.h>
10 10
11 void RAND_set_rand_method(RAND_METHOD *meth); 11 void RAND_set_rand_method(const RAND_METHOD *meth);
12 12
13 RAND_METHOD *RAND_get_rand_method(void); 13 const RAND_METHOD *RAND_get_rand_method(void);
14 14
15 RAND_METHOD *RAND_SSLeay(void); 15 RAND_METHOD *RAND_SSLeay(void);
16 16
17=head1 DESCRIPTION 17=head1 DESCRIPTION
18 18
19A B<RAND_METHOD> specifies the functions that OpenSSL uses for random 19A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
20number generation. By modifying the method, alternative 20generation. By modifying the method, alternative implementations such as
21implementations such as hardware RNGs may be used. Initially, the 21hardware RNGs may be used. IMPORTANT: See the NOTES section for important
22default is to use the OpenSSL internal implementation. RAND_SSLeay() 22information about how these RAND API functions are affected by the use of
23returns a pointer to that method. 23B<ENGINE> API calls.
24 24
25RAND_set_rand_method() sets the RAND method to B<meth>. 25Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
26RAND_get_rand_method() returns a pointer to the current method. 26returned by RAND_SSLeay().
27
28RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
29true only whilst no ENGINE has been set as a default for RAND, so this function
30is no longer recommended.
31
32RAND_get_default_method() returns a pointer to the current RAND_METHOD.
33However, the meaningfulness of this result is dependant on whether the ENGINE
34API is being used, so this function is no longer recommended.
27 35
28=head1 THE RAND_METHOD STRUCTURE 36=head1 THE RAND_METHOD STRUCTURE
29 37
@@ -47,13 +55,29 @@ Each component may be NULL if the function is not implemented.
47RAND_set_rand_method() returns no value. RAND_get_rand_method() and 55RAND_set_rand_method() returns no value. RAND_get_rand_method() and
48RAND_SSLeay() return pointers to the respective methods. 56RAND_SSLeay() return pointers to the respective methods.
49 57
58=head1 NOTES
59
60As of version 0.9.7, RAND_METHOD implementations are grouped together with other
61algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
62default ENGINE is specified for RAND functionality using an ENGINE API function,
63that will override any RAND defaults set using the RAND API (ie.
64RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
65to control default implementations for use in RAND and other cryptographic
66algorithms.
67
50=head1 SEE ALSO 68=head1 SEE ALSO
51 69
52L<rand(3)|rand(3)> 70L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
53 71
54=head1 HISTORY 72=head1 HISTORY
55 73
56RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are 74RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
57available in all versions of OpenSSL. 75available in all versions of OpenSSL.
58 76
77In the engine version of version 0.9.6, RAND_set_rand_method() was altered to
78take an ENGINE pointer as its argument. As of version 0.9.7, that has been
79reverted as the ENGINE API transparently overrides RAND defaults if used,
80otherwise RAND API functions work as before. RAND_set_rand_engine() was also
81introduced in version 0.9.7.
82
59=cut 83=cut
diff --git a/src/lib/libssl/src/doc/crypto/RSA_new.pod b/src/lib/libssl/src/doc/crypto/RSA_new.pod
index f16490ea6a..f0d996c40f 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_new.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_new.pod
@@ -14,7 +14,8 @@ RSA_new, RSA_free - allocate and free RSA objects
14 14
15=head1 DESCRIPTION 15=head1 DESCRIPTION
16 16
17RSA_new() allocates and initializes an B<RSA> structure. 17RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
18calling RSA_new_method(NULL).
18 19
19RSA_free() frees the B<RSA> structure and its components. The key is 20RSA_free() frees the B<RSA> structure and its components. The key is
20erased before the memory is returned to the system. 21erased before the memory is returned to the system.
@@ -29,7 +30,8 @@ RSA_free() returns no value.
29 30
30=head1 SEE ALSO 31=head1 SEE ALSO
31 32
32L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_generate_key(3)|RSA_generate_key(3)> 33L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_generate_key(3)|RSA_generate_key(3)>,
34L<RSA_new_method(3)|RSA_new_method(3)>
33 35
34=head1 HISTORY 36=head1 HISTORY
35 37
diff --git a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
index 14917dd35f..0687c2242a 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
@@ -11,52 +11,64 @@ RSA_null_method, RSA_flags, RSA_new_method - select RSA method
11 #include <openssl/rsa.h> 11 #include <openssl/rsa.h>
12 #include <openssl/engine.h> 12 #include <openssl/engine.h>
13 13
14 void RSA_set_default_openssl_method(RSA_METHOD *meth); 14 void RSA_set_default_method(const RSA_METHOD *meth);
15 15
16 RSA_METHOD *RSA_get_default_openssl_method(void); 16 RSA_METHOD *RSA_get_default_method(void);
17 17
18 int RSA_set_method(RSA *rsa, ENGINE *engine); 18 int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
19 19
20 RSA_METHOD *RSA_get_method(RSA *rsa); 20 RSA_METHOD *RSA_get_method(const RSA *rsa);
21 21
22 RSA_METHOD *RSA_PKCS1_SSLeay(void); 22 RSA_METHOD *RSA_PKCS1_SSLeay(void);
23 23
24 RSA_METHOD *RSA_null_method(void); 24 RSA_METHOD *RSA_null_method(void);
25 25
26 int RSA_flags(RSA *rsa); 26 int RSA_flags(const RSA *rsa);
27 27
28 RSA *RSA_new_method(ENGINE *engine); 28 RSA *RSA_new_method(ENGINE *engine);
29 29
30=head1 DESCRIPTION 30=head1 DESCRIPTION
31 31
32An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA 32An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
33operations. By modifying the method, alternative implementations 33operations. By modifying the method, alternative implementations such as
34such as hardware accelerators may be used. 34hardware accelerators may be used. IMPORTANT: See the NOTES section for
35 35important information about how these RSA API functions are affected by the
36Initially, the default is to use the OpenSSL internal implementation. 36use of B<ENGINE> API calls.
37RSA_PKCS1_SSLeay() returns a pointer to that method. 37
38 38Initially, the default RSA_METHOD is the OpenSSL internal implementation,
39RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA> 39as returned by RSA_PKCS1_SSLeay().
40structures created later. B<NB:> This is true only whilst the default engine 40
41for RSA operations remains as "openssl". ENGINEs provide an 41RSA_set_default_method() makes B<meth> the default method for all RSA
42encapsulation for implementations of one or more algorithms at a time, and all 42structures created later. B<NB>: This is true only whilst no ENGINE has
43the RSA functions mentioned here operate within the scope of the default 43been set as a default for RSA, so this function is no longer recommended.
44"openssl" engine. 44
45 45RSA_get_default_method() returns a pointer to the current default
46RSA_get_default_openssl_method() returns a pointer to the current default 46RSA_METHOD. However, the meaningfulness of this result is dependant on
47method for the "openssl" engine. 47whether the ENGINE API is being used, so this function is no longer
48 48recommended.
49RSA_set_method() selects B<engine> for all operations using the key 49
50B<rsa>. 50RSA_set_method() selects B<meth> to perform all operations using the key
51 51B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
52RSA_get_method() returns a pointer to the RSA_METHOD from the currently 52previous method was supplied by an ENGINE, the handle to that ENGINE will
53selected ENGINE for B<rsa>. 53be released during the change. It is possible to have RSA keys that only
54 54work with certain RSA_METHOD implementations (eg. from an ENGINE module
55RSA_flags() returns the B<flags> that are set for B<rsa>'s current method. 55that supports embedded hardware-protected keys), and in such cases
56attempting to change the RSA_METHOD for the key can have unexpected
57results.
58
59RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
60This method may or may not be supplied by an ENGINE implementation, but if
61it is, the return value can only be guaranteed to be valid as long as the
62RSA key itself is valid and does not have its implementation changed by
63RSA_set_method().
64
65RSA_flags() returns the B<flags> that are set for B<rsa>'s current
66RSA_METHOD. See the BUGS section.
56 67
57RSA_new_method() allocates and initializes an RSA structure so that 68RSA_new_method() allocates and initializes an RSA structure so that
58B<engine> will be used for the RSA operations. If B<engine> is NULL, 69B<engine> will be used for the RSA operations. If B<engine> is NULL, the
59the default engine for RSA operations is used. 70default ENGINE for RSA operations is used, and if no default ENGINE is set,
71the RSA_METHOD controlled by RSA_set_default_method() is used.
60 72
61=head1 THE RSA_METHOD STRUCTURE 73=head1 THE RSA_METHOD STRUCTURE
62 74
@@ -121,22 +133,45 @@ the default engine for RSA operations is used.
121 133
122=head1 RETURN VALUES 134=head1 RETURN VALUES
123 135
124RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_openssl_method() 136RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method()
125and RSA_get_method() return pointers to the respective RSA_METHODs. 137and RSA_get_method() return pointers to the respective RSA_METHODs.
126 138
127RSA_set_default_openssl_method() returns no value. 139RSA_set_default_method() returns no value.
128 140
129RSA_set_method() selects B<engine> as the engine that will be responsible for 141RSA_set_method() returns a pointer to the old RSA_METHOD implementation
130all operations using the structure B<rsa>. If this function completes successfully, 142that was replaced. However, this return value should probably be ignored
131then the B<rsa> structure will have its own functional reference of B<engine>, so 143because if it was supplied by an ENGINE, the pointer could be invalidated
132the caller should remember to free their own reference to B<engine> when they are 144at any time if the ENGINE is unloaded (in fact it could be unloaded as a
133finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by 145result of the RSA_set_method() function releasing its handle to the
134ENGINE_get_RSA() or ENGINE_set_RSA(). 146ENGINE). For this reason, the return type may be replaced with a B<void>
147declaration in a future release.
135 148
136RSA_new_method() returns NULL and sets an error code that can be 149RSA_new_method() returns NULL and sets an error code that can be obtained
137obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise 150by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
138it returns a pointer to the newly allocated structure. 151it returns a pointer to the newly allocated structure.
139 152
153=head1 NOTES
154
155As of version 0.9.7, RSA_METHOD implementations are grouped together with
156other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE>
157modules. If a default ENGINE is specified for RSA functionality using an
158ENGINE API function, that will override any RSA defaults set using the RSA
159API (ie. RSA_set_default_method()). For this reason, the ENGINE API is the
160recommended way to control default implementations for use in RSA and other
161cryptographic algorithms.
162
163=head1 BUGS
164
165The behaviour of RSA_flags() is a mis-feature that is left as-is for now
166to avoid creating compatibility problems. RSA functionality, such as the
167encryption functions, are controlled by the B<flags> value in the RSA key
168itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
169(which is what this function returns). If the flags element of an RSA key
170is changed, the changes will be honoured by RSA functionality but will not
171be reflected in the return value of the RSA_flags() function - in effect
172RSA_flags() behaves more like an RSA_default_flags() function (which does
173not currently exist).
174
140=head1 SEE ALSO 175=head1 SEE ALSO
141 176
142L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)> 177L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
@@ -149,8 +184,14 @@ well as the rsa_sign and rsa_verify components of RSA_METHOD were
149added in OpenSSL 0.9.4. 184added in OpenSSL 0.9.4.
150 185
151RSA_set_default_openssl_method() and RSA_get_default_openssl_method() 186RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
152replaced RSA_set_default_method() and RSA_get_default_method() respectively, 187replaced RSA_set_default_method() and RSA_get_default_method()
153and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s 188respectively, and RSA_set_method() and RSA_new_method() were altered to use
154rather than B<RSA_METHOD>s during development of OpenSSL 0.9.6. 189B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine
190version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE
191API was restructured so that this change was reversed, and behaviour of the
192other functions resembled more closely the previous behaviour. The
193behaviour of defaults in the ENGINE API now transparently overrides the
194behaviour of defaults in the RSA API without requiring changing these
195function prototypes.
155 196
156=cut 197=cut
diff --git a/src/lib/libssl/src/doc/crypto/RSA_size.pod b/src/lib/libssl/src/doc/crypto/RSA_size.pod
index b36b4d58d5..5b7f835f95 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_size.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_size.pod
@@ -8,7 +8,7 @@ RSA_size - get RSA modulus size
8 8
9 #include <openssl/rsa.h> 9 #include <openssl/rsa.h>
10 10
11 int RSA_size(RSA *rsa); 11 int RSA_size(const RSA *rsa);
12 12
13=head1 DESCRIPTION 13=head1 DESCRIPTION
14 14
diff --git a/src/lib/libssl/src/doc/crypto/dh.pod b/src/lib/libssl/src/doc/crypto/dh.pod
index b4be4be405..c3ccd06207 100644
--- a/src/lib/libssl/src/doc/crypto/dh.pod
+++ b/src/lib/libssl/src/doc/crypto/dh.pod
@@ -12,20 +12,20 @@ dh - Diffie-Hellman key agreement
12 DH * DH_new(void); 12 DH * DH_new(void);
13 void DH_free(DH *dh); 13 void DH_free(DH *dh);
14 14
15 int DH_size(DH *dh); 15 int DH_size(const DH *dh);
16 16
17 DH * DH_generate_parameters(int prime_len, int generator, 17 DH * DH_generate_parameters(int prime_len, int generator,
18 void (*callback)(int, int, void *), void *cb_arg); 18 void (*callback)(int, int, void *), void *cb_arg);
19 int DH_check(DH *dh, int *codes); 19 int DH_check(const DH *dh, int *codes);
20 20
21 int DH_generate_key(DH *dh); 21 int DH_generate_key(DH *dh);
22 int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); 22 int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
23 23
24 void DH_set_default_openssl_method(DH_METHOD *meth); 24 void DH_set_default_method(const DH_METHOD *meth);
25 DH_METHOD *DH_get_default_openssl_method(void); 25 const DH_METHOD *DH_get_default_method(void);
26 int DH_set_method(DH *dh, ENGINE *engine); 26 int DH_set_method(DH *dh, const DH_METHOD *meth);
27 DH *DH_new_method(ENGINE *engine); 27 DH *DH_new_method(ENGINE *engine);
28 DH_METHOD *DH_OpenSSL(void); 28 const DH_METHOD *DH_OpenSSL(void);
29 29
30 int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), 30 int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
31 int (*dup_func)(), void (*free_func)()); 31 int (*dup_func)(), void (*free_func)());
@@ -33,10 +33,10 @@ dh - Diffie-Hellman key agreement
33 char *DH_get_ex_data(DH *d, int idx); 33 char *DH_get_ex_data(DH *d, int idx);
34 34
35 DH * d2i_DHparams(DH **a, unsigned char **pp, long length); 35 DH * d2i_DHparams(DH **a, unsigned char **pp, long length);
36 int i2d_DHparams(DH *a, unsigned char **pp); 36 int i2d_DHparams(const DH *a, unsigned char **pp);
37 37
38 int DHparams_print_fp(FILE *fp, DH *x); 38 int DHparams_print_fp(FILE *fp, const DH *x);
39 int DHparams_print(BIO *bp, DH *x); 39 int DHparams_print(BIO *bp, const DH *x);
40 40
41=head1 DESCRIPTION 41=head1 DESCRIPTION
42 42
@@ -57,11 +57,20 @@ The B<DH> structure consists of several BIGNUM components.
57 }; 57 };
58 DH 58 DH
59 59
60Note that DH keys may use non-standard B<DH_METHOD> implementations,
61either directly or by the use of B<ENGINE> modules. In some cases (eg. an
62ENGINE providing support for hardware-embedded keys), these BIGNUM values
63will not be used by the implementation or may be used for alternative data
64storage. For this reason, applications should generally avoid using DH
65structure elements directly and instead use API functions to query or
66modify keys.
67
60=head1 SEE ALSO 68=head1 SEE ALSO
61 69
62L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, 70L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
63L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<DH_set_method(3)|DH_set_method(3)>, 71L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
64L<DH_new(3)|DH_new(3)>, L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>, 72L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
73L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
65L<DH_generate_parameters(3)|DH_generate_parameters(3)>, 74L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
66L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>, 75L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
67L<RSA_print(3)|RSA_print(3)> 76L<RSA_print(3)|RSA_print(3)>
diff --git a/src/lib/libssl/src/doc/crypto/dsa.pod b/src/lib/libssl/src/doc/crypto/dsa.pod
index 82d7fb77cd..da07d2b930 100644
--- a/src/lib/libssl/src/doc/crypto/dsa.pod
+++ b/src/lib/libssl/src/doc/crypto/dsa.pod
@@ -12,13 +12,13 @@ dsa - Digital Signature Algorithm
12 DSA * DSA_new(void); 12 DSA * DSA_new(void);
13 void DSA_free(DSA *dsa); 13 void DSA_free(DSA *dsa);
14 14
15 int DSA_size(DSA *dsa); 15 int DSA_size(const DSA *dsa);
16 16
17 DSA * DSA_generate_parameters(int bits, unsigned char *seed, 17 DSA * DSA_generate_parameters(int bits, unsigned char *seed,
18 int seed_len, int *counter_ret, unsigned long *h_ret, 18 int seed_len, int *counter_ret, unsigned long *h_ret,
19 void (*callback)(int, int, void *), void *cb_arg); 19 void (*callback)(int, int, void *), void *cb_arg);
20 20
21 DH * DSA_dup_DH(DSA *r); 21 DH * DSA_dup_DH(const DSA *r);
22 22
23 int DSA_generate_key(DSA *dsa); 23 int DSA_generate_key(DSA *dsa);
24 24
@@ -27,13 +27,13 @@ dsa - Digital Signature Algorithm
27 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, 27 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
28 BIGNUM **rp); 28 BIGNUM **rp);
29 int DSA_verify(int dummy, const unsigned char *dgst, int len, 29 int DSA_verify(int dummy, const unsigned char *dgst, int len,
30 unsigned char *sigbuf, int siglen, DSA *dsa); 30 const unsigned char *sigbuf, int siglen, DSA *dsa);
31 31
32 void DSA_set_default_openssl_method(DSA_METHOD *meth); 32 void DSA_set_default_method(const DSA_METHOD *meth);
33 DSA_METHOD *DSA_get_default_openssl_method(void); 33 const DSA_METHOD *DSA_get_default_method(void);
34 int DSA_set_method(DSA *dsa, ENGINE *engine); 34 int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
35 DSA *DSA_new_method(ENGINE *engine); 35 DSA *DSA_new_method(ENGINE *engine);
36 DSA_METHOD *DSA_OpenSSL(void); 36 const DSA_METHOD *DSA_OpenSSL(void);
37 37
38 int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), 38 int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
39 int (*dup_func)(), void (*free_func)()); 39 int (*dup_func)(), void (*free_func)());
@@ -42,7 +42,7 @@ dsa - Digital Signature Algorithm
42 42
43 DSA_SIG *DSA_SIG_new(void); 43 DSA_SIG *DSA_SIG_new(void);
44 void DSA_SIG_free(DSA_SIG *a); 44 void DSA_SIG_free(DSA_SIG *a);
45 int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp); 45 int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
46 DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); 46 DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
47 47
48 DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 48 DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
@@ -52,14 +52,14 @@ dsa - Digital Signature Algorithm
52 DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); 52 DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
53 DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); 53 DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
54 DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); 54 DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
55 int i2d_DSAPublicKey(DSA *a, unsigned char **pp); 55 int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
56 int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); 56 int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
57 int i2d_DSAparams(DSA *a,unsigned char **pp); 57 int i2d_DSAparams(const DSA *a,unsigned char **pp);
58 58
59 int DSAparams_print(BIO *bp, DSA *x); 59 int DSAparams_print(BIO *bp, const DSA *x);
60 int DSAparams_print_fp(FILE *fp, DSA *x); 60 int DSAparams_print_fp(FILE *fp, const DSA *x);
61 int DSA_print(BIO *bp, DSA *x, int off); 61 int DSA_print(BIO *bp, const DSA *x, int off);
62 int DSA_print_fp(FILE *bp, DSA *x, int off); 62 int DSA_print_fp(FILE *bp, const DSA *x, int off);
63 63
64=head1 DESCRIPTION 64=head1 DESCRIPTION
65 65
@@ -85,6 +85,14 @@ The B<DSA> structure consists of several BIGNUM components.
85 85
86In public keys, B<priv_key> is NULL. 86In public keys, B<priv_key> is NULL.
87 87
88Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
89either directly or by the use of B<ENGINE> modules. In some cases (eg. an
90ENGINE providing support for hardware-embedded keys), these BIGNUM values
91will not be used by the implementation or may be used for alternative data
92storage. For this reason, applications should generally avoid using DSA
93structure elements directly and instead use API functions to query or
94modify keys.
95
88=head1 CONFORMING TO 96=head1 CONFORMING TO
89 97
90US Federal Information Processing Standard FIPS 186 (Digital Signature 98US Federal Information Processing Standard FIPS 186 (Digital Signature
@@ -93,7 +101,8 @@ Standard, DSS), ANSI X9.30
93=head1 SEE ALSO 101=head1 SEE ALSO
94 102
95L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, 103L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
96L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<DSA_new(3)|DSA_new(3)>, 104L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
105L<DSA_new(3)|DSA_new(3)>,
97L<DSA_size(3)|DSA_size(3)>, 106L<DSA_size(3)|DSA_size(3)>,
98L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>, 107L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
99L<DSA_dup_DH(3)|DSA_dup_DH(3)>, 108L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
diff --git a/src/lib/libssl/src/doc/crypto/engine.pod b/src/lib/libssl/src/doc/crypto/engine.pod
new file mode 100644
index 0000000000..61e0264bb7
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/engine.pod
@@ -0,0 +1,621 @@
1=pod
2
3=head1 NAME
4
5engine - ENGINE cryptographic module support
6
7=head1 SYNOPSIS
8
9 #include <openssl/engine.h>
10
11 ENGINE *ENGINE_get_first(void);
12 ENGINE *ENGINE_get_last(void);
13 ENGINE *ENGINE_get_next(ENGINE *e);
14 ENGINE *ENGINE_get_prev(ENGINE *e);
15
16 int ENGINE_add(ENGINE *e);
17 int ENGINE_remove(ENGINE *e);
18
19 ENGINE *ENGINE_by_id(const char *id);
20
21 int ENGINE_init(ENGINE *e);
22 int ENGINE_finish(ENGINE *e);
23
24 void ENGINE_load_openssl(void);
25 void ENGINE_load_dynamic(void);
26 void ENGINE_load_cswift(void);
27 void ENGINE_load_chil(void);
28 void ENGINE_load_atalla(void);
29 void ENGINE_load_nuron(void);
30 void ENGINE_load_ubsec(void);
31 void ENGINE_load_aep(void);
32 void ENGINE_load_sureware(void);
33 void ENGINE_load_4758cca(void);
34 void ENGINE_load_openbsd_dev_crypto(void);
35 void ENGINE_load_builtin_engines(void);
36
37 void ENGINE_cleanup(void);
38
39 ENGINE *ENGINE_get_default_RSA(void);
40 ENGINE *ENGINE_get_default_DSA(void);
41 ENGINE *ENGINE_get_default_DH(void);
42 ENGINE *ENGINE_get_default_RAND(void);
43 ENGINE *ENGINE_get_cipher_engine(int nid);
44 ENGINE *ENGINE_get_digest_engine(int nid);
45
46 int ENGINE_set_default_RSA(ENGINE *e);
47 int ENGINE_set_default_DSA(ENGINE *e);
48 int ENGINE_set_default_DH(ENGINE *e);
49 int ENGINE_set_default_RAND(ENGINE *e);
50 int ENGINE_set_default_ciphers(ENGINE *e);
51 int ENGINE_set_default_digests(ENGINE *e);
52 int ENGINE_set_default_string(ENGINE *e, const char *list);
53
54 int ENGINE_set_default(ENGINE *e, unsigned int flags);
55
56 unsigned int ENGINE_get_table_flags(void);
57 void ENGINE_set_table_flags(unsigned int flags);
58
59 int ENGINE_register_RSA(ENGINE *e);
60 void ENGINE_unregister_RSA(ENGINE *e);
61 void ENGINE_register_all_RSA(void);
62 int ENGINE_register_DSA(ENGINE *e);
63 void ENGINE_unregister_DSA(ENGINE *e);
64 void ENGINE_register_all_DSA(void);
65 int ENGINE_register_DH(ENGINE *e);
66 void ENGINE_unregister_DH(ENGINE *e);
67 void ENGINE_register_all_DH(void);
68 int ENGINE_register_RAND(ENGINE *e);
69 void ENGINE_unregister_RAND(ENGINE *e);
70 void ENGINE_register_all_RAND(void);
71 int ENGINE_register_ciphers(ENGINE *e);
72 void ENGINE_unregister_ciphers(ENGINE *e);
73 void ENGINE_register_all_ciphers(void);
74 int ENGINE_register_digests(ENGINE *e);
75 void ENGINE_unregister_digests(ENGINE *e);
76 void ENGINE_register_all_digests(void);
77 int ENGINE_register_complete(ENGINE *e);
78 int ENGINE_register_all_complete(void);
79
80 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
81 int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
82 int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
83 long i, void *p, void (*f)(), int cmd_optional);
84 int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
85 int cmd_optional);
86
87 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
88 void *ENGINE_get_ex_data(const ENGINE *e, int idx);
89
90 int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
91 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
92
93 ENGINE *ENGINE_new(void);
94 int ENGINE_free(ENGINE *e);
95
96 int ENGINE_set_id(ENGINE *e, const char *id);
97 int ENGINE_set_name(ENGINE *e, const char *name);
98 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
99 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
100 int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
101 int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
102 int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
103 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
104 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
105 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
106 int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
107 int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
108 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
109 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
110 int ENGINE_set_flags(ENGINE *e, int flags);
111 int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
112
113 const char *ENGINE_get_id(const ENGINE *e);
114 const char *ENGINE_get_name(const ENGINE *e);
115 const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
116 const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
117 const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
118 const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
119 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
120 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
121 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
122 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
123 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
124 ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
125 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
126 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
127 const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
128 const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
129 int ENGINE_get_flags(const ENGINE *e);
130 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
131
132 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
133 UI_METHOD *ui_method, void *callback_data);
134 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
135 UI_METHOD *ui_method, void *callback_data);
136
137 void ENGINE_add_conf_module(void);
138
139=head1 DESCRIPTION
140
141These functions create, manipulate, and use cryptographic modules in the
142form of B<ENGINE> objects. These objects act as containers for
143implementations of cryptographic algorithms, and support a
144reference-counted mechanism to allow them to be dynamically loaded in and
145out of the running application.
146
147The cryptographic functionality that can be provided by an B<ENGINE>
148implementation includes the following abstractions;
149
150 RSA_METHOD - for providing alternative RSA implementations
151 DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND
152 EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
153 EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
154 key-loading - loading public and/or private EVP_PKEY keys
155
156=head2 Reference counting and handles
157
158Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
159treated as handles - ie. not only as pointers, but also as references to
160the underlying ENGINE object. Ie. you should obtain a new reference when
161making copies of an ENGINE pointer if the copies will be used (and
162released) independantly.
163
164ENGINE objects have two levels of reference-counting to match the way in
165which the objects are used. At the most basic level, each ENGINE pointer is
166inherently a B<structural> reference - you need a structural reference
167simply to refer to the pointer value at all, as this kind of reference is
168your guarantee that the structure can not be deallocated until you release
169your reference.
170
171However, a structural reference provides no guarantee that the ENGINE has
172been initiliased to be usable to perform any of its cryptographic
173implementations - and indeed it's quite possible that most ENGINEs will not
174initialised at all on standard setups, as ENGINEs are typically used to
175support specialised hardware. To use an ENGINE's functionality, you need a
176B<functional> reference. This kind of reference can be considered a
177specialised form of structural reference, because each functional reference
178implicitly contains a structural reference as well - however to avoid
179difficult-to-find programming bugs, it is recommended to treat the two
180kinds of reference independantly. If you have a functional reference to an
181ENGINE, you have a guarantee that the ENGINE has been initialised ready to
182perform cryptographic operations and will not be uninitialised or cleaned
183up until after you have released your reference.
184
185We will discuss the two kinds of reference separately, including how to
186tell which one you are dealing with at any given point in time (after all
187they are both simply (ENGINE *) pointers, the difference is in the way they
188are used).
189
190=head3 Structural references
191
192This basic type of reference is typically used for creating new ENGINEs
193dynamically, iterating across OpenSSL's internal linked-list of loaded
194ENGINEs, reading information about an ENGINE, etc. Essentially a structural
195reference is sufficient if you only need to query or manipulate the data of
196an ENGINE implementation rather than use its functionality.
197
198The ENGINE_new() function returns a structural reference to a new (empty)
199ENGINE object. Other than that, structural references come from return
200values to various ENGINE API functions such as; ENGINE_by_id(),
201ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next(),
202ENGINE_get_prev(). All structural references should be released by a
203corresponding to call to the ENGINE_free() function - the ENGINE object
204itself will only actually be cleaned up and deallocated when the last
205structural reference is released.
206
207It should also be noted that many ENGINE API function calls that accept a
208structural reference will internally obtain another reference - typically
209this happens whenever the supplied ENGINE will be needed by OpenSSL after
210the function has returned. Eg. the function to add a new ENGINE to
211OpenSSL's internal list is ENGINE_add() - if this function returns success,
212then OpenSSL will have stored a new structural reference internally so the
213caller is still responsible for freeing their own reference with
214ENGINE_free() when they are finished with it. In a similar way, some
215functions will automatically release the structural reference passed to it
216if part of the function's job is to do so. Eg. the ENGINE_get_next() and
217ENGINE_get_prev() functions are used for iterating across the internal
218ENGINE list - they will return a new structural reference to the next (or
219previous) ENGINE in the list or NULL if at the end (or beginning) of the
220list, but in either case the structural reference passed to the function is
221released on behalf of the caller.
222
223To clarify a particular function's handling of references, one should
224always consult that function's documentation "man" page, or failing that
225the openssl/engine.h header file includes some hints.
226
227=head3 Functional references
228
229As mentioned, functional references exist when the cryptographic
230functionality of an ENGINE is required to be available. A functional
231reference can be obtained in one of two ways; from an existing structural
232reference to the required ENGINE, or by asking OpenSSL for the default
233operational ENGINE for a given cryptographic purpose.
234
235To obtain a functional reference from an existing structural reference,
236call the ENGINE_init() function. This returns zero if the ENGINE was not
237already operational and couldn't be successfully initialised (eg. lack of
238system drivers, no special hardware attached, etc), otherwise it will
239return non-zero to indicate that the ENGINE is now operational and will
240have allocated a new B<functional> reference to the ENGINE. In this case,
241the supplied ENGINE pointer is, from the point of the view of the caller,
242both a structural reference and a functional reference - so if the caller
243intends to use it as a functional reference it should free the structural
244reference with ENGINE_free() first. If the caller wishes to use it only as
245a structural reference (eg. if the ENGINE_init() call was simply to test if
246the ENGINE seems available/online), then it should free the functional
247reference; all functional references are released by the ENGINE_finish()
248function.
249
250The second way to get a functional reference is by asking OpenSSL for a
251default implementation for a given task, eg. by ENGINE_get_default_RSA(),
252ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
253section, though they are not usually required by application programmers as
254they are used automatically when creating and using the relevant
255algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
256
257=head2 Default implementations
258
259For each supported abstraction, the ENGINE code maintains an internal table
260of state to control which implementations are available for a given
261abstraction and which should be used by default. These implementations are
262registered in the tables separated-out by an 'nid' index, because
263abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
264algorithms and modes - ENGINEs will support different numbers and
265combinations of these. In the case of other abstractions like RSA, DSA,
266etc, there is only one "algorithm" so all implementations implicitly
267register using the same 'nid' index. ENGINEs can be B<registered> into
268these tables to make themselves available for use automatically by the
269various abstractions, eg. RSA. For illustrative purposes, we continue with
270the RSA example, though all comments apply similarly to the other
271abstractions (they each get their own table and linkage to the
272corresponding section of openssl code).
273
274When a new RSA key is being created, ie. in RSA_new_method(), a
275"get_default" call will be made to the ENGINE subsystem to process the RSA
276state table and return a functional reference to an initialised ENGINE
277whose RSA_METHOD should be used. If no ENGINE should (or can) be used, it
278will return NULL and the RSA key will operate with a NULL ENGINE handle by
279using the conventional RSA implementation in OpenSSL (and will from then on
280behave the way it used to before the ENGINE API existed - for details see
281L<RSA_new_method(3)|RSA_new_method(3)>).
282
283Each state table has a flag to note whether it has processed this
284"get_default" query since the table was last modified, because to process
285this question it must iterate across all the registered ENGINEs in the
286table trying to initialise each of them in turn, in case one of them is
287operational. If it returns a functional reference to an ENGINE, it will
288also cache another reference to speed up processing future queries (without
289needing to iterate across the table). Likewise, it will cache a NULL
290response if no ENGINE was available so that future queries won't repeat the
291same iteration unless the state table changes. This behaviour can also be
292changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
293ENGINE_set_table_flags()), no attempted initialisations will take place,
294instead the only way for the state table to return a non-NULL ENGINE to the
295"get_default" query will be if one is expressly set in the table. Eg.
296ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
297that it also sets the state table's cached response for the "get_default"
298query.
299
300In the case of abstractions like EVP_CIPHER, where implementations are
301indexed by 'nid', these flags and cached-responses are distinct for each
302'nid' value.
303
304It is worth illustrating the difference between "registration" of ENGINEs
305into these per-algorithm state tables and using the alternative
306"set_default" functions. The latter handles both "registration" and also
307setting the cached "default" ENGINE in each relevant state table - so
308registered ENGINEs will only have a chance to be initialised for use as a
309default if a default ENGINE wasn't already set for the same state table.
310Eg. if ENGINE X supports cipher nids {A,B} and RSA, ENGINE Y supports
311ciphers {A} and DSA, and the following code is executed;
312
313 ENGINE_register_complete(X);
314 ENGINE_set_default(Y, ENGINE_METHOD_ALL);
315 e1 = ENGINE_get_default_RSA();
316 e2 = ENGINE_get_cipher_engine(A);
317 e3 = ENGINE_get_cipher_engine(B);
318 e4 = ENGINE_get_default_DSA();
319 e5 = ENGINE_get_cipher_engine(C);
320
321The results would be as follows;
322
323 assert(e1 == X);
324 assert(e2 == Y);
325 assert(e3 == X);
326 assert(e4 == Y);
327 assert(e5 == NULL);
328
329=head2 Application requirements
330
331This section will explain the basic things an application programmer should
332support to make the most useful elements of the ENGINE functionality
333available to the user. The first thing to consider is whether the
334programmer wishes to make alternative ENGINE modules available to the
335application and user. OpenSSL maintains an internal linked list of
336"visible" ENGINEs from which it has to operate - at start-up, this list is
337empty and in fact if an application does not call any ENGINE API calls and
338it uses static linking against openssl, then the resulting application
339binary will not contain any alternative ENGINE code at all. So the first
340consideration is whether any/all available ENGINE implementations should be
341made visible to OpenSSL - this is controlled by calling the various "load"
342functions, eg.
343
344 /* Make the "dynamic" ENGINE available */
345 void ENGINE_load_dynamic(void);
346 /* Make the CryptoSwift hardware acceleration support available */
347 void ENGINE_load_cswift(void);
348 /* Make support for nCipher's "CHIL" hardware available */
349 void ENGINE_load_chil(void);
350 ...
351 /* Make ALL ENGINE implementations bundled with OpenSSL available */
352 void ENGINE_load_builtin_engines(void);
353
354Having called any of these functions, ENGINE objects would have been
355dynamically allocated and populated with these implementations and linked
356into OpenSSL's internal linked list. At this point it is important to
357mention an important API function;
358
359 void ENGINE_cleanup(void);
360
361If no ENGINE API functions are called at all in an application, then there
362are no inherent memory leaks to worry about from the ENGINE functionality,
363however if any ENGINEs are "load"ed, even if they are never registered or
364used, it is necessary to use the ENGINE_cleanup() function to
365correspondingly cleanup before program exit, if the caller wishes to avoid
366memory leaks. This mechanism uses an internal callback registration table
367so that any ENGINE API functionality that knows it requires cleanup can
368register its cleanup details to be called during ENGINE_cleanup(). This
369approach allows ENGINE_cleanup() to clean up after any ENGINE functionality
370at all that your program uses, yet doesn't automatically create linker
371dependencies to all possible ENGINE functionality - only the cleanup
372callbacks required by the functionality you do use will be required by the
373linker.
374
375The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
376the program and loaded into memory at run-time) does not mean they are
377"registered" or called into use by OpenSSL automatically - that behaviour
378is something for the application to have control over. Some applications
379will want to allow the user to specify exactly which ENGINE they want used
380if any is to be used at all. Others may prefer to load all support and have
381OpenSSL automatically use at run-time any ENGINE that is able to
382successfully initialise - ie. to assume that this corresponds to
383acceleration hardware attached to the machine or some such thing. There are
384probably numerous other ways in which applications may prefer to handle
385things, so we will simply illustrate the consequences as they apply to a
386couple of simple cases and leave developers to consider these and the
387source code to openssl's builtin utilities as guides.
388
389=head3 Using a specific ENGINE implementation
390
391Here we'll assume an application has been configured by its user or admin
392to want to use the "ACME" ENGINE if it is available in the version of
393OpenSSL the application was compiled with. If it is available, it should be
394used by default for all RSA, DSA, and symmetric cipher operation, otherwise
395OpenSSL should use its builtin software as per usual. The following code
396illustrates how to approach this;
397
398 ENGINE *e;
399 const char *engine_id = "ACME";
400 ENGINE_load_builtin_engines();
401 e = ENGINE_by_id(engine_id);
402 if(!e)
403 /* the engine isn't available */
404 return;
405 if(!ENGINE_init(e)) {
406 /* the engine couldn't initialise, release 'e' */
407 ENGINE_free(e);
408 return;
409 }
410 if(!ENGINE_set_default_RSA(e))
411 /* This should only happen when 'e' can't initialise, but the previous
412 * statement suggests it did. */
413 abort();
414 ENGINE_set_default_DSA(e);
415 ENGINE_set_default_ciphers(e);
416 /* Release the functional reference from ENGINE_init() */
417 ENGINE_finish(e);
418 /* Release the structural reference from ENGINE_by_id() */
419 ENGINE_free(e);
420
421=head3 Automatically using builtin ENGINE implementations
422
423Here we'll assume we want to load and register all ENGINE implementations
424bundled with OpenSSL, such that for any cryptographic algorithm required by
425OpenSSL - if there is an ENGINE that implements it and can be initialise,
426it should be used. The following code illustrates how this can work;
427
428 /* Load all bundled ENGINEs into memory and make them visible */
429 ENGINE_load_builtin_engines();
430 /* Register all of them for every algorithm they collectively implement */
431 ENGINE_register_all_complete();
432
433That's all that's required. Eg. the next time OpenSSL tries to set up an
434RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
435ENGINE_init() and if any of those succeed, that ENGINE will be set as the
436default for use with RSA from then on.
437
438=head2 Advanced configuration support
439
440There is a mechanism supported by the ENGINE framework that allows each
441ENGINE implementation to define an arbitrary set of configuration
442"commands" and expose them to OpenSSL and any applications based on
443OpenSSL. This mechanism is entirely based on the use of name-value pairs
444and and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
445applications want to provide a transparent way for users to provide
446arbitrary configuration "directives" directly to such ENGINEs. It is also
447possible for the application to dynamically interrogate the loaded ENGINE
448implementations for the names, descriptions, and input flags of their
449available "control commands", providing a more flexible configuration
450scheme. However, if the user is expected to know which ENGINE device he/she
451is using (in the case of specialised hardware, this goes without saying)
452then applications may not need to concern themselves with discovering the
453supported control commands and simply prefer to allow settings to passed
454into ENGINEs exactly as they are provided by the user.
455
456Before illustrating how control commands work, it is worth mentioning what
457they are typically used for. Broadly speaking there are two uses for
458control commands; the first is to provide the necessary details to the
459implementation (which may know nothing at all specific to the host system)
460so that it can be initialised for use. This could include the path to any
461driver or config files it needs to load, required network addresses,
462smart-card identifiers, passwords to initialise password-protected devices,
463logging information, etc etc. This class of commands typically needs to be
464passed to an ENGINE B<before> attempting to initialise it, ie. before
465calling ENGINE_init(). The other class of commands consist of settings or
466operations that tweak certain behaviour or cause certain operations to take
467place, and these commands may work either before or after ENGINE_init(), or
468in same cases both. ENGINE implementations should provide indications of
469this in the descriptions attached to builtin control commands and/or in
470external product documentation.
471
472=head3 Issuing control commands to an ENGINE
473
474Let's illustrate by example; a function for which the caller supplies the
475name of the ENGINE it wishes to use, a table of string-pairs for use before
476initialisation, and another table for use after initialisation. Note that
477the string-pairs used for control commands consist of a command "name"
478followed by the command "parameter" - the parameter could be NULL in some
479cases but the name can not. This function should initialise the ENGINE
480(issuing the "pre" commands beforehand and the "post" commands afterwards)
481and set it as the default for everything except RAND and then return a
482boolean success or failure.
483
484 int generic_load_engine_fn(const char *engine_id,
485 const char **pre_cmds, int pre_num,
486 const char **post_cmds, int post_num)
487 {
488 ENGINE *e = ENGINE_by_id(engine_id);
489 if(!e) return 0;
490 while(pre_num--) {
491 if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
492 fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
493 pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
494 ENGINE_free(e);
495 return 0;
496 }
497 pre_cmds += 2;
498 }
499 if(!ENGINE_init(e)) {
500 fprintf(stderr, "Failed initialisation\n");
501 ENGINE_free(e);
502 return 0;
503 }
504 /* ENGINE_init() returned a functional reference, so free the structural
505 * reference from ENGINE_by_id(). */
506 ENGINE_free(e);
507 while(post_num--) {
508 if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
509 fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
510 post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
511 ENGINE_finish(e);
512 return 0;
513 }
514 post_cmds += 2;
515 }
516 ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
517 /* Success */
518 return 1;
519 }
520
521Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
522relax the semantics of the function - if set non-zero it will only return
523failure if the ENGINE supported the given command name but failed while
524executing it, if the ENGINE doesn't support the command name it will simply
525return success without doing anything. In this case we assume the user is
526only supplying commands specific to the given ENGINE so we set this to
527FALSE.
528
529=head3 Discovering supported control commands
530
531It is possible to discover at run-time the names, numerical-ids, descriptions
532and input parameters of the control commands supported from a structural
533reference to any ENGINE. It is first important to note that some control
534commands are defined by OpenSSL itself and it will intercept and handle these
535control commands on behalf of the ENGINE, ie. the ENGINE's ctrl() handler is not
536used for the control command. openssl/engine.h defines a symbol,
537ENGINE_CMD_BASE, that all control commands implemented by ENGINEs from. Any
538command value lower than this symbol is considered a "generic" command is
539handled directly by the OpenSSL core routines.
540
541It is using these "core" control commands that one can discover the the control
542commands implemented by a given ENGINE, specifically the commands;
543
544 #define ENGINE_HAS_CTRL_FUNCTION 10
545 #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
546 #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
547 #define ENGINE_CTRL_GET_CMD_FROM_NAME 13
548 #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
549 #define ENGINE_CTRL_GET_NAME_FROM_CMD 15
550 #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
551 #define ENGINE_CTRL_GET_DESC_FROM_CMD 17
552 #define ENGINE_CTRL_GET_CMD_FLAGS 18
553
554Whilst these commands are automatically processed by the OpenSSL framework code,
555they use various properties exposed by each ENGINE by which to process these
556queries. An ENGINE has 3 properties it exposes that can affect this behaviour;
557it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
558the ENGINE's flags, and it can expose an array of control command descriptions.
559If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
560simply pass all these "core" control commands directly to the ENGINE's ctrl()
561handler (and thus, it must have supplied one), so it is up to the ENGINE to
562reply to these "discovery" commands itself. If that flag is not set, then the
563OpenSSL framework code will work with the following rules;
564
565 if no ctrl() handler supplied;
566 ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
567 all other commands fail.
568 if a ctrl() handler was supplied but no array of control commands;
569 ENGINE_HAS_CTRL_FUNCTION returns TRUE,
570 all other commands fail.
571 if a ctrl() handler and array of control commands was supplied;
572 ENGINE_HAS_CTRL_FUNCTION returns TRUE,
573 all other commands proceed processing ...
574
575If the ENGINE's array of control commands is empty then all other commands will
576fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
577the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
578identifier of a command supported by the ENGINE and returns the next command
579identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
580name for a command and returns the corresponding identifier or fails if no such
581command name exists, and the remaining commands take a command identifier and
582return properties of the corresponding commands. All except
583ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
584or populate a supplied character buffer with a copy of the command name or
585description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
586possible values;
587
588 #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
589 #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
590 #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
591 #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
592
593If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
594informational to the caller - this flag will prevent the command being usable
595for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
596"INTERNAL" commands are not intended to be exposed to text-based configuration
597by applications, administrations, users, etc. These can support arbitrary
598operations via ENGINE_ctrl(), including passing to and/or from the control
599commands data of any arbitrary type. These commands are supported in the
600discovery mechanisms simply to allow applications determinie if an ENGINE
601supports certain specific commands it might want to use (eg. application "foo"
602might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
603and ENGINE could therefore decide whether or not to support this "foo"-specific
604extension).
605
606=head2 Future developments
607
608The ENGINE API and internal architecture is currently being reviewed. Slated for
609possible release in 0.9.8 is support for transparent loading of "dynamic"
610ENGINEs (built as self-contained shared-libraries). This would allow ENGINE
611implementations to be provided independantly of OpenSSL libraries and/or
612OpenSSL-based applications, and would also remove any requirement for
613applications to explicitly use the "dynamic" ENGINE to bind to shared-library
614implementations.
615
616=head1 SEE ALSO
617
618L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>,
619L<RSA_new_method(3)|RSA_new_method(3)>
620
621=cut
diff --git a/src/lib/libssl/src/doc/crypto/evp.pod b/src/lib/libssl/src/doc/crypto/evp.pod
index edf47dbde6..b3ca14314f 100644
--- a/src/lib/libssl/src/doc/crypto/evp.pod
+++ b/src/lib/libssl/src/doc/crypto/evp.pod
@@ -24,6 +24,13 @@ functions. The B<EVP_Digest>I<...> functions provide message digests.
24 24
25Algorithms are loaded with OpenSSL_add_all_algorithms(3). 25Algorithms are loaded with OpenSSL_add_all_algorithms(3).
26 26
27All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
28modules providing alternative implementations. If ENGINE implementations of
29ciphers or digests are registered as defaults, then the various EVP functions
30will automatically use those implementations automatically in preference to
31built in software implementations. For more information, consult the engine(3)
32man page.
33
27=head1 SEE ALSO 34=head1 SEE ALSO
28 35
29L<EVP_DigestInit(3)|EVP_DigestInit(3)>, 36L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
@@ -32,6 +39,7 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
32L<EVP_SealInit(3)|EVP_SealInit(3)>, 39L<EVP_SealInit(3)|EVP_SealInit(3)>,
33L<EVP_SignInit(3)|EVP_SignInit(3)>, 40L<EVP_SignInit(3)|EVP_SignInit(3)>,
34L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, 41L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
35L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)> 42L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
43L<engine(3)|engine(3)>
36 44
37=cut 45=cut
diff --git a/src/lib/libssl/src/doc/crypto/rand.pod b/src/lib/libssl/src/doc/crypto/rand.pod
index 96901f109e..1c068c85b3 100644
--- a/src/lib/libssl/src/doc/crypto/rand.pod
+++ b/src/lib/libssl/src/doc/crypto/rand.pod
@@ -8,13 +8,14 @@ rand - pseudo-random number generator
8 8
9 #include <openssl/rand.h> 9 #include <openssl/rand.h>
10 10
11 int RAND_set_rand_engine(ENGINE *engine);
12
11 int RAND_bytes(unsigned char *buf, int num); 13 int RAND_bytes(unsigned char *buf, int num);
12 int RAND_pseudo_bytes(unsigned char *buf, int num); 14 int RAND_pseudo_bytes(unsigned char *buf, int num);
13 15
14 void RAND_seed(const void *buf, int num); 16 void RAND_seed(const void *buf, int num);
15 void RAND_add(const void *buf, int num, int entropy); 17 void RAND_add(const void *buf, int num, int entropy);
16 int RAND_status(void); 18 int RAND_status(void);
17 void RAND_screen(void);
18 19
19 int RAND_load_file(const char *file, long max_bytes); 20 int RAND_load_file(const char *file, long max_bytes);
20 int RAND_write_file(const char *file); 21 int RAND_write_file(const char *file);
@@ -22,14 +23,31 @@ rand - pseudo-random number generator
22 23
23 int RAND_egd(const char *path); 24 int RAND_egd(const char *path);
24 25
25 void RAND_set_rand_method(RAND_METHOD *meth); 26 void RAND_set_rand_method(const RAND_METHOD *meth);
26 RAND_METHOD *RAND_get_rand_method(void); 27 const RAND_METHOD *RAND_get_rand_method(void);
27 RAND_METHOD *RAND_SSLeay(void); 28 RAND_METHOD *RAND_SSLeay(void);
28 29
29 void RAND_cleanup(void); 30 void RAND_cleanup(void);
30 31
32 /* For Win32 only */
33 void RAND_screen(void);
34 int RAND_event(UINT, WPARAM, LPARAM);
35
31=head1 DESCRIPTION 36=head1 DESCRIPTION
32 37
38Since the introduction of the ENGINE API, the recommended way of controlling
39default implementations is by using the ENGINE API functions. The default
40B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
41RAND_get_rand_method(), is only used if no ENGINE has been set as the default
42"rand" implementation. Hence, these two functions are no longer the recommened
43way to control defaults.
44
45If an alternative B<RAND_METHOD> implementation is being used (either set
46directly or as provided by an ENGINE module), then it is entirely responsible
47for the generation and management of a cryptographically secure PRNG stream. The
48mechanisms described below relate solely to the software PRNG implementation
49built in to OpenSSL and used by default.
50
33These functions implement a cryptographically secure pseudo-random 51These functions implement a cryptographically secure pseudo-random
34number generator (PRNG). It is used by other library functions for 52number generator (PRNG). It is used by other library functions for
35example to generate random keys, and applications can use it when they 53example to generate random keys, and applications can use it when they
diff --git a/src/lib/libssl/src/doc/crypto/rsa.pod b/src/lib/libssl/src/doc/crypto/rsa.pod
index 2b93a12b65..45ac53ffc1 100644
--- a/src/lib/libssl/src/doc/crypto/rsa.pod
+++ b/src/lib/libssl/src/doc/crypto/rsa.pod
@@ -16,13 +16,17 @@ rsa - RSA public key cryptosystem
16 unsigned char *to, RSA *rsa, int padding); 16 unsigned char *to, RSA *rsa, int padding);
17 int RSA_private_decrypt(int flen, unsigned char *from, 17 int RSA_private_decrypt(int flen, unsigned char *from,
18 unsigned char *to, RSA *rsa, int padding); 18 unsigned char *to, RSA *rsa, int padding);
19 int RSA_private_encrypt(int flen, unsigned char *from,
20 unsigned char *to, RSA *rsa,int padding);
21 int RSA_public_decrypt(int flen, unsigned char *from,
22 unsigned char *to, RSA *rsa,int padding);
19 23
20 int RSA_sign(int type, unsigned char *m, unsigned int m_len, 24 int RSA_sign(int type, unsigned char *m, unsigned int m_len,
21 unsigned char *sigret, unsigned int *siglen, RSA *rsa); 25 unsigned char *sigret, unsigned int *siglen, RSA *rsa);
22 int RSA_verify(int type, unsigned char *m, unsigned int m_len, 26 int RSA_verify(int type, unsigned char *m, unsigned int m_len,
23 unsigned char *sigbuf, unsigned int siglen, RSA *rsa); 27 unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
24 28
25 int RSA_size(RSA *rsa); 29 int RSA_size(const RSA *rsa);
26 30
27 RSA *RSA_generate_key(int num, unsigned long e, 31 RSA *RSA_generate_key(int num, unsigned long e,
28 void (*callback)(int,int,void *), void *cb_arg); 32 void (*callback)(int,int,void *), void *cb_arg);
@@ -32,13 +36,13 @@ rsa - RSA public key cryptosystem
32 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); 36 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
33 void RSA_blinding_off(RSA *rsa); 37 void RSA_blinding_off(RSA *rsa);
34 38
35 void RSA_set_default_openssl_method(RSA_METHOD *meth); 39 void RSA_set_default_method(const RSA_METHOD *meth);
36 RSA_METHOD *RSA_get_default_openssl_method(void); 40 const RSA_METHOD *RSA_get_default_method(void);
37 int RSA_set_method(RSA *rsa, ENGINE *engine); 41 int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
38 RSA_METHOD *RSA_get_method(RSA *rsa); 42 const RSA_METHOD *RSA_get_method(const RSA *rsa);
39 RSA_METHOD *RSA_PKCS1_SSLeay(void); 43 RSA_METHOD *RSA_PKCS1_SSLeay(void);
40 RSA_METHOD *RSA_null_method(void); 44 RSA_METHOD *RSA_null_method(void);
41 int RSA_flags(RSA *rsa); 45 int RSA_flags(const RSA *rsa);
42 RSA *RSA_new_method(ENGINE *engine); 46 RSA *RSA_new_method(ENGINE *engine);
43 47
44 int RSA_print(BIO *bp, RSA *x, int offset); 48 int RSA_print(BIO *bp, RSA *x, int offset);
@@ -49,11 +53,6 @@ rsa - RSA public key cryptosystem
49 int RSA_set_ex_data(RSA *r,int idx,char *arg); 53 int RSA_set_ex_data(RSA *r,int idx,char *arg);
50 char *RSA_get_ex_data(RSA *r, int idx); 54 char *RSA_get_ex_data(RSA *r, int idx);
51 55
52 int RSA_private_encrypt(int flen, unsigned char *from,
53 unsigned char *to, RSA *rsa,int padding);
54 int RSA_public_decrypt(int flen, unsigned char *from,
55 unsigned char *to, RSA *rsa,int padding);
56
57 int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, 56 int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
58 unsigned int m_len, unsigned char *sigret, unsigned int *siglen, 57 unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
59 RSA *rsa); 58 RSA *rsa);
@@ -90,6 +89,14 @@ B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
90keys, but the RSA operations are much faster when these values are 89keys, but the RSA operations are much faster when these values are
91available. 90available.
92 91
92Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
93either directly or by the use of B<ENGINE> modules. In some cases (eg. an
94ENGINE providing support for hardware-embedded keys), these BIGNUM values
95will not be used by the implementation or may be used for alternative data
96storage. For this reason, applications should generally avoid using RSA
97structure elements directly and instead use API functions to query or
98modify keys.
99
93=head1 CONFORMING TO 100=head1 CONFORMING TO
94 101
95SSL, PKCS #1 v2.0 102SSL, PKCS #1 v2.0
@@ -101,7 +108,7 @@ RSA was covered by a US patent which expired in September 2000.
101=head1 SEE ALSO 108=head1 SEE ALSO
102 109
103L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, 110L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
104L<rand(3)|rand(3)>, L<RSA_new(3)|RSA_new(3)>, 111L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
105L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, 112L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
106L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>, 113L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
107L<RSA_generate_key(3)|RSA_generate_key(3)>, 114L<RSA_generate_key(3)|RSA_generate_key(3)>,
diff --git a/src/lib/libssl/src/doc/openssl.txt b/src/lib/libssl/src/doc/openssl.txt
index 5da519e7e4..432a17b66c 100644
--- a/src/lib/libssl/src/doc/openssl.txt
+++ b/src/lib/libssl/src/doc/openssl.txt
@@ -344,7 +344,7 @@ the extension.
344 344
345Examples: 345Examples:
346 346
347subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/ 347subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
348subjectAltName=email:my@other.address,RID:1.2.3.4 348subjectAltName=email:my@other.address,RID:1.2.3.4
349 349
350Issuer Alternative Name. 350Issuer Alternative Name.
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod
index a423932d0a..0015e6ea79 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod
@@ -69,6 +69,8 @@ The B<SSL> object that received or sent the message.
69The user-defined argument optionally defined by 69The user-defined argument optionally defined by
70SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg(). 70SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().
71 71
72=back
73
72=head1 NOTES 74=head1 NOTES
73 75
74Protocol messages are passed to the callback function after decryption 76Protocol messages are passed to the callback function after decryption
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index 26efe53856..570d0664ed 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -536,7 +536,12 @@ static int get_server_hello(SSL *s)
536 } 536 }
537 537
538 s->s2->conn_id_length=s->s2->tmp.conn_id_length; 538 s->s2->conn_id_length=s->s2->tmp.conn_id_length;
539 die(s->s2->conn_id_length <= sizeof s->s2->conn_id); 539 if (s->s2->conn_id_length > sizeof s->s2->conn_id)
540 {
541 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
542 SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
543 return -1;
544 }
540 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); 545 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
541 return(1); 546 return(1);
542 } 547 }
@@ -638,7 +643,12 @@ static int client_master_key(SSL *s)
638 /* make key_arg data */ 643 /* make key_arg data */
639 i=EVP_CIPHER_iv_length(c); 644 i=EVP_CIPHER_iv_length(c);
640 sess->key_arg_length=i; 645 sess->key_arg_length=i;
641 die(i <= SSL_MAX_KEY_ARG_LENGTH); 646 if (i > SSL_MAX_KEY_ARG_LENGTH)
647 {
648 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
649 SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
650 return -1;
651 }
642 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); 652 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
643 653
644 /* make a master key */ 654 /* make a master key */
@@ -646,7 +656,12 @@ static int client_master_key(SSL *s)
646 sess->master_key_length=i; 656 sess->master_key_length=i;
647 if (i > 0) 657 if (i > 0)
648 { 658 {
649 die(i <= sizeof sess->master_key); 659 if (i > sizeof sess->master_key)
660 {
661 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
662 SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
663 return -1;
664 }
650 if (RAND_bytes(sess->master_key,i) <= 0) 665 if (RAND_bytes(sess->master_key,i) <= 0)
651 { 666 {
652 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 667 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -690,7 +705,12 @@ static int client_master_key(SSL *s)
690 d+=enc; 705 d+=enc;
691 karg=sess->key_arg_length; 706 karg=sess->key_arg_length;
692 s2n(karg,p); /* key arg size */ 707 s2n(karg,p); /* key arg size */
693 die(karg <= sizeof sess->key_arg); 708 if (karg > sizeof sess->key_arg)
709 {
710 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
711 SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
712 return -1;
713 }
694 memcpy(d,sess->key_arg,(unsigned int)karg); 714 memcpy(d,sess->key_arg,(unsigned int)karg);
695 d+=karg; 715 d+=karg;
696 716
@@ -711,7 +731,11 @@ static int client_finished(SSL *s)
711 { 731 {
712 p=(unsigned char *)s->init_buf->data; 732 p=(unsigned char *)s->init_buf->data;
713 *(p++)=SSL2_MT_CLIENT_FINISHED; 733 *(p++)=SSL2_MT_CLIENT_FINISHED;
714 die(s->s2->conn_id_length <= sizeof s->s2->conn_id); 734 if (s->s2->conn_id_length > sizeof s->s2->conn_id)
735 {
736 SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
737 return -1;
738 }
715 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); 739 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
716 740
717 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; 741 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -984,10 +1008,9 @@ static int get_server_finished(SSL *s)
984 { 1008 {
985 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) 1009 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
986 { 1010 {
987 die(s->session->session_id_length 1011 if ((s->session->session_id_length > sizeof s->session->session_id)
988 <= sizeof s->session->session_id); 1012 || (0 != memcmp(buf, s->session->session_id,
989 if (memcmp(buf,s->session->session_id, 1013 (unsigned int)s->session->session_id_length)))
990 (unsigned int)s->session->session_id_length) != 0)
991 { 1014 {
992 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 1015 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
993 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); 1016 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
diff --git a/src/lib/libssl/src/ssl/s2_enc.c b/src/lib/libssl/src/ssl/s2_enc.c
index a28e747d2d..690252e3d3 100644
--- a/src/lib/libssl/src/ssl/s2_enc.c
+++ b/src/lib/libssl/src/ssl/s2_enc.c
@@ -96,7 +96,8 @@ int ssl2_enc_init(SSL *s, int client)
96 num=c->key_len; 96 num=c->key_len;
97 s->s2->key_material_length=num*2; 97 s->s2->key_material_length=num*2;
98 98
99 ssl2_generate_key_material(s); 99 if (ssl2_generate_key_material(s) <= 0)
100 return 0;
100 101
101 EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), 102 EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
102 s->session->key_arg); 103 s->session->key_arg);
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c
index 9bf55268df..cc0dcfa956 100644
--- a/src/lib/libssl/src/ssl/s2_lib.c
+++ b/src/lib/libssl/src/ssl/s2_lib.c
@@ -416,12 +416,15 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
416 return(3); 416 return(3);
417 } 417 }
418 418
419void ssl2_generate_key_material(SSL *s) 419int ssl2_generate_key_material(SSL *s)
420 { 420 {
421 unsigned int i; 421 unsigned int i;
422 EVP_MD_CTX ctx; 422 EVP_MD_CTX ctx;
423 unsigned char *km; 423 unsigned char *km;
424 unsigned char c='0'; 424 unsigned char c='0';
425 const EVP_MD *md5;
426
427 md5 = EVP_md5();
425 428
426#ifdef CHARSET_EBCDIC 429#ifdef CHARSET_EBCDIC
427 c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', 430 c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
@@ -429,23 +432,35 @@ void ssl2_generate_key_material(SSL *s)
429#endif 432#endif
430 EVP_MD_CTX_init(&ctx); 433 EVP_MD_CTX_init(&ctx);
431 km=s->s2->key_material; 434 km=s->s2->key_material;
432 die(s->s2->key_material_length <= sizeof s->s2->key_material); 435
433 for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) 436 if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
437 {
438 SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
439 return 0;
440 }
441
442 for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
434 { 443 {
435 EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); 444 if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material)
445 {
446 /* EVP_DigestFinal_ex() below would write beyond buffer */
447 SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
448 return 0;
449 }
450
451 EVP_DigestInit_ex(&ctx, md5, NULL);
436 452
437 die(s->session->master_key_length >= 0
438 && s->session->master_key_length
439 < sizeof s->session->master_key);
440 EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); 453 EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
441 EVP_DigestUpdate(&ctx,&c,1); 454 EVP_DigestUpdate(&ctx,&c,1);
442 c++; 455 c++;
443 EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); 456 EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
444 EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); 457 EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
445 EVP_DigestFinal_ex(&ctx,km,NULL); 458 EVP_DigestFinal_ex(&ctx,km,NULL);
446 km+=MD5_DIGEST_LENGTH; 459 km += EVP_MD_size(md5);
447 } 460 }
461
448 EVP_MD_CTX_cleanup(&ctx); 462 EVP_MD_CTX_cleanup(&ctx);
463 return 1;
449 } 464 }
450 465
451void ssl2_return_error(SSL *s, int err) 466void ssl2_return_error(SSL *s, int err)
@@ -470,10 +485,14 @@ void ssl2_write_error(SSL *s)
470 buf[2]=(s->error_code)&0xff; 485 buf[2]=(s->error_code)&0xff;
471 486
472/* state=s->rwstate;*/ 487/* state=s->rwstate;*/
473 error=s->error; 488
489 error=s->error; /* number of bytes left to write */
474 s->error=0; 490 s->error=0;
475 die(error >= 0 && error <= 3); 491 if (error < 0 || error > sizeof buf) /* can't happen */
492 return;
493
476 i=ssl2_write(s,&(buf[3-error]),error); 494 i=ssl2_write(s,&(buf[3-error]),error);
495
477/* if (i == error) s->rwstate=state; */ 496/* if (i == error) s->rwstate=state; */
478 497
479 if (i < 0) 498 if (i < 0)
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index 391287bfcd..97dda2dde0 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -399,8 +399,7 @@ static int get_client_master_key(SSL *s)
399 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE); 399 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
400 } 400 }
401 else 401 else
402 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, 402 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
403 SSL_R_PEER_ERROR);
404 return(-1); 403 return(-1);
405 } 404 }
406 405
@@ -408,8 +407,7 @@ static int get_client_master_key(SSL *s)
408 if (cp == NULL) 407 if (cp == NULL)
409 { 408 {
410 ssl2_return_error(s,SSL2_PE_NO_CIPHER); 409 ssl2_return_error(s,SSL2_PE_NO_CIPHER);
411 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, 410 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
412 SSL_R_NO_CIPHER_MATCH);
413 return(-1); 411 return(-1);
414 } 412 }
415 s->session->cipher= cp; 413 s->session->cipher= cp;
@@ -420,8 +418,8 @@ static int get_client_master_key(SSL *s)
420 n2s(p,i); s->session->key_arg_length=i; 418 n2s(p,i); s->session->key_arg_length=i;
421 if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) 419 if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
422 { 420 {
423 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, 421 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
424 SSL_R_KEY_ARG_TOO_LONG); 422 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
425 return -1; 423 return -1;
426 } 424 }
427 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; 425 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
@@ -429,11 +427,17 @@ static int get_client_master_key(SSL *s)
429 427
430 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ 428 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
431 p=(unsigned char *)s->init_buf->data; 429 p=(unsigned char *)s->init_buf->data;
432 die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); 430 if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
431 {
432 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
433 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
434 return -1;
435 }
433 keya=s->session->key_arg_length; 436 keya=s->session->key_arg_length;
434 len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; 437 len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
435 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 438 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
436 { 439 {
440 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
437 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); 441 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
438 return -1; 442 return -1;
439 } 443 }
@@ -512,7 +516,13 @@ static int get_client_master_key(SSL *s)
512#endif 516#endif
513 517
514 if (is_export) i+=s->s2->tmp.clear; 518 if (is_export) i+=s->s2->tmp.clear;
515 die(i <= SSL_MAX_MASTER_KEY_LENGTH); 519
520 if (i > SSL_MAX_MASTER_KEY_LENGTH)
521 {
522 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
523 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
524 return -1;
525 }
516 s->session->master_key_length=i; 526 s->session->master_key_length=i;
517 memcpy(s->session->master_key,p,(unsigned int)i); 527 memcpy(s->session->master_key,p,(unsigned int)i);
518 return(1); 528 return(1);
@@ -563,6 +573,7 @@ static int get_client_hello(SSL *s)
563 if ( (i < SSL2_MIN_CHALLENGE_LENGTH) || 573 if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
564 (i > SSL2_MAX_CHALLENGE_LENGTH)) 574 (i > SSL2_MAX_CHALLENGE_LENGTH))
565 { 575 {
576 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
566 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH); 577 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
567 return(-1); 578 return(-1);
568 } 579 }
@@ -574,6 +585,7 @@ static int get_client_hello(SSL *s)
574 len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length; 585 len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
575 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 586 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
576 { 587 {
588 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
577 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG); 589 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
578 return -1; 590 return -1;
579 } 591 }
@@ -679,7 +691,12 @@ static int get_client_hello(SSL *s)
679 p+=s->s2->tmp.session_id_length; 691 p+=s->s2->tmp.session_id_length;
680 692
681 /* challenge */ 693 /* challenge */
682 die(s->s2->challenge_length <= sizeof s->s2->challenge); 694 if (s->s2->challenge_length > sizeof s->s2->challenge)
695 {
696 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
697 SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
698 return -1;
699 }
683 memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); 700 memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
684 return(1); 701 return(1);
685mem_err: 702mem_err:
@@ -836,7 +853,12 @@ static int get_client_finished(SSL *s)
836 } 853 }
837 854
838 /* SSL2_ST_GET_CLIENT_FINISHED_B */ 855 /* SSL2_ST_GET_CLIENT_FINISHED_B */
839 die(s->s2->conn_id_length <= sizeof s->s2->conn_id); 856 if (s->s2->conn_id_length > sizeof s->s2->conn_id)
857 {
858 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
859 SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
860 return -1;
861 }
840 len = 1 + (unsigned long)s->s2->conn_id_length; 862 len = 1 + (unsigned long)s->s2->conn_id_length;
841 n = (int)len - s->init_num; 863 n = (int)len - s->init_num;
842 i = ssl2_read(s,(char *)&(p[s->init_num]),n); 864 i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -864,7 +886,11 @@ static int server_verify(SSL *s)
864 { 886 {
865 p=(unsigned char *)s->init_buf->data; 887 p=(unsigned char *)s->init_buf->data;
866 *(p++)=SSL2_MT_SERVER_VERIFY; 888 *(p++)=SSL2_MT_SERVER_VERIFY;
867 die(s->s2->challenge_length <= sizeof s->s2->challenge); 889 if (s->s2->challenge_length > sizeof s->s2->challenge)
890 {
891 SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
892 return -1;
893 }
868 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); 894 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
869 /* p+=s->s2->challenge_length; */ 895 /* p+=s->s2->challenge_length; */
870 896
@@ -884,10 +910,12 @@ static int server_finish(SSL *s)
884 p=(unsigned char *)s->init_buf->data; 910 p=(unsigned char *)s->init_buf->data;
885 *(p++)=SSL2_MT_SERVER_FINISHED; 911 *(p++)=SSL2_MT_SERVER_FINISHED;
886 912
887 die(s->session->session_id_length 913 if (s->session->session_id_length > sizeof s->session->session_id)
888 <= sizeof s->session->session_id); 914 {
889 memcpy(p,s->session->session_id, 915 SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
890 (unsigned int)s->session->session_id_length); 916 return -1;
917 }
918 memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
891 /* p+=s->session->session_id_length; */ 919 /* p+=s->session->session_id_length; */
892 920
893 s->state=SSL2_ST_SEND_SERVER_FINISHED_B; 921 s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
@@ -1004,7 +1032,7 @@ static int request_certificate(SSL *s)
1004 len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; 1032 len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
1005 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 1033 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
1006 { 1034 {
1007 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); 1035 SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
1008 goto end; 1036 goto end;
1009 } 1037 }
1010 j = (int)len - s->init_num; 1038 j = (int)len - s->init_num;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 2699b5863b..2b58482484 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -546,7 +546,11 @@ static int ssl3_client_hello(SSL *s)
546 *(p++)=i; 546 *(p++)=i;
547 if (i != 0) 547 if (i != 0)
548 { 548 {
549 die(i <= sizeof s->session->session_id); 549 if (i > sizeof s->session->session_id)
550 {
551 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
552 goto err;
553 }
550 memcpy(p,s->session->session_id,i); 554 memcpy(p,s->session->session_id,i);
551 p+=i; 555 p+=i;
552 } 556 }
@@ -1598,7 +1602,11 @@ static int ssl3_send_client_key_exchange(SSL *s)
1598 SSL_MAX_MASTER_KEY_LENGTH); 1602 SSL_MAX_MASTER_KEY_LENGTH);
1599 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 1603 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
1600 outl += padl; 1604 outl += padl;
1601 die(outl <= sizeof epms); 1605 if (outl > sizeof epms)
1606 {
1607 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1608 goto err;
1609 }
1602 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 1610 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
1603 1611
1604 /* KerberosWrapper.EncryptedPreMasterSecret */ 1612 /* KerberosWrapper.EncryptedPreMasterSecret */
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 782b57f57a..20d716fb1b 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -965,7 +965,11 @@ static int ssl3_send_server_hello(SSL *s)
965 s->session->session_id_length=0; 965 s->session->session_id_length=0;
966 966
967 sl=s->session->session_id_length; 967 sl=s->session->session_id_length;
968 die(sl <= sizeof s->session->session_id); 968 if (sl > sizeof s->session->session_id)
969 {
970 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
971 return -1;
972 }
969 *(p++)=sl; 973 *(p++)=sl;
970 memcpy(p,s->session->session_id,sl); 974 memcpy(p,s->session->session_id,sl);
971 p+=sl; 975 p+=sl;
@@ -1588,7 +1592,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
1588 /* Note that the length is checked again below, 1592 /* Note that the length is checked again below,
1589 ** after decryption 1593 ** after decryption
1590 */ 1594 */
1591 if(enc.pms_length > sizeof pms) 1595 if(enc_pms.length > sizeof pms)
1592 { 1596 {
1593 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1597 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1594 SSL_R_DATA_LENGTH_TOO_LONG); 1598 SSL_R_DATA_LENGTH_TOO_LONG);
diff --git a/src/lib/libssl/src/ssl/ssl-lib.com b/src/lib/libssl/src/ssl/ssl-lib.com
index 1f1921e162..d6829a8d64 100644
--- a/src/lib/libssl/src/ssl/ssl-lib.com
+++ b/src/lib/libssl/src/ssl/ssl-lib.com
@@ -1067,7 +1067,7 @@ $ ENDIF
1067$! 1067$!
1068$! Show user the result 1068$! Show user the result
1069$! 1069$!
1070$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC 1070$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
1071$! 1071$!
1072$! Else The User Entered An Invalid Arguement. 1072$! Else The User Entered An Invalid Arguement.
1073$! 1073$!
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index d9949e8eb2..e9d1e896d7 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1462,6 +1462,7 @@ void ERR_load_SSL_strings(void);
1462 1462
1463/* Function codes. */ 1463/* Function codes. */
1464#define SSL_F_CLIENT_CERTIFICATE 100 1464#define SSL_F_CLIENT_CERTIFICATE 100
1465#define SSL_F_CLIENT_FINISHED 238
1465#define SSL_F_CLIENT_HELLO 101 1466#define SSL_F_CLIENT_HELLO 101
1466#define SSL_F_CLIENT_MASTER_KEY 102 1467#define SSL_F_CLIENT_MASTER_KEY 102
1467#define SSL_F_D2I_SSL_SESSION 103 1468#define SSL_F_D2I_SSL_SESSION 103
@@ -1475,7 +1476,9 @@ void ERR_load_SSL_strings(void);
1475#define SSL_F_I2D_SSL_SESSION 111 1476#define SSL_F_I2D_SSL_SESSION 111
1476#define SSL_F_READ_N 112 1477#define SSL_F_READ_N 112
1477#define SSL_F_REQUEST_CERTIFICATE 113 1478#define SSL_F_REQUEST_CERTIFICATE 113
1479#define SSL_F_SERVER_FINISH 239
1478#define SSL_F_SERVER_HELLO 114 1480#define SSL_F_SERVER_HELLO 114
1481#define SSL_F_SERVER_VERIFY 240
1479#define SSL_F_SSL23_ACCEPT 115 1482#define SSL_F_SSL23_ACCEPT 115
1480#define SSL_F_SSL23_CLIENT_HELLO 116 1483#define SSL_F_SSL23_CLIENT_HELLO 116
1481#define SSL_F_SSL23_CONNECT 117 1484#define SSL_F_SSL23_CONNECT 117
@@ -1487,6 +1490,7 @@ void ERR_load_SSL_strings(void);
1487#define SSL_F_SSL2_ACCEPT 122 1490#define SSL_F_SSL2_ACCEPT 122
1488#define SSL_F_SSL2_CONNECT 123 1491#define SSL_F_SSL2_CONNECT 123
1489#define SSL_F_SSL2_ENC_INIT 124 1492#define SSL_F_SSL2_ENC_INIT 124
1493#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
1490#define SSL_F_SSL2_PEEK 234 1494#define SSL_F_SSL2_PEEK 234
1491#define SSL_F_SSL2_READ 125 1495#define SSL_F_SSL2_READ 125
1492#define SSL_F_SSL2_READ_INTERNAL 236 1496#define SSL_F_SSL2_READ_INTERNAL 236
@@ -1523,6 +1527,7 @@ void ERR_load_SSL_strings(void);
1523#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 1527#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
1524#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 1528#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
1525#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 1529#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
1530#define SSL_F_SSL3_SEND_SERVER_HELLO 242
1526#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 1531#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1527#define SSL_F_SSL3_SETUP_BUFFERS 156 1532#define SSL_F_SSL3_SETUP_BUFFERS 156
1528#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 1533#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
@@ -1747,6 +1752,7 @@ void ERR_load_SSL_strings(void);
1747#define SSL_R_SHORT_READ 219 1752#define SSL_R_SHORT_READ 219
1748#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 1753#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1749#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 1754#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1755#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114
1750#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 1756#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
1751#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 1757#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1752#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 1758#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index 1638c6b525..3723fc2e37 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -294,10 +294,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
294 i=SSL2_MAX_SSL_SESSION_ID_LENGTH; 294 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
295 295
296 if (os.length > i) 296 if (os.length > i)
297 os.length=i; 297 os.length = i;
298 if (os.length > sizeof ret->session_id) /* can't happen */
299 os.length = sizeof ret->session_id;
298 300
299 ret->session_id_length=os.length; 301 ret->session_id_length=os.length;
300 die(os.length <= sizeof ret->session_id);
301 memcpy(ret->session_id,os.data,os.length); 302 memcpy(ret->session_id,os.data,os.length);
302 303
303 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); 304 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 0cad32c855..7067a745f3 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -67,6 +67,7 @@
67static ERR_STRING_DATA SSL_str_functs[]= 67static ERR_STRING_DATA SSL_str_functs[]=
68 { 68 {
69{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, 69{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},
70{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"},
70{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, 71{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},
71{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, 72{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
72{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, 73{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},
@@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
80{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, 81{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},
81{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, 82{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},
82{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, 83{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},
84{ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"},
83{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, 85{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},
86{ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"},
84{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, 87{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},
85{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, 88{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},
86{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, 89{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
@@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
92{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, 95{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
93{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, 96{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
94{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, 97{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
98{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"},
95{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, 99{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
96{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, 100{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
97{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, 101{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
@@ -128,6 +132,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
128{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, 132{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
129{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, 133{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},
130{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, 134{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},
135{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"},
131{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, 136{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
132{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, 137{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},
133{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, 138{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
@@ -355,6 +360,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
355{SSL_R_SHORT_READ ,"short read"}, 360{SSL_R_SHORT_READ ,"short read"},
356{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, 361{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
357{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, 362{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
363{SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"},
358{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, 364{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
359{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, 365{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
360{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, 366{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index ab172aeaec..4bc4ce5b3a 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a)
1405 abort(); /* ok */ 1405 abort(); /* ok */
1406 } 1406 }
1407#endif 1407#endif
1408 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1409 1408
1409 /*
1410 * Free internal session cache. However: the remove_cb() may reference
1411 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1412 * after the sessions were flushed.
1413 * As the ex_data handling routines might also touch the session cache,
1414 * the most secure solution seems to be: empty (flush) the cache, then
1415 * free ex_data, then finally free the cache.
1416 * (See ticket [openssl.org #212].)
1417 */
1410 if (a->sessions != NULL) 1418 if (a->sessions != NULL)
1411 {
1412 SSL_CTX_flush_sessions(a,0); 1419 SSL_CTX_flush_sessions(a,0);
1420
1421 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1422
1423 if (a->sessions != NULL)
1413 lh_free(a->sessions); 1424 lh_free(a->sessions);
1414 } 1425
1415 if (a->cert_store != NULL) 1426 if (a->cert_store != NULL)
1416 X509_STORE_free(a->cert_store); 1427 X509_STORE_free(a->cert_store);
1417 if (a->cipher_list != NULL) 1428 if (a->cipher_list != NULL)
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index fe4ac839cf..dd6c7a7323 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -510,7 +510,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
510int ssl_verify_alarm_type(long type); 510int ssl_verify_alarm_type(long type);
511 511
512int ssl2_enc_init(SSL *s, int client); 512int ssl2_enc_init(SSL *s, int client);
513void ssl2_generate_key_material(SSL *s); 513int ssl2_generate_key_material(SSL *s);
514void ssl2_enc(SSL *s,int send_data); 514void ssl2_enc(SSL *s,int send_data);
515void ssl2_mac(SSL *s,unsigned char *mac,int send_data); 515void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
516SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); 516SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 8bfc382bb6..ca1a7427be 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -251,7 +251,12 @@ int ssl_get_new_session(SSL *s, int session)
251 ss->session_id_length=0; 251 ss->session_id_length=0;
252 } 252 }
253 253
254 die(s->sid_ctx_length <= sizeof ss->sid_ctx); 254 if (s->sid_ctx_length > sizeof ss->sid_ctx)
255 {
256 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
257 SSL_SESSION_free(ss);
258 return 0;
259 }
255 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); 260 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
256 ss->sid_ctx_length=s->sid_ctx_length; 261 ss->sid_ctx_length=s->sid_ctx_length;
257 s->session=ss; 262 s->session=ss;
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 1afdfa7750..4f6379e160 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -400,12 +400,22 @@ int main(int argc, char *argv[])
400 debug=1; 400 debug=1;
401 else if (strcmp(*argv,"-reuse") == 0) 401 else if (strcmp(*argv,"-reuse") == 0)
402 reuse=1; 402 reuse=1;
403#ifndef OPENSSL_NO_DH
404 else if (strcmp(*argv,"-dhe1024") == 0) 403 else if (strcmp(*argv,"-dhe1024") == 0)
404 {
405#ifndef OPENSSL_NO_DH
405 dhe1024=1; 406 dhe1024=1;
407#else
408 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n";
409#endif
410 }
406 else if (strcmp(*argv,"-dhe1024dsa") == 0) 411 else if (strcmp(*argv,"-dhe1024dsa") == 0)
412 {
413#ifndef OPENSSL_NO_DH
407 dhe1024dsa=1; 414 dhe1024dsa=1;
415#else
416 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n";
408#endif 417#endif
418 }
409 else if (strcmp(*argv,"-no_dhe") == 0) 419 else if (strcmp(*argv,"-no_dhe") == 0)
410 no_dhe=1; 420 no_dhe=1;
411 else if (strcmp(*argv,"-ssl2") == 0) 421 else if (strcmp(*argv,"-ssl2") == 0)
diff --git a/src/lib/libssl/src/test/dummytest.c b/src/lib/libssl/src/test/dummytest.c
index f98f003ef9..5b4467e042 100644
--- a/src/lib/libssl/src/test/dummytest.c
+++ b/src/lib/libssl/src/test/dummytest.c
@@ -8,7 +8,7 @@
8 8
9int main(int argc, char *argv[]) 9int main(int argc, char *argv[])
10 { 10 {
11 char *p, *q, *program; 11 char *p, *q = 0, *program;
12 12
13 p = strrchr(argv[0], '/'); 13 p = strrchr(argv[0], '/');
14 if (!p) p = strrchr(argv[0], '\\'); 14 if (!p) p = strrchr(argv[0], '\\');
@@ -34,7 +34,8 @@ int main(int argc, char *argv[])
34 } 34 }
35 35
36 for(p = program; *p; p++) 36 for(p = program; *p; p++)
37 if (islower(*p)) *p = toupper(*p); 37 if (islower((unsigned char)(*p)))
38 *p = toupper((unsigned char)(*p));
38 39
39 q = strstr(program, "TEST"); 40 q = strstr(program, "TEST");
40 if (q > p && q[-1] == '_') q--; 41 if (q > p && q[-1] == '_') q--;
diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com
index b3bf8bb837..91e859deab 100644
--- a/src/lib/libssl/src/test/maketests.com
+++ b/src/lib/libssl/src/test/maketests.com
@@ -887,7 +887,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
887$! 887$!
888$! Show user the result 888$! Show user the result
889$! 889$!
890$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC 890$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
891$! 891$!
892$! Else The User Entered An Invalid Arguement. 892$! Else The User Entered An Invalid Arguement.
893$! 893$!
diff --git a/src/lib/libssl/src/test/tcrl.com b/src/lib/libssl/src/test/tcrl.com
index 2e6ab2814d..86bf9735aa 100644
--- a/src/lib/libssl/src/test/tcrl.com
+++ b/src/lib/libssl/src/test/tcrl.com
@@ -13,7 +13,9 @@ $ write sys$output "testing CRL conversions"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/testenc.com b/src/lib/libssl/src/test/testenc.com
index 3b66f2e0d0..c24fa388c0 100644
--- a/src/lib/libssl/src/test/testenc.com
+++ b/src/lib/libssl/src/test/testenc.com
@@ -9,7 +9,9 @@ $ test := p.txt
9$ cmd := mcr 'exe_dir'openssl 9$ cmd := mcr 'exe_dir'openssl
10$ 10$
11$ if f$search(test) .nes. "" then delete 'test';* 11$ if f$search(test) .nes. "" then delete 'test';*
12$ copy 'testsrc' 'test' 12$ convert/fdl=sys$input: 'testsrc' 'test'
13RECORD
14 FORMAT STREAM_LF
13$ 15$
14$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;* 16$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
15$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;* 17$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
diff --git a/src/lib/libssl/src/test/tpkcs7.com b/src/lib/libssl/src/test/tpkcs7.com
index 9e345937c6..047834fba4 100644
--- a/src/lib/libssl/src/test/tpkcs7.com
+++ b/src/lib/libssl/src/test/tpkcs7.com
@@ -13,7 +13,9 @@ $ write sys$output "testing PKCS7 conversions"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/tpkcs7d.com b/src/lib/libssl/src/test/tpkcs7d.com
index 7d4f8794a4..193bb72137 100644
--- a/src/lib/libssl/src/test/tpkcs7d.com
+++ b/src/lib/libssl/src/test/tpkcs7d.com
@@ -13,7 +13,9 @@ $ write sys$output "testing PKCS7 conversions (2)"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/treq.com b/src/lib/libssl/src/test/treq.com
index 22c22c3aa9..5524e485ba 100644
--- a/src/lib/libssl/src/test/treq.com
+++ b/src/lib/libssl/src/test/treq.com
@@ -13,7 +13,9 @@ $ write sys$output "testing req conversions"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/trsa.com b/src/lib/libssl/src/test/trsa.com
index 6b6c318e2b..6dbe59ef64 100644
--- a/src/lib/libssl/src/test/trsa.com
+++ b/src/lib/libssl/src/test/trsa.com
@@ -24,7 +24,9 @@ $ write sys$output "testing RSA conversions"
24$ if f$search("fff.*") .nes "" then delete fff.*;* 24$ if f$search("fff.*") .nes "" then delete fff.*;*
25$ if f$search("ff.*") .nes "" then delete ff.*;* 25$ if f$search("ff.*") .nes "" then delete ff.*;*
26$ if f$search("f.*") .nes "" then delete f.*;* 26$ if f$search("f.*") .nes "" then delete f.*;*
27$ copy 't' fff.p 27$ convert/fdl=sys$input: 't' fff.p
28RECORD
29 FORMAT STREAM_LF
28$ 30$
29$ write sys$output "p -> d" 31$ write sys$output "p -> d"
30$ 'cmd' -in fff.p -inform p -outform d -out f.d 32$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/tsid.com b/src/lib/libssl/src/test/tsid.com
index bde23f9bb9..abd1d4d737 100644
--- a/src/lib/libssl/src/test/tsid.com
+++ b/src/lib/libssl/src/test/tsid.com
@@ -13,7 +13,9 @@ $ write sys$output "testing session-id conversions"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/tx509.com b/src/lib/libssl/src/test/tx509.com
index 985969c566..7b2592f773 100644
--- a/src/lib/libssl/src/test/tx509.com
+++ b/src/lib/libssl/src/test/tx509.com
@@ -13,7 +13,9 @@ $ write sys$output "testing X509 conversions"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index 512185e257..7e5728495f 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -2792,3 +2792,4 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
2792ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: 2792ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
2793d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: 2793d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION:
2794EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES 2794EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES
2795X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO
diff --git a/src/lib/libssl/src/util/pod2mantest b/src/lib/libssl/src/util/pod2mantest
index e01c6192a7..412ca8d6d8 100644
--- a/src/lib/libssl/src/util/pod2mantest
+++ b/src/lib/libssl/src/util/pod2mantest
@@ -12,7 +12,8 @@
12 12
13IFS=: 13IFS=:
14if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi 14if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi
15try_without_dir=false 15
16try_without_dir=true
16# First we try "pod2man", then "$dir/pod2man" for each item in $PATH. 17# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
17for dir in dummy${IFS}$PATH; do 18for dir in dummy${IFS}$PATH; do
18 if [ "$try_without_dir" = true ]; then 19 if [ "$try_without_dir" = true ]; then
@@ -30,9 +31,16 @@ for dir in dummy${IFS}$PATH; do
30 if [ ! "$pod2man" = '' ]; then 31 if [ ! "$pod2man" = '' ]; then
31 failure=none 32 failure=none
32 33
34 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
35 :
36 else
37 failure=BasicTest
38 fi
33 39
34 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then 40 if [ "$failure" = none ]; then
35 failure=MultilineTest 41 if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
42 failure=MultilineTest
43 fi
36 fi 44 fi
37 45
38 46
@@ -46,9 +54,5 @@ for dir in dummy${IFS}$PATH; do
46done 54done
47 55
48echo "No working pod2man found. Consider installing a new version." >&2 56echo "No working pod2man found. Consider installing a new version." >&2
49if [ "$1" = ignore ]; then 57echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
50 echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 58echo "$1 ../../util/pod2man.pl"
51 echo "../../util/pod2man.pl"
52 exit 0
53fi
54exit 1
diff --git a/src/lib/libssl/test/dummytest.c b/src/lib/libssl/test/dummytest.c
index f98f003ef9..5b4467e042 100644
--- a/src/lib/libssl/test/dummytest.c
+++ b/src/lib/libssl/test/dummytest.c
@@ -8,7 +8,7 @@
8 8
9int main(int argc, char *argv[]) 9int main(int argc, char *argv[])
10 { 10 {
11 char *p, *q, *program; 11 char *p, *q = 0, *program;
12 12
13 p = strrchr(argv[0], '/'); 13 p = strrchr(argv[0], '/');
14 if (!p) p = strrchr(argv[0], '\\'); 14 if (!p) p = strrchr(argv[0], '\\');
@@ -34,7 +34,8 @@ int main(int argc, char *argv[])
34 } 34 }
35 35
36 for(p = program; *p; p++) 36 for(p = program; *p; p++)
37 if (islower(*p)) *p = toupper(*p); 37 if (islower((unsigned char)(*p)))
38 *p = toupper((unsigned char)(*p));
38 39
39 q = strstr(program, "TEST"); 40 q = strstr(program, "TEST");
40 if (q > p && q[-1] == '_') q--; 41 if (q > p && q[-1] == '_') q--;
diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com
index b3bf8bb837..91e859deab 100644
--- a/src/lib/libssl/test/maketests.com
+++ b/src/lib/libssl/test/maketests.com
@@ -887,7 +887,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
887$! 887$!
888$! Show user the result 888$! Show user the result
889$! 889$!
890$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC 890$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
891$! 891$!
892$! Else The User Entered An Invalid Arguement. 892$! Else The User Entered An Invalid Arguement.
893$! 893$!
diff --git a/src/lib/libssl/test/tcrl.com b/src/lib/libssl/test/tcrl.com
index 2e6ab2814d..86bf9735aa 100644
--- a/src/lib/libssl/test/tcrl.com
+++ b/src/lib/libssl/test/tcrl.com
@@ -13,7 +13,9 @@ $ write sys$output "testing CRL conversions"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/testenc.com b/src/lib/libssl/test/testenc.com
index 3b66f2e0d0..c24fa388c0 100644
--- a/src/lib/libssl/test/testenc.com
+++ b/src/lib/libssl/test/testenc.com
@@ -9,7 +9,9 @@ $ test := p.txt
9$ cmd := mcr 'exe_dir'openssl 9$ cmd := mcr 'exe_dir'openssl
10$ 10$
11$ if f$search(test) .nes. "" then delete 'test';* 11$ if f$search(test) .nes. "" then delete 'test';*
12$ copy 'testsrc' 'test' 12$ convert/fdl=sys$input: 'testsrc' 'test'
13RECORD
14 FORMAT STREAM_LF
13$ 15$
14$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;* 16$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
15$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;* 17$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
diff --git a/src/lib/libssl/test/tpkcs7.com b/src/lib/libssl/test/tpkcs7.com
index 9e345937c6..047834fba4 100644
--- a/src/lib/libssl/test/tpkcs7.com
+++ b/src/lib/libssl/test/tpkcs7.com
@@ -13,7 +13,9 @@ $ write sys$output "testing PKCS7 conversions"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/tpkcs7d.com b/src/lib/libssl/test/tpkcs7d.com
index 7d4f8794a4..193bb72137 100644
--- a/src/lib/libssl/test/tpkcs7d.com
+++ b/src/lib/libssl/test/tpkcs7d.com
@@ -13,7 +13,9 @@ $ write sys$output "testing PKCS7 conversions (2)"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/treq.com b/src/lib/libssl/test/treq.com
index 22c22c3aa9..5524e485ba 100644
--- a/src/lib/libssl/test/treq.com
+++ b/src/lib/libssl/test/treq.com
@@ -13,7 +13,9 @@ $ write sys$output "testing req conversions"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/trsa.com b/src/lib/libssl/test/trsa.com
index 6b6c318e2b..6dbe59ef64 100644
--- a/src/lib/libssl/test/trsa.com
+++ b/src/lib/libssl/test/trsa.com
@@ -24,7 +24,9 @@ $ write sys$output "testing RSA conversions"
24$ if f$search("fff.*") .nes "" then delete fff.*;* 24$ if f$search("fff.*") .nes "" then delete fff.*;*
25$ if f$search("ff.*") .nes "" then delete ff.*;* 25$ if f$search("ff.*") .nes "" then delete ff.*;*
26$ if f$search("f.*") .nes "" then delete f.*;* 26$ if f$search("f.*") .nes "" then delete f.*;*
27$ copy 't' fff.p 27$ convert/fdl=sys$input: 't' fff.p
28RECORD
29 FORMAT STREAM_LF
28$ 30$
29$ write sys$output "p -> d" 31$ write sys$output "p -> d"
30$ 'cmd' -in fff.p -inform p -outform d -out f.d 32$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/tsid.com b/src/lib/libssl/test/tsid.com
index bde23f9bb9..abd1d4d737 100644
--- a/src/lib/libssl/test/tsid.com
+++ b/src/lib/libssl/test/tsid.com
@@ -13,7 +13,9 @@ $ write sys$output "testing session-id conversions"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/tx509.com b/src/lib/libssl/test/tx509.com
index 985969c566..7b2592f773 100644
--- a/src/lib/libssl/test/tx509.com
+++ b/src/lib/libssl/test/tx509.com
@@ -13,7 +13,9 @@ $ write sys$output "testing X509 conversions"
13$ if f$search("fff.*") .nes "" then delete fff.*;* 13$ if f$search("fff.*") .nes "" then delete fff.*;*
14$ if f$search("ff.*") .nes "" then delete ff.*;* 14$ if f$search("ff.*") .nes "" then delete ff.*;*
15$ if f$search("f.*") .nes "" then delete f.*;* 15$ if f$search("f.*") .nes "" then delete f.*;*
16$ copy 't' fff.p 16$ convert/fdl=sys$input: 't' fff.p
17RECORD
18 FORMAT STREAM_LF
17$ 19$
18$ write sys$output "p -> d" 20$ write sys$output "p -> d"
19$ 'cmd' -in fff.p -inform p -outform d -out f.d 21$ 'cmd' -in fff.p -inform p -outform d -out f.d
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:49:58 +0000